From 09c6abcc83f46d59463eebdaa4dc7ad46614795f Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Tue, 28 Jan 2020 13:05:06 -0600 Subject: [PATCH 001/979] feat: add EC2 instance tags --- ScoutSuite/providers/aws/facade/ec2.py | 5 +++++ ScoutSuite/providers/aws/resources/ec2/instances.py | 3 ++- ScoutSuite/providers/aws/services.py | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index f37cdb400..1fe39a56a 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -180,6 +180,11 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): [flow_log for flow_log in self.flow_logs_cache[region] if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']] + async def get_and_set_ec2_instance_tags(self, raw_instance): + instance = {} + instance['tags'] = {x['Key']: x['Value'] for x in raw_instance['TagSet']} + return instance + async def get_peering_connections(self, region): try: peering_connections = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_vpc_peering_connections', 'VpcPeeringConnections') diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 3ab09aec5..6662d4900 100644 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -28,7 +28,7 @@ async def _parse_instance(self, raw_instance): get_name(raw_instance, instance, 'InstanceId') get_keys(raw_instance, instance, - ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId']) + ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId', 'TagSet']) instance['network_interfaces'] = {} for eni in raw_instance['NetworkInterfaces']: @@ -36,6 +36,7 @@ async def _parse_instance(self, raw_instance): get_keys(eni, nic, ['Association', 'Groups', 'PrivateIpAddresses', 'SubnetId', 'Ipv6Addresses']) instance['network_interfaces'][eni['NetworkInterfaceId']] = nic + instance['tags'] = self.facade.ec2.get_and_set_ec2_instance_tags(raw_instance) return id, instance @staticmethod diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index eba29977b..2629f976a 100644 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -48,8 +48,8 @@ class AWSServicesConfig(BaseServicesConfig): :ivar rds: RDS configuration :ivar redshift: Redshift configuration :ivar s3: S3 configuration - :ivar ses: SES configuration: - "ivar sns: SNS configuration + :ivar ses: SES configuration + :ivar sns: SNS configuration :ivar sqs: SQS configuration """ From 1959876581dd904c30723af0ed7ac92f3bd2714d Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Tue, 28 Jan 2020 15:33:45 -0600 Subject: [PATCH 002/979] fix: handle concurrently running ec2 tags --- ScoutSuite/providers/aws/facade/ec2.py | 8 +++++--- ScoutSuite/providers/aws/resources/ec2/instances.py | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 1fe39a56a..174111e04 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -180,9 +180,11 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): [flow_log for flow_log in self.flow_logs_cache[region] if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']] - async def get_and_set_ec2_instance_tags(self, raw_instance): - instance = {} - instance['tags'] = {x['Key']: x['Value'] for x in raw_instance['TagSet']} + async def get_and_set_ec2_instance_tags(self, raw_instance: {}): + if 'TagSet' in raw_instance: + instance = {'tags': {x['Key']: x['Value'] for x in raw_instance['TagSet']}} + else: + instance = {'tags': {}} return instance async def get_peering_connections(self, region): diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 6662d4900..42c6a0ae3 100644 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -36,7 +36,7 @@ async def _parse_instance(self, raw_instance): get_keys(eni, nic, ['Association', 'Groups', 'PrivateIpAddresses', 'SubnetId', 'Ipv6Addresses']) instance['network_interfaces'][eni['NetworkInterfaceId']] = nic - instance['tags'] = self.facade.ec2.get_and_set_ec2_instance_tags(raw_instance) + instance['tags'] = await self.facade.ec2.get_and_set_ec2_instance_tags(raw_instance) return id, instance @staticmethod From 7b9a9fe91a993fbad5da4b9333dc130dd5730b73 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Wed, 29 Jan 2020 06:21:58 -0600 Subject: [PATCH 003/979] fix: add other EC2 stuff for tagging --- ScoutSuite/providers/aws/facade/ec2.py | 9 ++++++++- ScoutSuite/providers/aws/resources/ec2/ami.py | 2 ++ ScoutSuite/providers/aws/resources/ec2/snapshots.py | 2 ++ ScoutSuite/providers/aws/resources/ec2/volumes.py | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 174111e04..d296a9cc2 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -94,12 +94,19 @@ async def get_network_interfaces(self, region: str, vpc: str): async def get_volumes(self, region: str): try: volumes = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_volumes', 'Volumes') - await get_and_set_concurrently([self._get_and_set_key_manager], volumes, region=region) + await get_and_set_concurrently([self._get_and_set_key_manager, self._get_and_set_volume_tags], volumes, region=region) return volumes except Exception as e: print_exception('Failed to get EC2 volumes: {}'.format(e)) return [] + async def _get_and_set_volume_tags(self, volume: {}, region: str): + if "Tags" in volume: + volume["tags"] = {x["Key"]: x["Value"] for x in volume["Tags"]} + else: + volume["tags"] = {} + return volume + async def _get_and_set_key_manager(self, volume: {}, region: str): kms_client = AWSFacadeUtils.get_client('kms', self.session, region) if 'KmsKeyId' in volume: diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index 2e8993643..2e0538846 100644 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -16,5 +16,7 @@ async def fetch_all(self): def _parse_image(self, raw_image): raw_image['id'] = raw_image['ImageId'] raw_image['name'] = raw_image['Name'] + if 'Tags' in raw_image: + raw_image['tags'] = {x["Key"]: x["Value"] for x in raw_image["Tags"]} return raw_image['id'], raw_image diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index d48b5f9e6..d3304dd56 100644 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -18,6 +18,8 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['id'] = raw_snapshot.pop('SnapshotId') raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) + if "Tags" in raw_snapshot: + raw_snapshot['tags'] = {x["Key"]: x["Value"] for x in raw_snapshot["Tags"]} return raw_snapshot['id'], raw_snapshot @staticmethod diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 6dec86616..9dc79b2da 100644 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -17,4 +17,6 @@ async def fetch_all(self): def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') + if "Tags" in raw_volume: + raw_volume['tags'] = {x["Key"]: x["Value"] for x in raw_volume["Tags"]} return raw_volume['id'], raw_volume From 9464c4afe2279592faaaf6a8bc17cd4193aca707 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Mon, 3 Feb 2020 13:03:31 -0600 Subject: [PATCH 004/979] fix: ec2 instances return Tags instead of TagSet --- ScoutSuite/providers/aws/facade/ec2.py | 4 ++-- ScoutSuite/providers/aws/resources/ec2/instances.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index d296a9cc2..2a4b1030a 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -188,8 +188,8 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']] async def get_and_set_ec2_instance_tags(self, raw_instance: {}): - if 'TagSet' in raw_instance: - instance = {'tags': {x['Key']: x['Value'] for x in raw_instance['TagSet']}} + if 'Tags' in raw_instance: + instance = {'tags': {x['Key']: x['Value'] for x in raw_instance['Tags']}} else: instance = {'tags': {}} return instance diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 42c6a0ae3..439c05050 100644 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -28,7 +28,7 @@ async def _parse_instance(self, raw_instance): get_name(raw_instance, instance, 'InstanceId') get_keys(raw_instance, instance, - ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId', 'TagSet']) + ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId', 'Tags']) instance['network_interfaces'] = {} for eni in raw_instance['NetworkInterfaces']: From b728ae1f16e3af297fc50a942c164644e36d76b6 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Tue, 4 Feb 2020 12:08:13 -0600 Subject: [PATCH 005/979] fix: remove double-nesting of 'tags' --- ScoutSuite/providers/aws/facade/ec2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 2a4b1030a..edc20d8c0 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -189,9 +189,9 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): async def get_and_set_ec2_instance_tags(self, raw_instance: {}): if 'Tags' in raw_instance: - instance = {'tags': {x['Key']: x['Value'] for x in raw_instance['Tags']}} + instance = {x['Key']: x['Value'] for x in raw_instance['Tags']} else: - instance = {'tags': {}} + instance = {} return instance async def get_peering_connections(self, region): From 8f97dd978a22410062a44b562d3990719e4be495 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Tue, 17 Mar 2020 11:05:55 +0100 Subject: [PATCH 006/979] Fixed unused import --- ScoutSuite/providers/aws/resources/secretsmanager/secrets.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py index 6a7a377bc..836d2f612 100755 --- a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py +++ b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py @@ -1,5 +1,3 @@ -import json - from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources From 52fd162defc5b6bd42b6ecafc50a4f69924e1383 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Thu, 19 Mar 2020 05:43:28 +0100 Subject: [PATCH 007/979] Added 2 rules for AWS CIS 1.2.0 and updated rules format --- .../iam-root-account-used-recently.json | 10 +- .../rules/findings/iam-user-without-mfa.json | 10 +- .../aws/rules/rulesets/cis-1.2.0.json | 164 ++++++++++++++++++ 3 files changed, 182 insertions(+), 2 deletions(-) create mode 100644 ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json index c199bd86f..4357a151e 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json @@ -1,7 +1,15 @@ { "description": "Root account used recently", - "path": "iam.credential_reports.id", + "rationale": "Description:

The use of the root account should be avoided.", + "remediation": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.1"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users"], "dashboard_name": "Root account", + "path": "iam.credential_reports.id", "conditions": [ "and", [ "iam.credential_reports.id.password_last_used", "notNull", "" ], [ "iam.credential_reports.id.password_last_used", "newerThan", ["90", "days"] ], diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json index 4e4cfb76b..1933d8e8a 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json @@ -1,7 +1,15 @@ { "description": "User without MFA", - "path": "iam.users.id", + "rationale": "Description:

All IAM users should have Multi Factor Authentication (MFA) enabled.", + "remediation": "Enable MFA for all users in the AWS account", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.2"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users"], "dashboard_name": "Users", + "path": "iam.users.id", "conditions": [ "and", [ "iam.users.id.", "withKey", "LoginProfile" ], [ "iam.users.id.MFADevices", "empty", "" ] diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json new file mode 100644 index 000000000..65808daba --- /dev/null +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -0,0 +1,164 @@ +{ + "about": "This ruleset attempts to cover as many recommendations from the CIS Amazon Web Services Foundation v1.0.0.", + "rules": { + "iam-root-account-used-recently.json": [ + { + "comment": "Recommendation 1.1", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "iam-user-without-mfa.json": [ + { + "comment": "Recommendation 1.2", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "cloudtrail-no-logging.json": [ + { + "comment": "Recommendation2,1 (part 2/2)", + "enabled": true, + "level": "danger" + } + ], + "cloudtrail-not-configured.json": [ + { + "comment": "Recommendation2.1 (part 1/2)", + "enabled": true, + "level": "danger" + } + ], + "ec2-default-security-group-with-rules.json": [ + { + "comment": "Recommendation4.4", + "enabled": true, + "level": "warning" + } + ], + "ec2-security-group-opens-known-port-to-all.json": [ + { + "args": [ + "SSH", + "TCP", + "22" + ], + "comment": "Recommendation4.1", + "enabled": true, + "level": "danger" + }, + { + "args": [ + "RDP", + "TCP", + "3389" + ], + "comment": "Recommendation4.2", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-expiration-threshold.json": [ + { + "args": [ + "90" + ], + "comment": "recommendation1.11", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-minimum-length.json": [ + { + "args": [ + "14" + ], + "comment": "recommendation1.9", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-no-lowercase-required.json": [ + { + "comment": "recommendation1.6", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-no-number-required.json": [ + { + "comment": "recommendation1.8", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-no-symbol-required.json": [ + { + "comment": "recommendation1.7", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-no-uppercase-required.json": [ + { + "comment": "recommendation1.5", + "enabled": true, + "level": "danger" + } + ], + "iam-password-policy-reuse-enabled.json": [ + { + "comment": "recommendation1.10", + "enabled": true, + "level": "danger" + } + ], + "iam-root-account-no-mfa.json": [ + { + "comment": "recommendation1.13 (partial: no check for hardware vs software)", + "enabled": true, + "level": "danger" + } + ], + "iam-root-account-with-active-keys.json": [ + { + "comment": "recommendation1.12", + "enabled": true, + "level": "danger" + } + ], + "iam-user-no-key-rotation.json": [ + { + "args": [ + "Active", + "90" + ], + "comment": "recommendation1.4", + "enabled": true, + "level": "danger" + } + ], + "iam-user-with-policies.json": [ + { + "args": [ + "inline", + "inline_policies" + ], + "comment": "Recommendation1.15 (part 1/2)", + "enabled": true, + "level": "danger" + }, + { + "args": [ + "managed", + "policies" + ], + "comment": "Recommendation1.15 (part 2/2)", + "enabled": true, + "level": "danger" + } + ] + } +} From 99afa13625337f63313c243a6af6532bc6425bec Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Fri, 20 Mar 2020 13:37:56 +0100 Subject: [PATCH 008/979] Added multiple IAM rules for AWS CIS Bencjmark 1.2.0 --- .../aws/services.iam.credential_reports.html | 14 +- .../aws/resources/iam/credentialreports.py | 9 + ...-password-policy-expiration-threshold.json | 14 +- .../iam-password-policy-minimum-length.json | 12 +- ...password-policy-no-lowercase-required.json | 10 +- ...am-password-policy-no-number-required.json | 10 +- ...am-password-policy-no-symbol-required.json | 10 +- ...password-policy-no-uppercase-required.json | 10 +- .../iam-password-policy-reuse-enabled.json | 12 +- .../findings/iam-root-account-no-mfa.json | 14 +- ...am-root-account-no-security-questions.json | 15 ++ .../iam-root-account-used-recently.json | 2 +- .../iam-root-account-with-active-keys.json | 11 +- .../iam-unused-credentials-not-disabled.json | 43 +++++ .../findings/iam-user-no-key-rotation.json | 13 +- .../findings/iam-user-with-policies.json | 11 +- .../rules/findings/iam-user-without-mfa.json | 2 +- .../aws/rules/rulesets/cis-1.2.0.json | 165 +++++++++++------- 18 files changed, 283 insertions(+), 94 deletions(-) create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index 7751382dc..d9fee4ebf 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -8,12 +8,16 @@

{{name}}

Credentials Report

Creation Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'user_creation_time')}}
Last Used Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'last_used')}}
-
Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
+
Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
+
Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
+
Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
-
Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
-
Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
-
Access Key 1 Last Used: {{format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
-
Access Key 2 Last Used: {{format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
+
Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
+
Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
+
Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
+
Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
+
Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
+
Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index c122234e3..79d640cac 100644 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -13,11 +13,20 @@ def _parse_credential_reports(self, raw_credential_report): user_id = raw_credential_report['user'] raw_credential_report['name'] = user_id raw_credential_report['id'] = user_id + raw_credential_report['password_enabled'] = raw_credential_report['password_enabled'] raw_credential_report['password_last_used'] = self._sanitize_date(raw_credential_report['password_last_used']) + raw_credential_report['password_last_changed'] =\ + self._sanitize_date(raw_credential_report['password_last_changed']) + raw_credential_report['access_key_1_active'] = raw_credential_report['access_key_1_active'] raw_credential_report['access_key_1_last_used_date'] =\ self._sanitize_date(raw_credential_report['access_key_1_last_used_date']) + raw_credential_report['access_key_1_last_rotated'] = \ + self._sanitize_date(raw_credential_report['access_key_1_last_rotated']) + raw_credential_report['access_key_2_active'] = raw_credential_report['access_key_2_active'] raw_credential_report['access_key_2_last_used_date'] =\ self._sanitize_date(raw_credential_report['access_key_2_last_used_date']) + raw_credential_report['access_key_2_last_rotated'] = \ + self._sanitize_date(raw_credential_report['access_key_2_last_rotated']) raw_credential_report['last_used'] = self._compute_last_used(raw_credential_report) return get_non_provider_id(user_id), raw_credential_report diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json index d97e11078..e770ab252 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json @@ -1,12 +1,20 @@ { "arg_names": [ "Maximum password age" ], "description": "Passwords expire after _ARG_0_ days", + "rationale": "Reducing passwords lifetime increases account resiliency against brute force login attempts.", + "remediation": "Enable password expiration and set the expiration period to 90 days or less", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.11"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.11"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.11"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials"], + "dashboard_name": "Password policy", "path": "iam.password_policy", "display_path": "iam.password_policy.MaxPasswordAge", - "id_suffix": "MaxPasswordAge", - "dashboard_name": "Password policy", "conditions": [ "or", [ "iam.password_policy.ExpirePasswords", "false", "" ], [ "iam.password_policy.MaxPasswordAge", "moreThan", "_ARG_0_" ] - ] + ], + "id_suffix": "MaxPasswordAge" } diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json index 8271a86cf..a0f39adcb 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json @@ -1,8 +1,16 @@ { "arg_names": [ "Minimum password length" ], - "description": "Minimum password length too short", - "path": "iam.password_policy.MinimumPasswordLength", + "description": "Password policy lacks minimum length requirement of _ARG_0_", + "rationale": "Requiring passwords to require a minimum length increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to require a minimum length", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.9"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.9"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.9"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.MinimumPasswordLength", "conditions": [ "or", [ "this", "lessThan", "_ARG_0_" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json index 64a1ea4db..53b840591 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json @@ -1,7 +1,15 @@ { "description": "Password policy lacks lowercase requirement", - "path": "iam.password_policy.RequireLowercaseCharacters", + "rationale": "Requiring passwords to include at least a lowercase letter increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to require at least one lowercase letter", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.6"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.6"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.6"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.RequireLowercaseCharacters", "conditions": [ "or", [ "this", "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json index 63abb9def..f73c106d8 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json @@ -1,7 +1,15 @@ { "description": "Password policy lacks number requirement", - "path": "iam.password_policy.RequireNumbers", + "rationale": "Requiring passwords to include at least one number increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to require at least one number", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.8"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.8"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.8"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.RequireNumbers", "conditions": [ "or", [ "this", "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json index 54c25be2e..a5e0980ab 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json @@ -1,7 +1,15 @@ { "description": "Password policy lacks symbol requirement", - "path": "iam.password_policy.RequireSymbols", + "rationale": "Requiring passwords to include at least one symbol increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to require at least one symbol", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.7"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.7"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.7"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.RequireSymbols", "conditions": [ "or", [ "this", "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json index 92aae8dc7..d48ca6c22 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json @@ -1,7 +1,15 @@ { "description": "Password policy lacks uppercase requirement", - "path": "iam.password_policy.RequireUppercaseCharacters", + "rationale": "Requiring passwords to include at least an uppercase letter increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to require at least one uppercase letter", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.5"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.5"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.5"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.RequireUppercaseCharacters", "conditions": [ "or", [ "this", "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json index f521d09ad..cc25f1563 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json @@ -1,7 +1,15 @@ { - "description": "Password reuse enabled", - "path": "iam.password_policy.PasswordReusePrevention", + "description": "Password policy allows the reuse of passwords", + "rationale": "Preventing password reuse increases account resiliency against brute force login attempts.", + "remediation": "Ensure the password policy is configured to prevent password reuse", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.10"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.10"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.10"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", + "path": "iam.password_policy.PasswordReusePrevention", "conditions": [ "or", [ "this", "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json index 999d13697..19982d1cc 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json @@ -1,7 +1,17 @@ { - "description": "Lack of MFA (root account)", - "path": "iam.credential_reports.id", + "description": "Root account without MFA", + "rationale": "The root account should have Multi Factor Authentication (MFA) enabled.", + "remediation": "Enable MFA for the root account", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.13"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.13"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.14"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.13"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.14"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials"], "dashboard_name": "Root account", + "path": "iam.credential_reports.id", "conditions": [ "and", [ "iam.credential_reports.id.mfa_active", "notTrue", "" ], [ "iam.credential_reports.id.name", "equal", "" ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json new file mode 100644 index 000000000..54eb91fe0 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json @@ -0,0 +1,15 @@ +{ + "description": "Root account has no security questions configured", + "rationale": "In the event that root account access is not possible, account recovery can be performed through authentication using secret questions and associated answers.", + "remediation": "Ensure the root account has the security questions and answers section configured", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.14"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.15"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.15"} + ], + "dashboard_name": "Users", + "path": "iam.credential_reports.id", + "conditions": [ "and", + [ "iam.credential_reports.id.name", "equal", "" ] + ] +} diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json index 4357a151e..88326ec5b 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json @@ -1,6 +1,6 @@ { "description": "Root account used recently", - "rationale": "Description:

The use of the root account should be avoided.", + "rationale": "The use of the root account should be avoided.", "remediation": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation", "compliance": [ {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.1"}, diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json index ac967d88e..8341c9790 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json @@ -1,8 +1,15 @@ { "description": "Root account has active keys", - "rationale": "Description:

AWS root account access keys should be deleted as they provide unrestricted access to the AWS Account.", - "path": "iam.credential_reports.id", + "rationale": "AWS root account access keys should be deleted as they provide unrestricted access to the AWS Account.", + "remediation": "Delete or disable active root account access keys", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.12"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.12"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.12"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials"], "dashboard_name": "Root account", + "path": "iam.credential_reports.id", "conditions": [ "and", [ "iam.credential_reports.id.name", "equal", "" ], [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json new file mode 100644 index 000000000..7c8e635c0 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -0,0 +1,43 @@ +{ + "arg_names": [ "Period" ], + "description": "Credentials unused for _ARG_0_ days or greater are not disabled", + "rationale": "Disabling or removing unnecessary credentials will reduce the window of opportunity for compromised accounts to be used.", + "remediation": "Ensure that all credentials (including passwords and access keys) have been used and changed in the last _ARG_0_ days", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.3"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.3"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.3"} + ], + "dashboard_name": "Users", + "path": "iam.credential_reports.id", + "conditions": [ "or", + [ "iam.credential_reports.id.password_enabled", "true", "" ], + [ + "and", + [ "iam.credential_reports.id.password_last_used", "moreThan", "_ARG_0_" ], + [ + "or", + [ "iam.credential_reports.id.password_last_changed", "moreThan", "_ARG_0_" ] + ] + ], + [ "iam.credential_reports.id.access_key_1_active", "true", "" ], + [ + "and", + [ "iam.credential_reports.id.access_key_1_last_used_date", "moreThan", "_ARG_0_" ], + [ + "or", + [ "iam.credential_reports.id.access_key_1_last_rotated", "moreThan", "_ARG_0_" ] + ] + ], + [ "iam.credential_reports.id.access_key_2_active", "true", "" ], + [ + "and", + [ "iam.credential_reports.id.access_key_2_last_used_date", "moreThan", "_ARG_0_" ], + [ + "or", + [ "iam.credential_reports.id.access_key_2_last_rotated", "moreThan", "_ARG_0_" ] + ] + ] + ], + "id_suffix": "unused_credentials" +} diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json index d19d94fc2..1247ce7cf 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json @@ -1,10 +1,17 @@ { "arg_names": [ "Key status", "Rotation period" ], - "description": "Lack of key rotation (_ARG_0_)", - "rationale": "Description:

In case of access key compromise, the lack of credential rotation increases the period during which an attacker has access to the AWS account", + "description": "Lack of key rotation for (_ARG_0_) days", + "rationale": "In case of access key compromise, the lack of credential rotation increases the period during which an attacker has access to the AWS account.", + "remediation": "Rotate access keys that have not been changed recently", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.4"} + ], + "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials"], "key": "iam-user-no-_ARG_0_-key-rotation.json", - "path": "iam.users.id.AccessKeys.id", "dashboard_name": "Access keys", + "path": "iam.users.id.AccessKeys.id", "display_path": "iam.users.id", "conditions": [ "and", [ "iam.users.id.AccessKeys.id.Status", "equal", "_ARG_0_" ], diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json index 469f0160a..d11a388d4 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json @@ -2,11 +2,18 @@ "arg_names": [ "Type of policy", "Path to policies" ], "key": "iam-user-with-_ARG_0_-policies", "description": "User with _ARG_0_ policies", - "path": "iam.users.id", + "rationale": "Assigning privileges at the user level increases the complexity of access management and the opportunity for a user to receive or retain excessive privileges.", + "remediation": "Ensure IAM policies are only attached to groups or roles", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.15"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.16"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.16"} + ], "dashboard_name": "Users", + "path": "iam.users.id", "conditions": [ "and", [ "iam.users.id.", "withKey", "_ARG_1_" ], [ "iam.users.id._ARG_1_", "notEmpty", "" ] ], "id_suffix": "_ARG_1_" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json index 1933d8e8a..40358d7c1 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json @@ -1,6 +1,6 @@ { "description": "User without MFA", - "rationale": "Description:

All IAM users should have Multi Factor Authentication (MFA) enabled.", + "rationale": "All IAM users should have Multi Factor Authentication (MFA) enabled.", "remediation": "Enable MFA for all users in the AWS account", "compliance": [ {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.2"}, diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 65808daba..b62ef9be7 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -1,5 +1,5 @@ { - "about": "This ruleset attempts to cover as many recommendations from the CIS Amazon Web Services Foundation v1.0.0.", + "about": "This ruleset attempts to cover as many recommendations from the CIS Amazon Web Services Foundation v1.2.0.", "rules": { "iam-root-account-used-recently.json": [ { @@ -17,57 +17,59 @@ "scored": true } ], - "cloudtrail-no-logging.json": [ + "iam-unused-credentials-not-disabled.json": [ { - "comment": "Recommendation2,1 (part 2/2)", + "args": [ + "90" + ], + "comment": "Recommendation 1.3", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "cloudtrail-not-configured.json": [ + "iam-user-no-key-rotation.json": [ { - "comment": "Recommendation2.1 (part 1/2)", + "args": [ + "Active", + "90" + ], + "comment": "Recommendation 1.4", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "ec2-default-security-group-with-rules.json": [ + "iam-password-policy-no-uppercase-required.json": [ { - "comment": "Recommendation4.4", + "comment": "Recommendation 1.5", "enabled": true, - "level": "warning" + "level": "danger", + "scored": true } ], - "ec2-security-group-opens-known-port-to-all.json": [ + "iam-password-policy-no-lowercase-required.json": [ { - "args": [ - "SSH", - "TCP", - "22" - ], - "comment": "Recommendation4.1", + "comment": "Recommendation 1.6", "enabled": true, - "level": "danger" - }, + "level": "danger", + "scored": true + } + ], + "iam-password-policy-no-symbol-required.json": [ { - "args": [ - "RDP", - "TCP", - "3389" - ], - "comment": "Recommendation4.2", + "comment": "Recommendation 1.7", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-expiration-threshold.json": [ + "iam-password-policy-no-number-required.json": [ { - "args": [ - "90" - ], - "comment": "recommendation1.11", + "comment": "Recommendation 1.8", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], "iam-password-policy-minimum-length.json": [ @@ -75,87 +77,116 @@ "args": [ "14" ], - "comment": "recommendation1.9", + "comment": "Recommendation 1.9", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-no-lowercase-required.json": [ + "iam-password-policy-reuse-enabled.json": [ { - "comment": "recommendation1.6", + "comment": "Recommendation 1.10", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-no-number-required.json": [ + "iam-password-policy-expiration-threshold.json": [ { - "comment": "recommendation1.8", + "args": [ + "90" + ], + "comment": "Recommendation 1.11", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-no-symbol-required.json": [ + "iam-root-account-with-active-keys.json": [ { - "comment": "recommendation1.7", + "comment": "Recommendation 1.12", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-no-uppercase-required.json": [ + "iam-root-account-no-mfa.json": [ { - "comment": "recommendation1.5", + "comment": "Recommendation 1.13 and 1.14 (it is not possible to check if MFA is hardware or software)", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], - "iam-password-policy-reuse-enabled.json": [ + "iam-root-account-no-security-questions.json": [ { - "comment": "recommendation1.10", + "comment": "Recommendation 1.15 (no API call to know if root account has security questions set)", + "enabled": false, + "level": "danger", + "scored": false + } + ], + "iam-user-with-policies.json": [ + { + "args": [ + "inline", + "inline_policies" + ], + "comment": "Recommendation 1.16 (Part 1/2)", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true + }, + { + "args": [ + "managed", + "policies" + ], + "comment": "Recommendation 1.16 (Part 2/2)", + "enabled": true, + "level": "danger", + "scored": true } ], - "iam-root-account-no-mfa.json": [ + "cloudtrail-no-logging.json": [ { - "comment": "recommendation1.13 (partial: no check for hardware vs software)", + "comment": "Recommendation2,1 (part 2/2)", "enabled": true, "level": "danger" } ], - "iam-root-account-with-active-keys.json": [ + "cloudtrail-not-configured.json": [ { - "comment": "recommendation1.12", + "comment": "Recommendation2.1 (part 1/2)", "enabled": true, "level": "danger" } ], - "iam-user-no-key-rotation.json": [ + "ec2-default-security-group-with-rules.json": [ { - "args": [ - "Active", - "90" - ], - "comment": "recommendation1.4", + "comment": "Recommendation4.4", "enabled": true, - "level": "danger" + "level": "warning" } ], - "iam-user-with-policies.json": [ + "ec2-security-group-opens-known-port-to-all.json": [ { "args": [ - "inline", - "inline_policies" + "SSH", + "TCP", + "22" ], - "comment": "Recommendation1.15 (part 1/2)", + "comment": "Recommendation4.1", "enabled": true, "level": "danger" }, { "args": [ - "managed", - "policies" + "RDP", + "TCP", + "3389" ], - "comment": "Recommendation1.15 (part 2/2)", + "comment": "Recommendation4.2", "enabled": true, "level": "danger" } From 0852793281a5924ae9d985809a7cb3b403280f69 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Fri, 20 Mar 2020 18:22:21 +0100 Subject: [PATCH 009/979] Completed all IAM rules for CIS Benchmark 1.2.0 --- .../aws/services.iam.credential_reports.html | 18 +++---- .../aws/resources/iam/credentialreports.py | 2 + ...managed-policy-allows-full-privileges.json | 16 ++++++ .../rules/findings/iam-no-support-role.json | 14 +++++ ...am-root-account-no-security-questions.json | 15 ------ .../iam-unused-credentials-not-disabled.json | 22 ++++---- ...-user-unused-access-key-initial-setup.json | 24 +++++++++ .../aws/rules/rulesets/cis-1.2.0.json | 52 ++++++++++++++++++- .../providers/aws/rules/rulesets/default.json | 15 ++++++ 9 files changed, 141 insertions(+), 37 deletions(-) create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json delete mode 100644 ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index d9fee4ebf..e4135e003 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -8,16 +8,16 @@

{{name}}

Credentials Report

Creation Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'user_creation_time')}}
Last Used Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'last_used')}}
-
Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
-
Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
-
Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
+
Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
+
Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
+
Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
-
Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
-
Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
-
Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
-
Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
-
Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
-
Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
+
Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
+
Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
+
Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
+
Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
+
Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
+
Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index 79d640cac..bea8a84ad 100644 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -28,6 +28,8 @@ def _parse_credential_reports(self, raw_credential_report): raw_credential_report['access_key_2_last_rotated'] = \ self._sanitize_date(raw_credential_report['access_key_2_last_rotated']) raw_credential_report['last_used'] = self._compute_last_used(raw_credential_report) + raw_credential_report['cert_1_active'] = raw_credential_report['cert_1_active'] + raw_credential_report['cert_2_active'] = raw_credential_report['cert_2_active'] return get_non_provider_id(user_id), raw_credential_report @staticmethod diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json new file mode 100644 index 000000000..983ea84ed --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -0,0 +1,16 @@ +{ + "description": "Managed policy allows full administrative privileges", + "rationale": "Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", + "remediation": "Ensure no managed policies are configured with Effect:Allow, Action:* and Resource:*", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.24"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.22"} + ], + "dashboard_name": "Policies", + "path": "iam.policies.id", + "conditions": [ "and", + [ "iam.policies.id.PolicyDocument.Statement.id.Effect", "equal", "Allow" ], + [ "iam.policies.id.PolicyDocument.Statement.id.Action", "containAction", "*" ], + [ "iam.policies.id.PolicyDocument.Statement.id.Resource", "containAtLeastOneOf", [ "*" ] ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json new file mode 100644 index 000000000..34ebda2d7 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json @@ -0,0 +1,14 @@ +{ + "description": "No authorized user to manage incidents with AWS Support", + "rationale": "There should be at least one user authorized to manage incidents with AWS Support.", + "remediation": "Attach the AWSSupportAccess to a role or group", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.22"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.20"} + ], + "dashboard_name": "Policies", + "path": "iam.policies.AWSSupportAccess", + "conditions": [ "and", + [ "iam.policies.AWSSupportAccess.attached_to", "notEmpty", "" ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json deleted file mode 100644 index 54eb91fe0..000000000 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-security-questions.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "description": "Root account has no security questions configured", - "rationale": "In the event that root account access is not possible, account recovery can be performed through authentication using secret questions and associated answers.", - "remediation": "Ensure the root account has the security questions and answers section configured", - "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.14"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.15"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.15"} - ], - "dashboard_name": "Users", - "path": "iam.credential_reports.id", - "conditions": [ "and", - [ "iam.credential_reports.id.name", "equal", "" ] - ] -} diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json index 7c8e635c0..27e58b5e1 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -1,5 +1,5 @@ { - "arg_names": [ "Period" ], + "arg_names": [ "Period in days" ], "description": "Credentials unused for _ARG_0_ days or greater are not disabled", "rationale": "Disabling or removing unnecessary credentials will reduce the window of opportunity for compromised accounts to be used.", "remediation": "Ensure that all credentials (including passwords and access keys) have been used and changed in the last _ARG_0_ days", @@ -11,33 +11,33 @@ "dashboard_name": "Users", "path": "iam.credential_reports.id", "conditions": [ "or", - [ "iam.credential_reports.id.password_enabled", "true", "" ], [ "and", - [ "iam.credential_reports.id.password_last_used", "moreThan", "_ARG_0_" ], + [ "iam.credential_reports.id.password_enabled", "true", "" ], [ "or", - [ "iam.credential_reports.id.password_last_changed", "moreThan", "_ARG_0_" ] + [ "iam.credential_reports.id.password_last_used", "olderThan", ["_ARG_0_", "days"] ], + [ "iam.credential_reports.id.password_last_changed", "olderThan", ["_ARG_0_", "days"] ] ] ], - [ "iam.credential_reports.id.access_key_1_active", "true", "" ], [ "and", - [ "iam.credential_reports.id.access_key_1_last_used_date", "moreThan", "_ARG_0_" ], + [ "iam.credential_reports.id.access_key_1_active", "true", "" ], [ "or", - [ "iam.credential_reports.id.access_key_1_last_rotated", "moreThan", "_ARG_0_" ] + [ "iam.credential_reports.id.access_key_1_last_used_date", "olderThan", ["_ARG_0_", "days"] ], + [ "iam.credential_reports.id.access_key_1_last_rotated", "olderThan", ["_ARG_0_", "days"] ] ] ], - [ "iam.credential_reports.id.access_key_2_active", "true", "" ], [ "and", - [ "iam.credential_reports.id.access_key_2_last_used_date", "moreThan", "_ARG_0_" ], + [ "iam.credential_reports.id.access_key_2_active", "true", "" ], [ "or", - [ "iam.credential_reports.id.access_key_2_last_rotated", "moreThan", "_ARG_0_" ] + [ "iam.credential_reports.id.access_key_2_last_used_date", "olderThan", ["_ARG_0_", "days"] ], + [ "iam.credential_reports.id.access_key_2_last_rotated", "olderThan", ["_ARG_0_", "days"] ] ] ] ], - "id_suffix": "unused_credentials" + "class_suffix": "unused_credentials" } diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json b/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json new file mode 100644 index 000000000..8d1af4841 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json @@ -0,0 +1,24 @@ +{ + "description": "Users with access keys created during initial setup and not used", + "rationale": "Not creating access keys during initial user setup will avoid unnecessary management work and give more control over keys used somewhere in the organization.", + "remediation": "Do not setup access keys during initial user setup. Instead, require users to create the keys themselves or put in a support ticket to have them created", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.23"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.21"} + ], + "dashboard_name": "Users", + "path": "iam.credential_reports.id", + "conditions": [ "or", + [ + "and", + [ "iam.credential_reports.id.access_key_1_active", "true", "" ], + [ "iam.credential_reports.id.access_key_1_last_used_date", "equal", "None" ] + ], + [ + "and", + [ "iam.credential_reports.id.access_key_2_active", "true", "" ], + [ "iam.credential_reports.id.access_key_2_last_used_date", "equal", "None" ] + ] + ], + "class_suffix": "unused_access_keys" +} diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index b62ef9be7..0760f7456 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -118,11 +118,11 @@ "scored": true } ], - "iam-root-account-no-security-questions.json": [ + "todo-recommendation-1-15.json": [ { "comment": "Recommendation 1.15 (no API call to know if root account has security questions set)", "enabled": false, - "level": "danger", + "level": "warning", "scored": false } ], @@ -148,6 +148,54 @@ "scored": true } ], + "todo-recommendation-1-17.json": [ + { + "comment": "Recommendation 1.17 (no API call to check contact details)", + "enabled": false, + "level": "warning", + "scored": false + } + ], + "todo-recommendation-1-18.json": [ + { + "comment": "Recommendation 1.18 (no API call to check security contact information)", + "enabled": false, + "level": "warning", + "scored": false + } + ], + "TODO.json": [ + { + "comment": "Recommendation 1.19 (TODO)", + "enabled": false, + "level": "warning", + "scored": false + } + ], + "iam-no-support-role.json": [ + { + "comment": "Recommendation 1.20", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "iam-user-unused-access-key-initial-setup.json": [ + { + "comment": "Recommendation 1.21", + "enabled": true, + "level": "warning", + "scored": false + } + ], + "iam-managed-policy-allows-full-privileges.json": [ + { + "comment": "Recommendation 1.22", + "enabled": true, + "level": "danger", + "scored": true + } + ], "cloudtrail-no-logging.json": [ { "comment": "Recommendation2,1 (part 2/2)", diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index 196c06b2b..375cdf039 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -513,6 +513,12 @@ "level": "danger" } ], + "iam-managed-policy-allows-full-privileges.json": [ + { + "enabled": true, + "level": "danger" + } + ], "iam-managed-policy-allows-NotActions.json": [ { "enabled": true, @@ -648,6 +654,15 @@ "level": "warning" } ], + "iam-unused-credentials-not-disabled.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "danger" + } + ], "iam-user-no-key-rotation.json": [ { "args": [ From 93eb9b8292b8104f1a7cb96b533d3d159f63e7d7 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Mon, 23 Mar 2020 18:12:23 +0100 Subject: [PATCH 010/979] Completed all Logging rules for CIS Benchmark 1.2.0 --- ...services.cloudtrail.regions.id.trails.html | 7 +- .../partials/aws/services.config.regions.html | 2 +- .../aws/services.kms.regions.id.keys.html | 2 +- .../cloudtrail-no-cloudwatch-integration.json | 22 ++++++ .../cloudtrail-no-encryption-with-kms.json | 19 +++++ .../cloudtrail-no-log-file-validation.json | 13 +++- .../rules/findings/cloudtrail-no-logging.json | 19 ++++- .../cloudtrail-s3-bucket-no-logging.json | 19 +++++ .../config-recorder-not-configured.json | 12 ++- .../findings/kms-key-rotation-disabled.json | 16 ++++ .../rules/findings/s3-bucket-no-logging.json | 4 +- .../findings/vpc-subnet-without-flow-log.json | 13 +++- .../aws/rules/rulesets/cis-1.2.0.json | 74 ++++++++++++++++++- 13 files changed, 198 insertions(+), 24 deletions(-) create mode 100644 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json create mode 100644 ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json create mode 100644 ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json create mode 100644 ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html index 98f112db2..ff27cd061 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html @@ -13,10 +13,10 @@

Information

{{/if}} {{#unless scout_link}} -
  • Logging: {{convert_bool_to_enabled IsLogging}}
    • +
  • Logging: {{convert_bool_to_enabled IsLogging}}
  • Start Logging Time: {{format_date StartLoggingTime}}
  • Stop Logging Time: {{format_date StopLoggingTime}}
    • -
  • Multi Region: {{convert_bool_to_enabled IsMultiRegionTrail}}
    • +
  • Multi Region: {{convert_bool_to_enabled IsMultiRegionTrail}}
  • Management Events: {{convert_bool_to_enabled ManagementEventsEnabled}}
  • Data Events: {{convert_bool_to_enabled DataEventsEnabled}}
  • Include Global Services: @@ -28,7 +28,8 @@

    Information

  • Destination S3 Bucket Name: {{getValueAt 'services.s3.buckets' bucket_id 'name'}}/{{S3KeyPrefix}}
  • Log File Validation Enabled: {{convert_bool_to_enabled LogFileValidationEnabled}}
    • -
  • KMS Key: {{#if KmsKeyId}} true {{else}} false {{/if}}
    • +
  • KMS Key: {{#if KmsKeyId}} true {{else}} false {{/if}}
    • +
  • Latest CloudWatch Logs Delivery Time: {{format_date LatestCloudWatchLogsDeliveryTime}}
    • {{/unless}} diff --git a/ScoutSuite/output/data/html/partials/aws/services.config.regions.html b/ScoutSuite/output/data/html/partials/aws/services.config.regions.html index 9c59be20b..bc2d48891 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.config.regions.html +++ b/ScoutSuite/output/data/html/partials/aws/services.config.regions.html @@ -7,7 +7,7 @@

    {{name}}

    Information

      -
    • Configured: +
    • AWS Config Recorder enabled: {{#ifPositive recorders_count}}true{{else}}false{{/ifPositive}} diff --git a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html index c06c5b44b..e69ae6c66 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html +++ b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html @@ -13,7 +13,7 @@

      Information

    • Description: {{value_or_none description}}
    • Creation Date: {{format_date creation_date}}
    • Status: {{convert_bool_to_enabled key_enabled}}
      • -
    • Rotation: {{convert_bool_to_enabled rotation_enabled}}
      • +
    • Rotation: {{convert_bool_to_enabled rotation_enabled}}
    • Origin: {{value_or_none origin}}
    • Key Manager: {{value_or_none key_manager}}
    diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json new file mode 100644 index 000000000..7571fff78 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json @@ -0,0 +1,22 @@ +{ + "description": "Trail is not integrated with CloudWatch", + "rationale": "The lack of integration with CloudWatch hinders ral-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", + "remediation": "Configure each Trail to have a CloudWatch Logs group attached", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.4"} + ], + "dashboard_name": "Trails", + "path": "cloudtrail.regions.id.trails.id", + "display_path": "cloudtrail.regions.id.trails.id", + "conditions": [ "and", + [ "cloudtrail.regions.id.trails.id.", "withKey", "LatestCloudWatchLogsDeliveryTime" ], + [ + "or", + [ "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", "null", "" ], + [ "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", "olderThan", ["1", "days"] ] + ] + ], + "id_suffix": "TrailCloudwatchNoIntegration" +} diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json new file mode 100644 index 000000000..ccf6ac041 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -0,0 +1,19 @@ +{ + "description": "CloudTrail logs not encrypted with KMS CMKs", + "rationale": "Not encrypting CloudTrail logs with SSE-KMS affects the confidentiality of the log data.", + "remediation": "Ensure each Trail is encrypted with a KMS key", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.7"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.7"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.7"} + ], + "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html"], + "dashboard_name": "Trails", + "path": "cloudtrail.regions.id.trails.id", + "display_path": "cloudtrail.regions.id.trails.id", + "conditions": [ "and", + [ "cloudtrail.regions.id.trails.id.", "withKey", "KMSKeyId" ], + [ "cloudtrail.regions.id.trails.id.KMSKeyId", "null", "" ] + ], + "id_suffix": "NoKMSEncryption" +} diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json index 087080fcd..b77e64dd4 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json @@ -1,8 +1,15 @@ { - "description": "Log file validation disabled", - "rationale": "Description:

    The lack of log file validation prevents from verifying the integrity of the log files.", - "path": "cloudtrail.regions.id.trails.id", + "description": "Log file validation is disabled", + "rationale": "The lack of log file validation prevents from verifying the integrity of CloudTrail log files.", + "remediation": "Ensure that each Trail has Enable log file validation set to Yes", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.2"} + ], + "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html"], "dashboard_name": "Trails", + "path": "cloudtrail.regions.id.trails.id", "display_path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", [ "cloudtrail.regions.id.trails.id.", "withKey", "LogFileValidationEnabled" ], diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json index f2ac77f76..14659ec16 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json @@ -1,11 +1,22 @@ { "description": "Logging disabled", - "rationale": "Description:

    Logging is disabled for a given Trail. Depending on the configuration, logs for important API activity may be missing.", - "path": "cloudtrail.regions.id.trails.id", + "rationale": "Logging is disabled for a given Trail. Depending on the configuration, logs for important API activity may be missing.", + "remediation": "Configure all Trails to enable Logging, set Apply trail to all regions and ensure that Read/Write Events are set to ALL", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.1"} + ], + "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html"], "dashboard_name": "Trails", + "path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", [ "cloudtrail.regions.id.trails.id.", "withKey", "IsLogging" ], - [ "cloudtrail.regions.id.trails.id.IsLogging", "false", "" ] + [ + "or", + [ "cloudtrail.regions.id.trails.id.IsLogging", "false", "" ], + [ "cloudtrail.regions.id.trails.id.IsMultiRegionTrail", "false", "" ] + ] ], - "id_suffix": "IsLogging" + "class_suffix": "IsLogging" } diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json new file mode 100644 index 000000000..d02387330 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json @@ -0,0 +1,19 @@ +{ + "description": "CloudTrail S3 bucket access logging is disabled", + "rationale": "The lack of S3 bucket logging prevents log information to be accessed in security and incident response workflows.", + "remediation": "Ensure that critical S3 buckets have Logging enabled", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.6"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.6"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.6"} + ], + "dashboard_name": "Buckets", + "path": "s3.buckets.id", + "conditions": [ "and", + [ "s3.buckets.id.policy.id.", "withKey", "Statement" ], + [ "s3.buckets.id.policy.id.Statement.id.", "withKey", "Principal" ], + [ "s3.buckets.id.policy.id.Statement.id.Principal.Service", "containString", "cloudtrail.amazonaws.com" ], + [ "s3.buckets.id.logging", "equal", "Disabled" ] + ], + "id_suffix": "logging" +} diff --git a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json index 88a4f48f0..daa9ad228 100644 --- a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json +++ b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json @@ -1,8 +1,14 @@ { - "description": "Not configured", - "rationale": "Description:

    No Config recorders are configured, which means that changes in AWS resource configuration are not logged.", - "path": "config.regions.id", + "description": "AWS Config not enabled", + "rationale": "No AWS Config recorders are configured, which means that changes in AWS resource configuration are not logged. This hinders security analysis, resource change tracking and compliance auditing.", + "remediation": "Enable AWS Config in all regions, define the resources you want to record in each region and include global resources (IAM resources)", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.5"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.5"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.5"} + ], "dashboard_name": "Regions", + "path": "config.regions.id", "conditions": [ "and", [ "recorders_count", "equal", "0" ] ], diff --git a/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json b/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json new file mode 100644 index 000000000..f6d73483f --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json @@ -0,0 +1,16 @@ +{ + "description": "CMK rotation is disabled", + "rationale": "Rotating encryption keys helps reduce the potential impact of a compromised key.", + "remediation": "For every Customer-created Master Key (CMK) ensure that Rotate this key every year is enabled", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.8"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.8"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.8"} + ], + "dashboard_name": "KMS", + "path": "kms.regions.id.keys.id", + "conditions": [ "and", + [ "kms.regions.id.keys.id.rotation_enabled", "false", "" ] + ], + "id_suffix": "CMKRotationDisabled" +} diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json index 723886bf4..35ee1e281 100644 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json @@ -1,6 +1,8 @@ { + "description": "S3 bucket access logging is disabled", + "rationale": "The lack of S3 bucket logging prevents log information to be accessed in security and incident response workflows.", + "remediation": "Ensure that S3 buckets have Logging enabled", "dashboard_name": "Buckets", - "description": "Bucket access logging disabled", "path": "s3.buckets.id", "conditions": [ "and", [ "s3.buckets.id.logging", "equal", "Disabled" ] diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json index d3b239dba..a54a95cdc 100644 --- a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json +++ b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json @@ -1,11 +1,16 @@ { "description": "Subnet without a flow log", - "rationale": "Description:

    Flow logs enable the investigatation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.

    References:
    • CIS Amazon Web Services Foundations v1.2.0 2.9
    ", - "path": "vpc.regions.id.vpcs.id.subnets.id", + "rationale": "Flow logs enable the investigation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.", + "remediation": "Create a flow log for each subnet.", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.9"} + ], + "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html"], "dashboard_name": "Subnets", - "id_suffix": "NoFlowLog", + "path": "vpc.regions.id.vpcs.id.subnets.id", "conditions": [ "or", [ "this", "withoutKey", "flow_logs"], [ "flow_logs", "empty", "" ] - ] + ], + "id_suffix": "NoFlowLog" } diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 0760f7456..88f9b97f0 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -198,16 +198,82 @@ ], "cloudtrail-no-logging.json": [ { - "comment": "Recommendation2,1 (part 2/2)", + "comment": "Recommendation 2.1 (Part 1/2)", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true } ], "cloudtrail-not-configured.json": [ { - "comment": "Recommendation2.1 (part 1/2)", + "comment": "Recommendation 2.1 (part 2/2)", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true + } + ], + "cloudtrail-no-log-file-validation.json": [ + { + "comment": "Recommendation 2.2", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "TODO_2.json": [ + { + "comment": "Recommendation 2.3", + "enabled": false, + "level": "danger", + "scored": true + } + ], + "cloudtrail-no-cloudwatch-integration.json": [ + { + "comment": "Recommendation 2.4", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "config-recorder-not-configured.json": [ + { + "comment": "Recommendation 2.5", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "s3-bucket-no-logging.json": [ + { + "comment": "Recommendation 2.6", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "cloudtrail-no-encryption-with-kms.json": [ + { + "comment": "Recommendation 2.7", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "kms-key-rotation-disabled.json": [ + { + "comment": "Recommendation 2.8", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "vpc-subnet-without-flow-log.json": [ + { + "comment": "Recommendation 2.9", + "enabled": true, + "level": "danger", + "scored": true } ], "ec2-default-security-group-with-rules.json": [ From fc02a86171b88c157f6fc68b9f92d9f0d0963741 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Tue, 24 Mar 2020 17:44:36 +0100 Subject: [PATCH 011/979] Completed all Networking rules for CIS Benchmark 1.2.0 --- ScoutSuite/providers/aws/facade/ec2.py | 8 ++++ .../providers/aws/resources/vpc/base.py | 4 +- .../aws/resources/vpc/route_tables.py | 19 +++++++++ .../ec2-default-security-group-in-use.json | 10 ++++- ...ec2-default-security-group-with-rules.json | 14 +++++-- .../ec2-route-tables-full-peering.json | 16 ++++++++ .../ec2-security-group-opens-port-to-all.json | 16 ++++++-- .../findings/vpc-subnet-without-flow-log.json | 2 + .../aws/rules/rulesets/cis-1.2.0.json | 41 ++++++++++++++----- 9 files changed, 109 insertions(+), 21 deletions(-) create mode 100644 ScoutSuite/providers/aws/resources/vpc/route_tables.py create mode 100644 ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 7eb73e60c..124ba4a9f 100644 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -195,3 +195,11 @@ async def get_peering_connections(self, region): except Exception as e: print_exception('Failed to get peering connections: {}'.format(e)) return [] + + async def get_route_tables(self, region): + try: + route_tables = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_route_tables', 'RouteTables') + return route_tables + except Exception as e: + print_exception('Failed to get route tables: {}'.format(e)) + return [] \ No newline at end of file diff --git a/ScoutSuite/providers/aws/resources/vpc/base.py b/ScoutSuite/providers/aws/resources/vpc/base.py index a35c3cc9d..f3eff169c 100644 --- a/ScoutSuite/providers/aws/resources/vpc/base.py +++ b/ScoutSuite/providers/aws/resources/vpc/base.py @@ -7,6 +7,7 @@ from .flow_logs import FlowLogs from .vpcs import RegionalVpcs from .peering_connections import PeeringConnections +from .route_tables import RouteTables known_cidrs = {'0.0.0.0/0': 'All'} aws_ip_ranges = {} @@ -16,7 +17,8 @@ class VPC(Regions): _children = [ (RegionalVpcs, 'vpcs'), (FlowLogs, 'flow_logs'), - (PeeringConnections, 'peering_connections'), + (PeeringConnections, 'peering_connections') + # (RouteTables, 'route_tables') ] def __init__(self, facade: AWSFacade): diff --git a/ScoutSuite/providers/aws/resources/vpc/route_tables.py b/ScoutSuite/providers/aws/resources/vpc/route_tables.py new file mode 100644 index 000000000..5699e4bb4 --- /dev/null +++ b/ScoutSuite/providers/aws/resources/vpc/route_tables.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources + + +class RouteTables(AWSResources): + def __init__(self, facade: AWSFacade, region: str): + super().__init__(facade) + self.facade = facade + self.region = region + + async def fetch_all(self): + raw_route_tables = await self.facade.ec2.get_route_tables(self.region) + for raw_route_table in raw_route_tables: + id, route_table = self._parse_route_tables(raw_route_table) + self[id] = route_table + + def _parse_route_tables(self, raw_route_table): + pass + # return route_table_id, raw_route_tables diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json index 70218aaf8..028b84bda 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json @@ -1,11 +1,17 @@ { "description": "Default security groups in use", - "path": "ec2.regions.id.vpcs.id.security_groups.id", + "rationale": "Resources in default security groups may be configured to allow all traffic.", + "remediation": "Ensure resources are not within default security groups. Instead, create a custom security group tailored to each resource needs.", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.3"} + ], "dashboard_name": "Security groups", + "path": "ec2.regions.id.vpcs.id.security_groups.id", "conditions": [ "and", [ "ec2.regions.id.vpcs.id.security_groups.id.name", "equal", "default" ], [ "ec2.regions.id.vpcs.id.security_groups.id.", "withKey", "used_by" ] - ], "id_suffix": "default_in_use" } diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json index afa6c1a7a..8161af833 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json @@ -1,12 +1,18 @@ { "description": "Non-empty rulesets for default security groups", - "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id", + "rationale": "Configuring all VPC default security groups to restrict all traffic will encourage least privilege principle.", + "remediation": "Ensure the default security group of every VPC restricts all traffic", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.4"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.3"} + ], "dashboard_name": "Rulesets", + "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id", + "display_path": "ec2.regions.id.vpcs.id.security_groups.id", "conditions": [ "and", [ "ec2.regions.id.vpcs.id.security_groups.id.name", "equal", "default" ], [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols", "notEmpty", "" ] - ], - "id_suffix": "default_with_rules", - "display_path": "ec2.regions.id.vpcs.id.security_groups.id" + "id_suffix": "default_with_rules" } diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json b/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json new file mode 100644 index 000000000..ffb1516db --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json @@ -0,0 +1,16 @@ +{ + "description": "Routing table with VPC peering", + "rationale": "Being highly selective in peering routing tables minimizes the impact of breach as resources outside of these routes are inaccessible to the peered VPC.", + "remediation": "Ensure route tables contain the least number of subnets or hosts as is required to accomplish the purpose for peering", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.5"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.4"} + ], + "dashboard_name": "Rulesets", + "path": "vpc.regions.id.peering_connections.id", + "display_path": "vpc.regions.id.peering_connections.peering_connections.id", + "conditions": [ "and", + [ "vpc.regions.id.peering_connections.peering_connection_id", "notNull", "" ] + ], + "id_suffix": "default_with_rules" +} diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json index 247682c5a..fa41cad27 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json @@ -1,14 +1,24 @@ { "arg_names": [ "Network transport protocol" ], "key": "ec2-security-group-opens-_ARG_0_-port-to-all", - "description": "_ARG_0_ port open to all", + "description": "Port _ARG_0_ open to all", + "rationale": "Open ports increase the server's exposure to risk.", + "remediation": "Remove the inbound rules that expose open ports", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.2"} + ], "dashboard_name": "Rules", "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR", "display_path": "ec2.regions.id.vpcs.id.security_groups.id", "conditions": [ "and", [ "_INCLUDE_(conditions/cidr-is-all.json)", "", ""], [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "equal", "ingress" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "_ARG_0_" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "containNoneOf", [ "22", "80", "443", "1433", "1521", "3306", "3389", "5432", "27017" ] ] + [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "_ARG_1_" ], + [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "equal", "_ARG_2_" ] ] } diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json index a54a95cdc..b7dbb6e55 100644 --- a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json +++ b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json @@ -3,6 +3,8 @@ "rationale": "Flow logs enable the investigation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.", "remediation": "Create a flow log for each subnet.", "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.3"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.3"}, {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.9"} ], "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html"], diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 88f9b97f0..3577423f2 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -276,13 +276,6 @@ "scored": true } ], - "ec2-default-security-group-with-rules.json": [ - { - "comment": "Recommendation4.4", - "enabled": true, - "level": "warning" - } - ], "ec2-security-group-opens-known-port-to-all.json": [ { "args": [ @@ -290,9 +283,10 @@ "TCP", "22" ], - "comment": "Recommendation4.1", + "comment": "Recommendation 4.1", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true }, { "args": [ @@ -300,9 +294,34 @@ "TCP", "3389" ], - "comment": "Recommendation4.2", + "comment": "Recommendation 4.2", "enabled": true, - "level": "danger" + "level": "danger", + "scored": true + } + ], + "ec2-default-security-group-with-rules.json": [ + { + "comment": "Recommendation 4.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "scored": "true" + } + ], + "ec2-default-security-group-in-use.json": [ + { + "comment": "Recommendation 4.3 (Part 2/2)", + "enabled": true, + "level": "danger", + "scored": "true" + } + ], + "ec2-route-tables-full-peering.json": [ + { + "comment": "Recommendation 4.4 TODO", + "enabled": false, + "level": "warning", + "scored": "false" } ] } From a708f37e660003b531fbc411f3bcdd2b4ab46714 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Tue, 24 Mar 2020 17:56:31 +0100 Subject: [PATCH 012/979] Restored EC2 finding edited by error and updated the format of the correct one --- ...2-security-group-opens-known-port-to-all.json | 12 +++++++++++- .../ec2-security-group-opens-port-to-all.json | 16 +++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json index 18d6b4ed0..5314c16f0 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json @@ -1,7 +1,17 @@ { "arg_names": [ "Network protocol name", "Transport protocol name", "Port number" ], "key": "ec2-security-group-opens-_ARG_0_-port-to-all", - "description": "_ARG_0_ port open to all", + "description": "Port _ARG_0_ open to all", + "rationale": "Open ports increase the server's exposure to risk.", + "remediation": "Remove the inbound rules that expose open ports", + "compliance": [ + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.2"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.1"}, + {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.2"} + ], "dashboard_name": "Rules", "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR", "display_path": "ec2.regions.id.vpcs.id.security_groups.id", diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json index fa41cad27..247682c5a 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json @@ -1,24 +1,14 @@ { "arg_names": [ "Network transport protocol" ], "key": "ec2-security-group-opens-_ARG_0_-port-to-all", - "description": "Port _ARG_0_ open to all", - "rationale": "Open ports increase the server's exposure to risk.", - "remediation": "Remove the inbound rules that expose open ports", - "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.2"} - ], + "description": "_ARG_0_ port open to all", "dashboard_name": "Rules", "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR", "display_path": "ec2.regions.id.vpcs.id.security_groups.id", "conditions": [ "and", [ "_INCLUDE_(conditions/cidr-is-all.json)", "", ""], [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "equal", "ingress" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "_ARG_1_" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "equal", "_ARG_2_" ] + [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "_ARG_0_" ], + [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "containNoneOf", [ "22", "80", "443", "1433", "1521", "3306", "3389", "5432", "27017" ] ] ] } From 5b1f148bf8f758561a5cb0b5cede54b97c04afa4 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 8 Apr 2020 11:44:31 +0200 Subject: [PATCH 013/979] Restore fix --- .../providers/aws/resources/iam/credentialreports.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index bea8a84ad..3331d6122 100755 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -10,9 +10,8 @@ async def fetch_all(self): self[name] = resource def _parse_credential_reports(self, raw_credential_report): - user_id = raw_credential_report['user'] - raw_credential_report['name'] = user_id - raw_credential_report['id'] = user_id + raw_credential_report['id'] = get_non_provider_id(raw_credential_report['user']) + raw_credential_report['name'] = raw_credential_report['user'] raw_credential_report['password_enabled'] = raw_credential_report['password_enabled'] raw_credential_report['password_last_used'] = self._sanitize_date(raw_credential_report['password_last_used']) raw_credential_report['password_last_changed'] =\ @@ -30,7 +29,7 @@ def _parse_credential_reports(self, raw_credential_report): raw_credential_report['last_used'] = self._compute_last_used(raw_credential_report) raw_credential_report['cert_1_active'] = raw_credential_report['cert_1_active'] raw_credential_report['cert_2_active'] = raw_credential_report['cert_2_active'] - return get_non_provider_id(user_id), raw_credential_report + return raw_credential_report['id'], raw_credential_report @staticmethod def _sanitize_date(date): From c2ab2612a69e866fdb123fa6c4e7de3e65a6117f Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 8 Apr 2020 11:45:45 +0200 Subject: [PATCH 014/979] Format findings --- .../cloudtrail-no-cloudwatch-integration.json | 48 +++++++-- .../cloudtrail-no-encryption-with-kms.json | 43 ++++++-- .../cloudtrail-no-log-file-validation.json | 43 ++++++-- .../rules/findings/cloudtrail-no-logging.json | 47 ++++++-- .../cloudtrail-s3-bucket-no-logging.json | 49 +++++++-- .../config-recorder-not-configured.json | 31 ++++-- .../ec2-default-security-group-in-use.json | 37 +++++-- ...ec2-default-security-group-with-rules.json | 39 +++++-- .../ec2-route-tables-full-peering.json | 27 +++-- ...ecurity-group-opens-known-port-to-all.json | 77 ++++++++++--- ...managed-policy-allows-full-privileges.json | 37 +++++-- .../rules/findings/iam-no-support-role.json | 23 +++- ...-password-policy-expiration-threshold.json | 47 ++++++-- .../iam-password-policy-minimum-length.json | 39 +++++-- ...password-policy-no-lowercase-required.json | 35 ++++-- ...am-password-policy-no-number-required.json | 35 ++++-- ...am-password-policy-no-symbol-required.json | 35 ++++-- ...password-policy-no-uppercase-required.json | 35 ++++-- .../iam-password-policy-reuse-enabled.json | 35 ++++-- .../findings/iam-root-account-no-mfa.json | 59 +++++++--- .../iam-root-account-used-recently.json | 50 +++++++-- .../iam-root-account-with-active-keys.json | 47 ++++++-- .../iam-unused-credentials-not-disabled.json | 101 +++++++++++++++--- .../findings/iam-user-no-key-rotation.json | 53 ++++++--- ...-user-unused-access-key-initial-setup.json | 43 ++++++-- .../findings/iam-user-with-policies.json | 42 ++++++-- .../rules/findings/iam-user-without-mfa.json | 43 ++++++-- .../findings/kms-key-rotation-disabled.json | 31 ++++-- .../rules/findings/s3-bucket-no-logging.json | 13 ++- .../findings/vpc-subnet-without-flow-log.json | 41 +++++-- 30 files changed, 1007 insertions(+), 278 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json index 7571fff78..4c309de02 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json @@ -1,22 +1,50 @@ { - "description": "Trail is not integrated with CloudWatch", + "description": "Trail Is Not Integrated with CloudWatch", "rationale": "The lack of integration with CloudWatch hinders ral-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", "remediation": "Configure each Trail to have a CloudWatch Logs group attached", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.4"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.4" + } ], "dashboard_name": "Trails", - "path": "cloudtrail.regions.id.trails.id", "display_path": "cloudtrail.regions.id.trails.id", - "conditions": [ "and", - [ "cloudtrail.regions.id.trails.id.", "withKey", "LatestCloudWatchLogsDeliveryTime" ], + "path": "cloudtrail.regions.id.trails.id", + "conditions": [ + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "LatestCloudWatchLogsDeliveryTime" + ], [ "or", - [ "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", "null", "" ], - [ "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", "olderThan", ["1", "days"] ] + [ + "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", + "null", + "" + ], + [ + "cloudtrail.regions.id.trails.id.LatestCloudWatchLogsDeliveryTime", + "olderThan", + [ + "1", + "days" + ] + ] ] ], "id_suffix": "TrailCloudwatchNoIntegration" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json index ccf6ac041..c78cca5f7 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -1,19 +1,42 @@ { - "description": "CloudTrail logs not encrypted with KMS CMKs", + "description": "CloudTrail Logs Not Encrypted with KMS CMKs", "rationale": "Not encrypting CloudTrail logs with SSE-KMS affects the confidentiality of the log data.", "remediation": "Ensure each Trail is encrypted with a KMS key", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.7"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.7"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.7"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.7" + } + ], + "references": [ + "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html" ], - "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html"], "dashboard_name": "Trails", - "path": "cloudtrail.regions.id.trails.id", "display_path": "cloudtrail.regions.id.trails.id", - "conditions": [ "and", - [ "cloudtrail.regions.id.trails.id.", "withKey", "KMSKeyId" ], - [ "cloudtrail.regions.id.trails.id.KMSKeyId", "null", "" ] + "path": "cloudtrail.regions.id.trails.id", + "conditions": [ + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "KMSKeyId" + ], + [ + "cloudtrail.regions.id.trails.id.KMSKeyId", + "null", + "" + ] ], "id_suffix": "NoKMSEncryption" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json index b77e64dd4..b46f3f22a 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json @@ -1,19 +1,42 @@ { - "description": "Log file validation is disabled", + "description": "Log File Validation Is Disabled", "rationale": "The lack of log file validation prevents from verifying the integrity of CloudTrail log files.", "remediation": "Ensure that each Trail has Enable log file validation set to Yes", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.2"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.2" + } + ], + "references": [ + "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html" ], - "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html"], "dashboard_name": "Trails", - "path": "cloudtrail.regions.id.trails.id", "display_path": "cloudtrail.regions.id.trails.id", - "conditions": [ "and", - [ "cloudtrail.regions.id.trails.id.", "withKey", "LogFileValidationEnabled" ], - [ "cloudtrail.regions.id.trails.id.LogFileValidationEnabled", "false", "" ] + "path": "cloudtrail.regions.id.trails.id", + "conditions": [ + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "LogFileValidationEnabled" + ], + [ + "cloudtrail.regions.id.trails.id.LogFileValidationEnabled", + "false", + "" + ] ], "id_suffix": "LogFileValidationDisabled" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json index 14659ec16..db884bbce 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json @@ -1,22 +1,49 @@ { - "description": "Logging disabled", + "description": "Logging Disabled", "rationale": "Logging is disabled for a given Trail. Depending on the configuration, logs for important API activity may be missing.", "remediation": "Configure all Trails to enable Logging, set Apply trail to all regions and ensure that Read/Write Events are set to ALL", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.1"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.1" + } + ], + "references": [ + "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html" ], - "references": ["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html"], "dashboard_name": "Trails", "path": "cloudtrail.regions.id.trails.id", - "conditions": [ "and", - [ "cloudtrail.regions.id.trails.id.", "withKey", "IsLogging" ], + "conditions": [ + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "IsLogging" + ], [ "or", - [ "cloudtrail.regions.id.trails.id.IsLogging", "false", "" ], - [ "cloudtrail.regions.id.trails.id.IsMultiRegionTrail", "false", "" ] + [ + "cloudtrail.regions.id.trails.id.IsLogging", + "false", + "" + ], + [ + "cloudtrail.regions.id.trails.id.IsMultiRegionTrail", + "false", + "" + ] ] ], "class_suffix": "IsLogging" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json index d02387330..74f121ccf 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json @@ -1,19 +1,48 @@ { - "description": "CloudTrail S3 bucket access logging is disabled", + "description": "CloudTrail S3 Bucket Access Logging Is Disabled", "rationale": "The lack of S3 bucket logging prevents log information to be accessed in security and incident response workflows.", "remediation": "Ensure that critical S3 buckets have Logging enabled", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.6"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.6"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.6"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.6" + } ], "dashboard_name": "Buckets", "path": "s3.buckets.id", - "conditions": [ "and", - [ "s3.buckets.id.policy.id.", "withKey", "Statement" ], - [ "s3.buckets.id.policy.id.Statement.id.", "withKey", "Principal" ], - [ "s3.buckets.id.policy.id.Statement.id.Principal.Service", "containString", "cloudtrail.amazonaws.com" ], - [ "s3.buckets.id.logging", "equal", "Disabled" ] + "conditions": [ + "and", + [ + "s3.buckets.id.policy.id.", + "withKey", + "Statement" + ], + [ + "s3.buckets.id.policy.id.Statement.id.", + "withKey", + "Principal" + ], + [ + "s3.buckets.id.policy.id.Statement.id.Principal.Service", + "containString", + "cloudtrail.amazonaws.com" + ], + [ + "s3.buckets.id.logging", + "equal", + "Disabled" + ] ], "id_suffix": "logging" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json index daa9ad228..3a1298db3 100755 --- a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json +++ b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json @@ -1,16 +1,33 @@ { - "description": "AWS Config not enabled", + "description": "AWS Config Not Enabled", "rationale": "No AWS Config recorders are configured, which means that changes in AWS resource configuration are not logged. This hinders security analysis, resource change tracking and compliance auditing.", "remediation": "Enable AWS Config in all regions, define the resources you want to record in each region and include global resources (IAM resources)", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.5"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.5"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.5"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.5" + } ], "dashboard_name": "Regions", "path": "config.regions.id", - "conditions": [ "and", - [ "recorders_count", "equal", "0" ] + "conditions": [ + "and", + [ + "recorders_count", + "equal", + "0" + ] ], "id_suffix": "NotConfigured" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json index 028b84bda..4bbc3eaa6 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json @@ -1,17 +1,38 @@ { - "description": "Default security groups in use", + "description": "Default Security Groups in Use", "rationale": "Resources in default security groups may be configured to allow all traffic.", "remediation": "Ensure resources are not within default security groups. Instead, create a custom security group tailored to each resource needs.", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.3"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "4.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "4.3" + } ], "dashboard_name": "Security groups", "path": "ec2.regions.id.vpcs.id.security_groups.id", - "conditions": [ "and", - [ "ec2.regions.id.vpcs.id.security_groups.id.name", "equal", "default" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.", "withKey", "used_by" ] + "conditions": [ + "and", + [ + "ec2.regions.id.vpcs.id.security_groups.id.name", + "equal", + "default" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.", + "withKey", + "used_by" + ] ], "id_suffix": "default_in_use" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json index 8161af833..8061c412c 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json @@ -1,18 +1,39 @@ { - "description": "Non-empty rulesets for default security groups", + "description": "Non-empty Rulesets for Default Security Groups", "rationale": "Configuring all VPC default security groups to restrict all traffic will encourage least privilege principle.", "remediation": "Ensure the default security group of every VPC restricts all traffic", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.3"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "4.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "4.3" + } ], "dashboard_name": "Rulesets", - "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "display_path": "ec2.regions.id.vpcs.id.security_groups.id", - "conditions": [ "and", - [ "ec2.regions.id.vpcs.id.security_groups.id.name", "equal", "default" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols", "notEmpty", "" ] + "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id", + "conditions": [ + "and", + [ + "ec2.regions.id.vpcs.id.security_groups.id.name", + "equal", + "default" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols", + "notEmpty", + "" + ] ], "id_suffix": "default_with_rules" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json b/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json index ffb1516db..5352a6b7d 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json @@ -1,16 +1,29 @@ { - "description": "Routing table with VPC peering", + "description": "Routing Table with VPC Peering", "rationale": "Being highly selective in peering routing tables minimizes the impact of breach as resources outside of these routes are inaccessible to the peered VPC.", "remediation": "Ensure route tables contain the least number of subnets or hosts as is required to accomplish the purpose for peering", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.5"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.4"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "4.4" + } ], "dashboard_name": "Rulesets", - "path": "vpc.regions.id.peering_connections.id", "display_path": "vpc.regions.id.peering_connections.peering_connections.id", - "conditions": [ "and", - [ "vpc.regions.id.peering_connections.peering_connection_id", "notNull", "" ] + "path": "vpc.regions.id.peering_connections.id", + "conditions": [ + "and", + [ + "vpc.regions.id.peering_connections.peering_connection_id", + "notNull", + "" + ] ], "id_suffix": "default_with_rules" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json index 5314c16f0..26b5239bb 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-known-port-to-all.json @@ -1,24 +1,69 @@ { - "arg_names": [ "Network protocol name", "Transport protocol name", "Port number" ], - "key": "ec2-security-group-opens-_ARG_0_-port-to-all", - "description": "Port _ARG_0_ open to all", + "description": "Port _ARG_0_ Open to All", "rationale": "Open ports increase the server's exposure to risk.", "remediation": "Remove the inbound rules that expose open ports", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "4.2"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "4.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "4.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "4.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "4.2" + } ], "dashboard_name": "Rules", - "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR", "display_path": "ec2.regions.id.vpcs.id.security_groups.id", - "conditions": [ "and", - [ "_INCLUDE_(conditions/cidr-is-all.json)", "", ""], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "equal", "ingress" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "_ARG_1_" ], - [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "equal", "_ARG_2_" ] + "path": "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id.cidrs.id.CIDR", + "conditions": [ + "and", + [ + "_INCLUDE_(conditions/cidr-is-all.json)", + "", + "" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.rules.id", + "equal", + "ingress" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", + "equal", + "_ARG_1_" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", + "equal", + "_ARG_2_" + ] + ], + "key": "ec2-security-group-opens-_ARG_0_-port-to-all", + "arg_names": [ + "Network protocol name", + "Transport protocol name", + "Port number" ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 983ea84ed..599b8e121 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -1,16 +1,39 @@ { - "description": "Managed policy allows full administrative privileges", + "description": "Managed Policy Allows Full Administrative Privileges", "rationale": "Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", "remediation": "Ensure no managed policies are configured with Effect:Allow, Action:* and Resource:*", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.24"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.22"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.24" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.22" + } ], "dashboard_name": "Policies", "path": "iam.policies.id", - "conditions": [ "and", - [ "iam.policies.id.PolicyDocument.Statement.id.Effect", "equal", "Allow" ], - [ "iam.policies.id.PolicyDocument.Statement.id.Action", "containAction", "*" ], - [ "iam.policies.id.PolicyDocument.Statement.id.Resource", "containAtLeastOneOf", [ "*" ] ] + "conditions": [ + "and", + [ + "iam.policies.id.PolicyDocument.Statement.id.Effect", + "equal", + "Allow" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id.Action", + "containAction", + "*" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id.Resource", + "containAtLeastOneOf", + [ + "*" + ] + ] ] } \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json index 34ebda2d7..d0b5fdfe1 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json @@ -1,14 +1,27 @@ { - "description": "No authorized user to manage incidents with AWS Support", + "description": "No Authorized User to Manage Incidents with AWS Support", "rationale": "There should be at least one user authorized to manage incidents with AWS Support.", "remediation": "Attach the AWSSupportAccess to a role or group", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.22"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.20"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.22" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.20" + } ], "dashboard_name": "Policies", "path": "iam.policies.AWSSupportAccess", - "conditions": [ "and", - [ "iam.policies.AWSSupportAccess.attached_to", "notEmpty", "" ] + "conditions": [ + "and", + [ + "iam.policies.AWSSupportAccess.attached_to", + "notEmpty", + "" + ] ] } \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json index e770ab252..573c932aa 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-expiration-threshold.json @@ -1,20 +1,45 @@ { - "arg_names": [ "Maximum password age" ], - "description": "Passwords expire after _ARG_0_ days", + "description": "Passwords Expire after _ARG_0_ Days", "rationale": "Reducing passwords lifetime increases account resiliency against brute force login attempts.", "remediation": "Enable password expiration and set the expiration period to 90 days or less", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.11"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.11"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.11"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.11" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.11" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.11" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials"], "dashboard_name": "Password policy", - "path": "iam.password_policy", "display_path": "iam.password_policy.MaxPasswordAge", - "conditions": [ "or", - [ "iam.password_policy.ExpirePasswords", "false", "" ], - [ "iam.password_policy.MaxPasswordAge", "moreThan", "_ARG_0_" ] + "path": "iam.password_policy", + "conditions": [ + "or", + [ + "iam.password_policy.ExpirePasswords", + "false", + "" + ], + [ + "iam.password_policy.MaxPasswordAge", + "moreThan", + "_ARG_0_" + ] + ], + "arg_names": [ + "Maximum password age" ], "id_suffix": "MaxPasswordAge" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json index a0f39adcb..a8344f22f 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json @@ -1,17 +1,38 @@ { - "arg_names": [ "Minimum password length" ], - "description": "Password policy lacks minimum length requirement of _ARG_0_", + "description": "Password Policy Lacks Minimum Length Requirement of _ARG_0_", "rationale": "Requiring passwords to require a minimum length increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to require a minimum length", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.9"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.9"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.9"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.9" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.9" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.9" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.MinimumPasswordLength", - "conditions": [ "or", - [ "this", "lessThan", "_ARG_0_" ] + "conditions": [ + "or", + [ + "this", + "lessThan", + "_ARG_0_" + ] + ], + "arg_names": [ + "Minimum password length" ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json index 53b840591..a191eea3b 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json @@ -1,16 +1,35 @@ { - "description": "Password policy lacks lowercase requirement", + "description": "Password Policy Lacks Lowercase Requirement", "rationale": "Requiring passwords to include at least a lowercase letter increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to require at least one lowercase letter", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.6"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.6"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.6"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.6" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireLowercaseCharacters", - "conditions": [ "or", - [ "this", "false", "" ] + "conditions": [ + "or", + [ + "this", + "false", + "" + ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json index f73c106d8..5e2b6d55e 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json @@ -1,16 +1,35 @@ { - "description": "Password policy lacks number requirement", + "description": "Password Policy Lacks Number Requirement", "rationale": "Requiring passwords to include at least one number increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to require at least one number", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.8"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.8"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.8"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.8" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireNumbers", - "conditions": [ "or", - [ "this", "false", "" ] + "conditions": [ + "or", + [ + "this", + "false", + "" + ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json index a5e0980ab..f89555856 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json @@ -1,16 +1,35 @@ { - "description": "Password policy lacks symbol requirement", + "description": "Password Policy Lacks Symbol Requirement", "rationale": "Requiring passwords to include at least one symbol increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to require at least one symbol", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.7"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.7"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.7"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.7" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireSymbols", - "conditions": [ "or", - [ "this", "false", "" ] + "conditions": [ + "or", + [ + "this", + "false", + "" + ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json index d48ca6c22..b1c250410 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json @@ -1,16 +1,35 @@ { - "description": "Password policy lacks uppercase requirement", + "description": "Password Policy Lacks Uppercase Requirement", "rationale": "Requiring passwords to include at least an uppercase letter increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to require at least one uppercase letter", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.5"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.5"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.5"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.5" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireUppercaseCharacters", - "conditions": [ "or", - [ "this", "false", "" ] + "conditions": [ + "or", + [ + "this", + "false", + "" + ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json index cc25f1563..4ecbdcce9 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-reuse-enabled.json @@ -1,16 +1,35 @@ { - "description": "Password policy allows the reuse of passwords", + "description": "Password Policy Allows the Reuse of Passwords", "rationale": "Preventing password reuse increases account resiliency against brute force login attempts.", "remediation": "Ensure the password policy is configured to prevent password reuse", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.10"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.10"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.10"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.10" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.10" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.10" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy"], "dashboard_name": "Password policy", "path": "iam.password_policy.PasswordReusePrevention", - "conditions": [ "or", - [ "this", "false", "" ] + "conditions": [ + "or", + [ + "this", + "false", + "" + ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json index 19982d1cc..76ecd5730 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json @@ -1,21 +1,54 @@ { - "description": "Root account without MFA", + "description": "Root Account without MFA", "rationale": "The root account should have Multi Factor Authentication (MFA) enabled.", "remediation": "Enable MFA for the root account", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.13"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.13"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.14"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.13"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.14"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.14" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.14" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials"], "dashboard_name": "Root account", "path": "iam.credential_reports.id", - "conditions": [ "and", - [ "iam.credential_reports.id.mfa_active", "notTrue", "" ], - [ "iam.credential_reports.id.name", "equal", "" ] + "conditions": [ + "and", + [ + "iam.credential_reports.id.mfa_active", + "notTrue", + "" + ], + [ + "iam.credential_reports.id.name", + "equal", + "" + ] + ], + "keys": [ + "this" ], - "id_suffix": "mfa_active", - "keys": [ "this" ] -} + "id_suffix": "mfa_active" +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json index 88326ec5b..67a028cac 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json @@ -1,19 +1,49 @@ { - "description": "Root account used recently", + "description": "Root Account Used Recently", "rationale": "The use of the root account should be avoided.", "remediation": "Follow the remediation instructions of the Ensure IAM policies are attached only to groups or roles recommendation", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.1"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.1"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.1" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users"], "dashboard_name": "Root account", "path": "iam.credential_reports.id", - "conditions": [ "and", - [ "iam.credential_reports.id.password_last_used", "notNull", "" ], - [ "iam.credential_reports.id.password_last_used", "newerThan", ["90", "days"] ], - [ "iam.credential_reports.id.name", "equal", "" ] + "conditions": [ + "and", + [ + "iam.credential_reports.id.password_last_used", + "notNull", + "" + ], + [ + "iam.credential_reports.id.password_last_used", + "newerThan", + [ + "90", + "days" + ] + ], + [ + "iam.credential_reports.id.name", + "equal", + "" + ] ], "id_suffix": "password_last_used" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json index 8341c9790..67a909bb1 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json @@ -1,21 +1,48 @@ { - "description": "Root account has active keys", + "description": "Root Account Has Active Keys", "rationale": "AWS root account access keys should be deleted as they provide unrestricted access to the AWS Account.", "remediation": "Delete or disable active root account access keys", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.12"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.12"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.12"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.12" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.12" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.12" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials"], "dashboard_name": "Root account", "path": "iam.credential_reports.id", - "conditions": [ "and", - [ "iam.credential_reports.id.name", "equal", "" ], + "conditions": [ + "and", + [ + "iam.credential_reports.id.name", + "equal", + "" + ], [ "or", - [ "iam.credential_reports.id.access_key_1_active", "true", "" ], - [ "iam.credential_reports.id.access_key_2_active", "true", "" ] + [ + "iam.credential_reports.id.access_key_1_active", + "true", + "" + ], + [ + "iam.credential_reports.id.access_key_2_active", + "true", + "" + ] ] ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json index 27e58b5e1..f53ae41dc 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -1,43 +1,112 @@ { - "arg_names": [ "Period in days" ], - "description": "Credentials unused for _ARG_0_ days or greater are not disabled", + "description": "Credentials Unused for _ARG_0_ Days or Greater Are Not Disabled", "rationale": "Disabling or removing unnecessary credentials will reduce the window of opportunity for compromised accounts to be used.", "remediation": "Ensure that all credentials (including passwords and access keys) have been used and changed in the last _ARG_0_ days", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.3"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.3"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.3"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.3" + } ], "dashboard_name": "Users", "path": "iam.credential_reports.id", - "conditions": [ "or", + "conditions": [ + "or", [ "and", - [ "iam.credential_reports.id.password_enabled", "true", "" ], + [ + "iam.credential_reports.id.password_enabled", + "true", + "" + ], [ "or", - [ "iam.credential_reports.id.password_last_used", "olderThan", ["_ARG_0_", "days"] ], - [ "iam.credential_reports.id.password_last_changed", "olderThan", ["_ARG_0_", "days"] ] + [ + "iam.credential_reports.id.password_last_used", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ], + [ + "iam.credential_reports.id.password_last_changed", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ] ] ], [ "and", - [ "iam.credential_reports.id.access_key_1_active", "true", "" ], + [ + "iam.credential_reports.id.access_key_1_active", + "true", + "" + ], [ "or", - [ "iam.credential_reports.id.access_key_1_last_used_date", "olderThan", ["_ARG_0_", "days"] ], - [ "iam.credential_reports.id.access_key_1_last_rotated", "olderThan", ["_ARG_0_", "days"] ] + [ + "iam.credential_reports.id.access_key_1_last_used_date", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ], + [ + "iam.credential_reports.id.access_key_1_last_rotated", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ] ] ], [ "and", - [ "iam.credential_reports.id.access_key_2_active", "true", "" ], + [ + "iam.credential_reports.id.access_key_2_active", + "true", + "" + ], [ "or", - [ "iam.credential_reports.id.access_key_2_last_used_date", "olderThan", ["_ARG_0_", "days"] ], - [ "iam.credential_reports.id.access_key_2_last_rotated", "olderThan", ["_ARG_0_", "days"] ] + [ + "iam.credential_reports.id.access_key_2_last_used_date", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ], + [ + "iam.credential_reports.id.access_key_2_last_rotated", + "olderThan", + [ + "_ARG_0_", + "days" + ] + ] ] ] ], + "arg_names": [ + "Period in days" + ], "class_suffix": "unused_credentials" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json index 1247ce7cf..9f453c540 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json @@ -1,20 +1,49 @@ { - "arg_names": [ "Key status", "Rotation period" ], - "description": "Lack of key rotation for (_ARG_0_) days", + "description": "Lack of Key Rotation for (_ARG_0_) Days", "rationale": "In case of access key compromise, the lack of credential rotation increases the period during which an attacker has access to the AWS account.", "remediation": "Rotate access keys that have not been changed recently", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.4"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.4"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.4" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#rotate-credentials"], - "key": "iam-user-no-_ARG_0_-key-rotation.json", "dashboard_name": "Access keys", - "path": "iam.users.id.AccessKeys.id", "display_path": "iam.users.id", - "conditions": [ "and", - [ "iam.users.id.AccessKeys.id.Status", "equal", "_ARG_0_" ], - [ "iam.users.id.AccessKeys.id.CreateDate", "olderThan", ["_ARG_1_", "days"] ] + "path": "iam.users.id.AccessKeys.id", + "conditions": [ + "and", + [ + "iam.users.id.AccessKeys.id.Status", + "equal", + "_ARG_0_" + ], + [ + "iam.users.id.AccessKeys.id.CreateDate", + "olderThan", + [ + "_ARG_1_", + "days" + ] + ] + ], + "key": "iam-user-no-_ARG_0_-key-rotation.json", + "arg_names": [ + "Key status", + "Rotation period" ] -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json b/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json index 8d1af4841..93a403720 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-unused-access-key-initial-setup.json @@ -1,24 +1,49 @@ { - "description": "Users with access keys created during initial setup and not used", + "description": "Users with Access Keys Created during Initial Setup and Not Used", "rationale": "Not creating access keys during initial user setup will avoid unnecessary management work and give more control over keys used somewhere in the organization.", "remediation": "Do not setup access keys during initial user setup. Instead, require users to create the keys themselves or put in a support ticket to have them created", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.23"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.21"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.23" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.21" + } ], "dashboard_name": "Users", "path": "iam.credential_reports.id", - "conditions": [ "or", + "conditions": [ + "or", [ "and", - [ "iam.credential_reports.id.access_key_1_active", "true", "" ], - [ "iam.credential_reports.id.access_key_1_last_used_date", "equal", "None" ] + [ + "iam.credential_reports.id.access_key_1_active", + "true", + "" + ], + [ + "iam.credential_reports.id.access_key_1_last_used_date", + "equal", + "None" + ] ], [ "and", - [ "iam.credential_reports.id.access_key_2_active", "true", "" ], - [ "iam.credential_reports.id.access_key_2_last_used_date", "equal", "None" ] + [ + "iam.credential_reports.id.access_key_2_active", + "true", + "" + ], + [ + "iam.credential_reports.id.access_key_2_last_used_date", + "equal", + "None" + ] ] ], "class_suffix": "unused_access_keys" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json index d11a388d4..c0a665d68 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-with-policies.json @@ -1,19 +1,43 @@ { - "arg_names": [ "Type of policy", "Path to policies" ], - "key": "iam-user-with-_ARG_0_-policies", - "description": "User with _ARG_0_ policies", + "description": "User with _ARG_0_ Policies", "rationale": "Assigning privileges at the user level increases the complexity of access management and the opportunity for a user to receive or retain excessive privileges.", "remediation": "Ensure IAM policies are only attached to groups or roles", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.15"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.16"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.16"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.15" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.16" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.16" + } ], "dashboard_name": "Users", "path": "iam.users.id", - "conditions": [ "and", - [ "iam.users.id.", "withKey", "_ARG_1_" ], - [ "iam.users.id._ARG_1_", "notEmpty", "" ] + "conditions": [ + "and", + [ + "iam.users.id.", + "withKey", + "_ARG_1_" + ], + [ + "iam.users.id._ARG_1_", + "notEmpty", + "" + ] + ], + "key": "iam-user-with-_ARG_0_-policies", + "arg_names": [ + "Type of policy", + "Path to policies" ], "id_suffix": "_ARG_1_" } \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json index 40358d7c1..a3b370b0a 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json @@ -3,19 +3,42 @@ "rationale": "All IAM users should have Multi Factor Authentication (MFA) enabled.", "remediation": "Enable MFA for all users in the AWS account", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "1.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.2"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.2"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.2" + } + ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users" ], - "references": ["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users"], "dashboard_name": "Users", "path": "iam.users.id", - "conditions": [ "and", - [ "iam.users.id.", "withKey", "LoginProfile" ], - [ "iam.users.id.MFADevices", "empty", "" ] + "conditions": [ + "and", + [ + "iam.users.id.", + "withKey", + "LoginProfile" + ], + [ + "iam.users.id.MFADevices", + "empty", + "" + ] ], - "id_suffix": "mfa_enabled", "keys": [ "iam.users.id.name" - ] -} + ], + "id_suffix": "mfa_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json b/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json index f6d73483f..a98b17b14 100644 --- a/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/kms-key-rotation-disabled.json @@ -1,16 +1,33 @@ { - "description": "CMK rotation is disabled", + "description": "CMK Rotation Is Disabled", "rationale": "Rotating encryption keys helps reduce the potential impact of a compromised key.", "remediation": "For every Customer-created Master Key (CMK) ensure that Rotate this key every year is enabled", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "2.8"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "2.8"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.8"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.8" + } ], "dashboard_name": "KMS", "path": "kms.regions.id.keys.id", - "conditions": [ "and", - [ "kms.regions.id.keys.id.rotation_enabled", "false", "" ] + "conditions": [ + "and", + [ + "kms.regions.id.keys.id.rotation_enabled", + "false", + "" + ] ], "id_suffix": "CMKRotationDisabled" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json index 35ee1e281..fbf11865d 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json @@ -1,11 +1,16 @@ { - "description": "S3 bucket access logging is disabled", + "description": "S3 Bucket Access Logging Is Disabled", "rationale": "The lack of S3 bucket logging prevents log information to be accessed in security and incident response workflows.", "remediation": "Ensure that S3 buckets have Logging enabled", "dashboard_name": "Buckets", "path": "s3.buckets.id", - "conditions": [ "and", - [ "s3.buckets.id.logging", "equal", "Disabled" ] + "conditions": [ + "and", + [ + "s3.buckets.id.logging", + "equal", + "Disabled" + ] ], "id_suffix": "logging" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json index b7dbb6e55..003925b81 100755 --- a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json +++ b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json @@ -1,18 +1,41 @@ { - "description": "Subnet without a flow log", + "description": "Subnet without a Flow Log", "rationale": "Flow logs enable the investigation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.", "remediation": "Create a flow log for each subnet.", "compliance": [ - {"name": "CIS Amazon Web Services Foundations", "version": "1.0.0", "reference": "4.3"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "4.3"}, - {"name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "2.9"} + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "4.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "4.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.9" + } + ], + "references": [ + "https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html" ], - "references": ["https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html"], "dashboard_name": "Subnets", "path": "vpc.regions.id.vpcs.id.subnets.id", - "conditions": [ "or", - [ "this", "withoutKey", "flow_logs"], - [ "flow_logs", "empty", "" ] + "conditions": [ + "or", + [ + "this", + "withoutKey", + "flow_logs" + ], + [ + "flow_logs", + "empty", + "" + ] ], "id_suffix": "NoFlowLog" -} +} \ No newline at end of file From b362c4d4b64a1c883c4540af8b86c2f66178e3d2 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 8 Apr 2020 11:53:20 +0200 Subject: [PATCH 015/979] Should be fixed --- .../findings/iam-managed-policy-allows-full-privileges.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 599b8e121..8b103b536 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -15,7 +15,8 @@ } ], "dashboard_name": "Policies", - "path": "iam.policies.id", + "display_path": "iam.policies.id", + "path": "iam.policies.id.PolicyDocument.Statement.id", "conditions": [ "and", [ @@ -24,7 +25,7 @@ "Allow" ], [ - "iam.policies.id.PolicyDocument.Statement.id.Action", + "iam.policies.id.PolicyDocument.Statement.id.", "containAction", "*" ], From 224edd819262a33d399ce47f508ac3fdf0cf7979 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 8 Apr 2020 12:02:47 +0200 Subject: [PATCH 016/979] Fix finding --- .../iam-unused-credentials-not-disabled.json | 64 ++++++++++++++----- 1 file changed, 48 insertions(+), 16 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json index f53ae41dc..60c63ee90 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -33,19 +33,35 @@ [ "or", [ - "iam.credential_reports.id.password_last_used", - "olderThan", + "and", [ - "_ARG_0_", - "days" + "iam.credential_reports.id.password_last_used", + "notNull", + "" + ], + [ + "iam.credential_reports.id.password_last_used", + "olderThan", + [ + "_ARG_0_", + "days" + ] ] ], [ - "iam.credential_reports.id.password_last_changed", - "olderThan", + "and", [ - "_ARG_0_", - "days" + "iam.credential_reports.id.password_last_changed", + "notNull", + "" + ], + [ + "iam.credential_reports.id.password_last_changed", + "olderThan", + [ + "_ARG_0_", + "days" + ] ] ] ] @@ -60,11 +76,19 @@ [ "or", [ - "iam.credential_reports.id.access_key_1_last_used_date", - "olderThan", + "and", [ - "_ARG_0_", - "days" + "iam.credential_reports.id.access_key_1_last_used_date", + "notNull", + "" + ], + [ + "iam.credential_reports.id.access_key_1_last_used_date", + "olderThan", + [ + "_ARG_0_", + "days" + ] ] ], [ @@ -87,11 +111,19 @@ [ "or", [ - "iam.credential_reports.id.access_key_2_last_used_date", - "olderThan", + "and", [ - "_ARG_0_", - "days" + "iam.credential_reports.id.access_key_2_last_used_date", + "notNull", + "" + ], + [ + "iam.credential_reports.id.access_key_2_last_used_date", + "olderThan", + [ + "_ARG_0_", + "days" + ] ] ], [ From 159c8dc61e6add27337e92decc96b2e7c155aeb8 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 8 Apr 2020 12:19:20 +0200 Subject: [PATCH 017/979] Fix finding --- .../aws/rules/findings/iam-no-support-role.json | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json index d0b5fdfe1..c10bf04ea 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json @@ -1,6 +1,6 @@ { "description": "No Authorized User to Manage Incidents with AWS Support", - "rationale": "There should be at least one user authorized to manage incidents with AWS Support.", + "rationale": "The arn:aws:iam::aws:policy/AWSSupportAccess AWS Managed Policy was not found to be attached to any principal. There should be at least one user authorized to manage incidents with AWS Support.", "remediation": "Attach the AWSSupportAccess to a role or group", "compliance": [ { @@ -15,13 +15,14 @@ } ], "dashboard_name": "Policies", - "path": "iam.policies.AWSSupportAccess", + "display_path": "iam.policies.id", + "path": "iam.policies.id.arn", "conditions": [ "and", [ - "iam.policies.AWSSupportAccess.attached_to", - "notEmpty", - "" + "this", + "notEqual", + "arn:aws:iam::aws:policy/AWSSupportAccess" ] ] } \ No newline at end of file From 1c182cfcd0a0cf87a74346c334f95486f794cd25 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Tue, 5 May 2020 17:07:29 +0200 Subject: [PATCH 018/979] ARN added to resources --- ScoutSuite/providers/aws/resources/cloudformation/stacks.py | 1 + ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py | 3 +++ ScoutSuite/providers/aws/resources/ec2/securitygroups.py | 3 +++ ScoutSuite/providers/aws/resources/ec2/snapshots.py | 3 +++ ScoutSuite/providers/aws/resources/ec2/volumes.py | 3 +++ ScoutSuite/providers/aws/resources/elasticache/cluster.py | 3 +++ ScoutSuite/providers/aws/resources/elb/load_balancers.py | 3 +++ ScoutSuite/providers/aws/resources/rds/instances.py | 3 +++ ScoutSuite/providers/aws/resources/route53/domains.py | 3 +++ 9 files changed, 25 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index dc81df735..0338e8308 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -21,6 +21,7 @@ def _parse_stack(self, raw_stack): raw_stack['drifted'] = raw_stack.pop('DriftInformation')[ 'StackDriftStatus'] == 'DRIFTED' raw_stack['termination_protection'] = raw_stack['EnableTerminationProtection'] + raw_stack['arn'] = raw_stack['id'] template = raw_stack.pop('template') raw_stack['deletion_policy'] = self.has_deletion_policy(template) diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py index a76930b2d..4e2691b18 100755 --- a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py +++ b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py @@ -16,4 +16,7 @@ async def fetch_all(self): def _parse_network_interface(self, raw_network_interface): raw_network_interface['name'] = raw_network_interface['NetworkInterfaceId'] + raw_network_interface['arn'] = 'arn:aws:ec2:{}:{}:network-interface/{}'.format(self.region, + raw_network_interface.get('OwnerId'), + raw_network_interface.get('NetworkInterfaceId')) return raw_network_interface['NetworkInterfaceId'], raw_network_interface diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index c6da28c3f..91c7311ae 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -22,6 +22,9 @@ def _parse_security_group(self, raw_security_group): security_group = {} security_group['name'] = raw_security_group['GroupName'] security_group['id'] = raw_security_group['GroupId'] + security_group['arn'] = 'arn:aws:ec2:{}:{}:security-group/{}'.format(self.region, + raw_security_group.get('OwnerId'), + raw_security_group.get('GroupId')) security_group['description'] = raw_security_group['Description'] security_group['owner_id'] = raw_security_group['OwnerId'] diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index d48b5f9e6..02a9b858a 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -18,6 +18,9 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['id'] = raw_snapshot.pop('SnapshotId') raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) + raw_snapshot['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), + raw_snapshot.get('OwnerId'), + raw_snapshot.get('GroupId')) return raw_snapshot['id'], raw_snapshot @staticmethod diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 6dec86616..e83156684 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -17,4 +17,7 @@ async def fetch_all(self): def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') + raw_volume['arn'] = 'arn:aws:ec2:{}:{}:volume/{}'.format(self.region, + raw_volume.get('id'), + raw_volume.get('name')) return raw_volume['id'], raw_volume diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index ecf4d9d70..c0d10307f 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -16,4 +16,7 @@ async def fetch_all(self): def _parse_cluster(self, raw_cluster): raw_cluster['name'] = raw_cluster.pop('CacheClusterId') + raw_cluster['arn'] = 'arn:aws:elasticache:{}:{}:cluster/{}'.format(self.region, + raw_cluster.get('OwnerId'), + raw_cluster.get('GroupId')) return raw_cluster['name'], raw_cluster diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py index 5e4ffff78..bd4c4dada 100755 --- a/ScoutSuite/providers/aws/resources/elb/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elb/load_balancers.py @@ -22,6 +22,9 @@ def _parse_load_balancer(self, raw_load_balancer): ['DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme', 'attributes']) load_balancer['security_groups'] = [] + load_balancer['arn'] = 'arn:aws:elb:{}:{}:load-balancer/{}'.format(self.region, + raw_load_balancer.get('OwnerId'), + raw_load_balancer.get('GroupId')) for sg in raw_load_balancer['SecurityGroups']: load_balancer['security_groups'].append({'GroupId': sg}) diff --git a/ScoutSuite/providers/aws/resources/rds/instances.py b/ScoutSuite/providers/aws/resources/rds/instances.py index c2e8abb85..01ceadac0 100755 --- a/ScoutSuite/providers/aws/resources/rds/instances.py +++ b/ScoutSuite/providers/aws/resources/rds/instances.py @@ -24,6 +24,9 @@ def _parse_instance(self, raw_instance): instance[key] = raw_instance[key] if key in raw_instance else None instance['is_read_replica'] = self._is_read_replica(raw_instance) + instance['arn'] = 'arn:aws:rds:{}:{}:instance/{}'.format(self.region, + raw_instance.get('OwnerId'), + raw_instance.get('GroupId')) return instance['name'], instance @staticmethod diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index ee86434f5..664116703 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -21,4 +21,7 @@ def _parse_domain(self, raw_domain): domain_dict['auto_renew'] = raw_domain.get('AutoRenew') domain_dict['transfer_lock'] = raw_domain.get('TransferLock') domain_dict['expiry'] = raw_domain.get('Expiry') + domain_dict['arn'] = 'arn:aws:route53:{}:{}:domain/{}'.format(self.region, + raw_domain.get('OwnerId'), + domain_dict.get('id')) return domain_dict['id'], domain_dict From 4c4e8bb8f0bff8aed66154472745c6d38f29ccc9 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Wed, 6 May 2020 17:37:29 +0200 Subject: [PATCH 019/979] Fixed some account id and bugs --- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 4 ++-- ScoutSuite/providers/aws/resources/ec2/volumes.py | 2 +- ScoutSuite/providers/aws/resources/elasticache/cluster.py | 4 ++-- ScoutSuite/providers/aws/resources/elb/load_balancers.py | 4 ++-- ScoutSuite/providers/aws/resources/rds/instances.py | 4 ++-- ScoutSuite/providers/aws/resources/route53/domains.py | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 02a9b858a..591f00daa 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -19,8 +19,8 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) raw_snapshot['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), - raw_snapshot.get('OwnerId'), - raw_snapshot.get('GroupId')) + self.facade.owner_id, + raw_snapshot.get('name')) return raw_snapshot['id'], raw_snapshot @staticmethod diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index e83156684..5f82d34bb 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -18,6 +18,6 @@ def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') raw_volume['arn'] = 'arn:aws:ec2:{}:{}:volume/{}'.format(self.region, - raw_volume.get('id'), + self.facade.owner_id, raw_volume.get('name')) return raw_volume['id'], raw_volume diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index c0d10307f..6b2661bd0 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -17,6 +17,6 @@ async def fetch_all(self): def _parse_cluster(self, raw_cluster): raw_cluster['name'] = raw_cluster.pop('CacheClusterId') raw_cluster['arn'] = 'arn:aws:elasticache:{}:{}:cluster/{}'.format(self.region, - raw_cluster.get('OwnerId'), - raw_cluster.get('GroupId')) + self.facade.owner_id, + raw_cluster.get('name')) return raw_cluster['name'], raw_cluster diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py index bd4c4dada..de3abf5f3 100755 --- a/ScoutSuite/providers/aws/resources/elb/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elb/load_balancers.py @@ -23,8 +23,8 @@ def _parse_load_balancer(self, raw_load_balancer): load_balancer['security_groups'] = [] load_balancer['arn'] = 'arn:aws:elb:{}:{}:load-balancer/{}'.format(self.region, - raw_load_balancer.get('OwnerId'), - raw_load_balancer.get('GroupId')) + self.facade.owner_id, + raw_load_balancer.get('LoadBalancerName')) for sg in raw_load_balancer['SecurityGroups']: load_balancer['security_groups'].append({'GroupId': sg}) diff --git a/ScoutSuite/providers/aws/resources/rds/instances.py b/ScoutSuite/providers/aws/resources/rds/instances.py index 01ceadac0..b68419280 100755 --- a/ScoutSuite/providers/aws/resources/rds/instances.py +++ b/ScoutSuite/providers/aws/resources/rds/instances.py @@ -25,8 +25,8 @@ def _parse_instance(self, raw_instance): instance['is_read_replica'] = self._is_read_replica(raw_instance) instance['arn'] = 'arn:aws:rds:{}:{}:instance/{}'.format(self.region, - raw_instance.get('OwnerId'), - raw_instance.get('GroupId')) + self.facade.owner_id, + raw_instance.get('DbiResourceId')) return instance['name'], instance @staticmethod diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index 664116703..943b14ee9 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -22,6 +22,6 @@ def _parse_domain(self, raw_domain): domain_dict['transfer_lock'] = raw_domain.get('TransferLock') domain_dict['expiry'] = raw_domain.get('Expiry') domain_dict['arn'] = 'arn:aws:route53:{}:{}:domain/{}'.format(self.region, - raw_domain.get('OwnerId'), + self.facade.owner_id, domain_dict.get('id')) return domain_dict['id'], domain_dict From 236fb25136dc25918afce3fc2e846f92102313d9 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Thu, 7 May 2020 16:58:18 +0200 Subject: [PATCH 020/979] Added template for CIS 1.2.0 Monitoring rules. --- .../logs-no-alarm-IAM-policy-changes.json | 32 +++++ ...gs-no-alarm-aws-configuration-changes.json | 32 +++++ ...larm-cloudtrail-configuration-changes.json | 32 +++++ .../findings/logs-no-alarm-cmk-deletion.json | 32 +++++ ...alarm-console-authentication-failures.json | 32 +++++ .../findings/logs-no-alarm-nacl-changes.json | 32 +++++ ...ogs-no-alarm-network-gateways-changes.json | 32 +++++ .../findings/logs-no-alarm-root-usage.json | 32 +++++ .../logs-no-alarm-route-table-changes.json | 32 +++++ .../logs-no-alarm-s3-policy-changes.json | 32 +++++ .../logs-no-alarm-security-group-changes.json | 32 +++++ .../logs-no-alarm-signin-without-mfa.json | 32 +++++ .../logs-no-alarm-unauthorized-api-calls.json | 32 +++++ .../findings/logs-no-alarm-vpc-changes.json | 32 +++++ .../aws/rules/rulesets/cis-1.2.0.json | 112 ++++++++++++++++++ 15 files changed, 560 insertions(+) create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json create mode 100644 ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json new file mode 100644 index 000000000..df7fa442c --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for IAM policy changes", + "rationale": "There was no CloudWatch alarm to monitor IAM policy changes. Monitoring for IAM policy changes will help ensure authentication and authorization control remain intact.", + "remediation": "Enable a CloudWatch alarm to monitor the usage of the root account.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.4" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.4" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json new file mode 100644 index 000000000..78800b96e --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for AWS configuration changes", + "rationale": "There was no CloudWatch alarm to monitor AWS configuration changes. Monitoring for AWS configuration changes will help ensure sustained visibility to changes performed in the AWS account.", + "remediation": "Enable a CloudWatch alarm to detect AWS configuration changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.9" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.9" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.9" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json new file mode 100644 index 000000000..a5cb35480 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for CloudTrail configuration changes", + "rationale": "There was no CloudWatch alarm to monitor CloudTrail configuration changes. Monitoring for CloudTrail policy changes will help ensure sustained visibility to activities performed in the AWS account.", + "remediation": "Enable a CloudWatch alarm to monitor CloudTrail configuration changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.5" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.5" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json new file mode 100644 index 000000000..cd06e1325 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for disabled or deleted master keys", + "rationale": "There was no CloudWatch alarm to alert about disabled or deleted master keys. Monitoring for disabled or deleted master keys can prevent permanent loss of data encrypted with such keys.", + "remediation": "Enable a CloudWatch alarm to detect recently disabled or deleted master keys.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.7" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.7" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json new file mode 100644 index 000000000..23ecfb861 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for failed console authentications", + "rationale": "There was no CloudWatch alarm for failed console authentication requests. Monitoring for failed console authentications can decrease the lead time to detect brute force attacks.", + "remediation": "Enable a CloudWatch alarm to monitor failed authentication attempts.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.6" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.6" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json new file mode 100644 index 000000000..c2b02d43e --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for Network Access Control Lists changes", + "rationale": "There was no CloudWatch alarm to detect changes to NACL. Monitoring for NACL changes will help ensure that no service or resource is unintentionally exposed.", + "remediation": "Enable a CloudWatch alarm to detect NACL changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.11" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.11" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.11" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json new file mode 100644 index 000000000..f17a876ca --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for network gateways changes", + "rationale": "There was no CloudWatch alarm to monitor changes in network gateways. Monitoring for network gateways changes will help ensure that all traffic traverses the VPC border via a controlled path.", + "remediation": "Enable a CloudWatch alarm to detect network gateways changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.12" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.12" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.12" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json new file mode 100644 index 000000000..5bf7e979a --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for root account usage", + "rationale": "There was no CloudWatch alarm for the usage of the root account. Monitoring for root account log ins will provide visibility into the use of a fully privileged account.", + "remediation": "Enable a CloudWatch alarm to monitor the usage of the root account.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.3" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json new file mode 100644 index 000000000..9cc890405 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for route table changes", + "rationale": "There was no CloudWatch alarm to monitor changes in route tables. Monitoring for route table changes will help ensure that all VPC traffic flows thorough an expected path.", + "remediation": "Enable a CloudWatch alarm to detect route table changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.13" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json new file mode 100644 index 000000000..d79fc807d --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for S3 bucket policy changes", + "rationale": "There was no CloudWatch alarm to detect changes in S3 bucket policy changes. Monitoring for changes in S3 bucket policy changes may reduce the time to detect and fix permissive policies on sensitive S3 buckets.", + "remediation": "Enable a CloudWatch alarm to detect policy changes in S3 buckets.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.8" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.8" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json new file mode 100644 index 000000000..c85c457f0 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for security group changes", + "rationale": "There was no CloudWatch alarm to monitor changes to security groups. Monitoring for security group changes will help ensure that no service or resource is unintentionally exposed.", + "remediation": "Enable a CloudWatch alarm to monitor security group changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.10" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.10" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.10" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json new file mode 100644 index 000000000..1d4508738 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for console log ins without MFA", + "rationale": "There was no CloudWatch alarm for console log ins without MFA. Monitoring for console log ins without MFA will provide visibility into the use of accounts not protected by Multi Factor Authentication (MFA).", + "remediation": "Enable a CloudWatch alarm to monitor console log ins without MFA.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.2" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.2" + } + ], + "dashboard_name": "Logs", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json new file mode 100644 index 000000000..4a5b7dd6d --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for unauthorized API calls", + "rationale": "There was no CloudWatch alarm for unauthorized API calls. Monitoring for unauthorized API calls helps reveal application errors and detect malicious activity.", + "remediation": "Enable a CloudWatch alarm to monitor unauthorized API calls.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.1" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.1" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json new file mode 100644 index 000000000..44632cdec --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json @@ -0,0 +1,32 @@ +{ + "description": "No CloudWatch alarm for VPC changes", + "rationale": "There was no CloudWatch alarm to monitor VPC changes. Monitoring for VPC changes will help ensure authentication and authorization controls remain intact.", + "remediation": "Enable a CloudWatch alarm to detect VPC changes.", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "3.14" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "3.14" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "3.14" + } + ], + "dashboard_name": "Cloudwatch", + "path": "cloudwatch.regions.id.alarms.id", + "conditions": [ + "and", + [ + "cloudwatch.regions.id.alarms.id.AlarmActions", + "empty", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 3577423f2..27a0c6da7 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -276,6 +276,118 @@ "scored": true } ], + "logs-no-alarm-unauthorized-api-calls.json": [ + { + "comment": "Recommendation 3.1", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-signin-without-mfa.json": [ + { + "comment": "Recommendation 3.2", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-root-usage.json": [ + { + "comment": "Recommendation 3.3", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-IAM-policy-changes.json": [ + { + "comment": "Recommendation 3.4", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-cloudtrail-configuration-changes.json": [ + { + "comment": "Recommendation 3.5", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-console-authentication-failures.json": [ + { + "comment": "Recommendation 3.6", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-cmk-deletion.json": [ + { + "comment": "Recommendation 3.7", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-s3-policy-changes.json": [ + { + "comment": "Recommendation 3.8", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-aws-configuration-changes.json": [ + { + "comment": "Recommendation 3.9", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-security-group-changes.json": [ + { + "comment": "Recommendation 3.10", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-nacl-changes.json": [ + { + "comment": "Recommendation 3.11", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-network-gateways-changes.json": [ + { + "comment": "Recommendation 3.12", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-route-table-changes.json": [ + { + "comment": "Recommendation 3.13", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "logs-no-alarm-vpc-changes.json": [ + { + "comment": "Recommendation 3.14", + "enabled": true, + "level": "danger", + "scored": true + } + ], "ec2-security-group-opens-known-port-to-all.json": [ { "args": [ From 33ae2b0bcefed3f132bda3e219899117c34bfda6 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Fri, 8 May 2020 15:37:25 +0200 Subject: [PATCH 021/979] Fixed delimiters in rules --- .../aws/rules/findings/config-recorder-not-configured.json | 1 + .../aws/rules/findings/ec2-default-security-group-in-use.json | 1 + .../rules/findings/ec2-default-security-group-with-rules.json | 1 + .../providers/aws/rules/findings/s3-bucket-no-logging.json | 1 + 4 files changed, 4 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json index 9dd596341..b59fcb0c0 100755 --- a/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json +++ b/ScoutSuite/providers/aws/rules/findings/config-recorder-not-configured.json @@ -18,6 +18,7 @@ "version": "1.2.0", "reference": "2.5" } + ], "references": [ "https://aws.amazon.com/blogs/mt/aws-config-best-practices/" ], diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json index cf756262c..1d705cfbe 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json @@ -18,6 +18,7 @@ "version": "1.2.0", "reference": "4.3" } + ], "references": [ "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-4.3" ], diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json index 44769f903..172524721 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json @@ -18,6 +18,7 @@ "version": "1.2.0", "reference": "4.3" } + ], "references": [ "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-4.3" ], diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json index b6a9bede5..37b838341 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json @@ -21,6 +21,7 @@ ], "references": [ "https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html" + ], "dashboard_name": "Buckets", "path": "s3.buckets.id", "conditions": [ From a8e375b4793d394caecd0276f6fa6703b8c92368 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Fri, 8 May 2020 17:19:47 +0200 Subject: [PATCH 022/979] Fixed some bugs --- .../aws/rules/findings/cloudtrail-no-logging.json | 4 ++++ .../aws/rules/findings/iam-no-support-role.json | 11 ++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json index 0c6b5026e..7d9abdeba 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json @@ -43,6 +43,10 @@ "false", "" ] + ], + "and", + [ + "cloudtrail.regions.id.trails.id." ] ], "class_suffix": "IsLogging" diff --git a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json index c10bf04ea..9bf87e6b2 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-no-support-role.json @@ -16,13 +16,18 @@ ], "dashboard_name": "Policies", "display_path": "iam.policies.id", - "path": "iam.policies.id.arn", + "path": "iam.policies.id", "conditions": [ "and", [ - "this", - "notEqual", + "iam.policies.id.arn", + "equal", "arn:aws:iam::aws:policy/AWSSupportAccess" + ], + [ + "iam.policies.id.attached_to", + "empty", + "" ] ] } \ No newline at end of file From 442371b5185d804f07af9e9f195d26df5c051a50 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 17 May 2020 18:35:50 +0200 Subject: [PATCH 023/979] Add support for cloudwatch metric filters --- ....cloudwatch.regions.id.metric_filters.html | 25 +++++++++++++++++ ScoutSuite/providers/aws/facade/cloudwatch.py | 10 +++++++ ScoutSuite/providers/aws/metadata.json | 6 +++++ .../aws/resources/cloudwatch/base.py | 4 ++- .../resources/cloudwatch/metric_filters.py | 27 +++++++++++++++++++ 5 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html create mode 100644 ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html new file mode 100644 index 000000000..bf16cf265 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html @@ -0,0 +1,25 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/aws/facade/cloudwatch.py b/ScoutSuite/providers/aws/facade/cloudwatch.py index e56f4e3cd..67450a3f5 100755 --- a/ScoutSuite/providers/aws/facade/cloudwatch.py +++ b/ScoutSuite/providers/aws/facade/cloudwatch.py @@ -4,6 +4,7 @@ class CloudWatch(AWSBaseFacade): + async def get_alarms(self, region): try: return await AWSFacadeUtils.get_all_pages('cloudwatch', region, self.session, 'describe_alarms', @@ -11,3 +12,12 @@ async def get_alarms(self, region): except Exception as e: print_exception('Failed to get CloudWatch alarms: {}'.format(e)) return [] + + async def get_metric_filters(self, region): + try: + return await AWSFacadeUtils.get_all_pages('logs', region, self.session, 'describe_metric_filters', + 'metricFilters') + except Exception as e: + print_exception('Failed to get CloudWatch metric filters: {}'.format(e)) + return [] + diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 55500f6a2..b2168b4da 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -44,6 +44,12 @@ "path": "services.cloudwatch.regions.id.alarms" } }, + "resources": { + "metric_filters": { + "cols": 2, + "path": "services.cloudwatch.regions.id.metric_filters" + } + }, "summaries": { "statistics": { "cols": 1, diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index 83fe0c8ab..3d18a4ca4 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -2,11 +2,13 @@ from ScoutSuite.providers.aws.resources.regions import Regions from .alarms import Alarms +from .metric_filters import MetricFilters class CloudWatch(Regions): _children = [ - (Alarms, 'alarms') + (Alarms, 'alarms'), + (MetricFilters, 'metric_filters') ] def __init__(self, facade: AWSFacade): diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py new file mode 100644 index 000000000..e10b5396d --- /dev/null +++ b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id + + +class MetricFilters(AWSResources): + def __init__(self, facade: AWSFacade, region: str): + super(MetricFilters, self).__init__(facade) + self.region = region + + async def fetch_all(self): + for raw_metric_filter in await self.facade.cloudwatch.get_metric_filters(self.region): + name, resource = self._parse_metric_filter(raw_metric_filter) + self[name] = resource + + def _parse_metric_filter(self, raw_metric_filter): + metric_filter_dict = {} + metric_filter_dict['id'] = get_non_provider_id('{}{}'.format(raw_metric_filter.get('filterName'), + raw_metric_filter.get('creationTime'))) + metric_filter_dict['name'] = raw_metric_filter.get('filterName') + metric_filter_dict['creation_time'] = raw_metric_filter.get('creationTime') + metric_filter_dict['pattern'] = raw_metric_filter.get('filterPattern') + metric_filter_dict['metric_transformations'] = raw_metric_filter.get('metricTransformations') + metric_filter_dict['log_group_name'] = raw_metric_filter.get('logGroupName') + return metric_filter_dict['id'], metric_filter_dict + + From 9e934ed85f503e5ba009eaaeb2196c9a415b2f65 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 17 May 2020 19:09:02 +0200 Subject: [PATCH 024/979] Fix bug --- ScoutSuite/providers/aws/metadata.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 00ec0805f..825fddde3 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -42,9 +42,7 @@ "alarms": { "cols": 2, "path": "services.cloudwatch.regions.id.alarms" - } - }, - "resources": { + }, "metric_filters": { "cols": 2, "path": "services.cloudwatch.regions.id.metric_filters" From 59a3c28d017249a67d959356178eaab7dedce865 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 17 May 2020 19:18:09 +0200 Subject: [PATCH 025/979] Update partial --- .../aws/services.cloudwatch.regions.id.metric_filters.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html index bf16cf265..0ed5443e8 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html @@ -6,9 +6,9 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    -
    Pattern: {{value_or_none pattern}}
    Creation Time: {{format_date creation_time}}
    Log Group Name: {{value_or_none log_group_name}}
    +
    Pattern: {{value_or_none pattern}}
    From 3808336a928c739fff35a50b454f7338d3095d52 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 17 May 2020 19:51:37 +0200 Subject: [PATCH 026/979] Add finalize processing --- .../providers/aws/resources/cloudwatch/base.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index 3d18a4ca4..b27642e5b 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -13,3 +13,15 @@ class CloudWatch(Regions): def __init__(self, facade: AWSFacade): super(CloudWatch, self).__init__('cloudwatch', facade) + + async def finalize(self): + + # For each region, check if at least one metric filter covers the desired events + for region in self['regions']: + self['regions'][region]['metric_filters_pattern_checks'] = {} + # Initialize results at "False" + self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = False + for metric_filter_id, metric_filter in self['regions'][region]['metric_filters'].items(): + # Check events + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = "ConsoleLogin") && ($.additionalEventData.MFAUsed != "Yes") }': + self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = True From 95f9710faa25ebb79320219419725869fc9c8b50 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 17 May 2020 19:51:48 +0200 Subject: [PATCH 027/979] Fix rule --- .../findings/logs-no-alarm-signin-without-mfa.json | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json index 1d4508738..74dc101a5 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for console log ins without MFA", + "description": "No CloudWatch Alarm for \"Console Logins without MFA\"", "rationale": "There was no CloudWatch alarm for console log ins without MFA. Monitoring for console log ins without MFA will provide visibility into the use of accounts not protected by Multi Factor Authentication (MFA).", "remediation": "Enable a CloudWatch alarm to monitor console log ins without MFA.", "compliance": [ @@ -19,13 +19,14 @@ "reference": "3.2" } ], - "dashboard_name": "Logs", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters_pattern_checks.console_login_mfa", + "display_path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ "and", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.console_login_mfa", + "false", "" ] ] From 0c75f6c3b2ee7d0c38de2a69c3dd4b1d5bfe67e8 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Mon, 25 May 2020 17:56:07 +0200 Subject: [PATCH 028/979] Implemented CIS 1.2.0 Monitoring findings --- .../aws/resources/cloudwatch/base.py | 39 +++++++++++++++++++ ...gs-no-alarm-aws-configuration-changes.json | 12 +++--- ...larm-cloudtrail-configuration-changes.json | 12 +++--- .../findings/logs-no-alarm-cmk-deletion.json | 12 +++--- ...alarm-console-authentication-failures.json | 12 +++--- ... => logs-no-alarm-iam-policy-changes.json} | 12 +++--- .../findings/logs-no-alarm-nacl-changes.json | 12 +++--- ...ogs-no-alarm-network-gateways-changes.json | 12 +++--- .../findings/logs-no-alarm-root-usage.json | 12 +++--- .../logs-no-alarm-route-table-changes.json | 12 +++--- .../logs-no-alarm-s3-policy-changes.json | 12 +++--- .../logs-no-alarm-security-group-changes.json | 12 +++--- .../logs-no-alarm-signin-without-mfa.json | 5 +-- .../logs-no-alarm-unauthorized-api-calls.json | 12 +++--- .../findings/logs-no-alarm-vpc-changes.json | 12 +++--- .../aws/rules/rulesets/cis-1.2.0.json | 2 +- 16 files changed, 120 insertions(+), 82 deletions(-) rename ScoutSuite/providers/aws/rules/findings/{logs-no-alarm-IAM-policy-changes.json => logs-no-alarm-iam-policy-changes.json} (74%) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index b27642e5b..bdb7ed7be 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -20,8 +20,47 @@ async def finalize(self): for region in self['regions']: self['regions'][region]['metric_filters_pattern_checks'] = {} # Initialize results at "False" + self['regions'][region]['metric_filters_pattern_checks']['unauthorized_api_calls'] = False self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = False + self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = False + self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['console_authentication_failures'] = False + self['regions'][region]['metric_filters_pattern_checks']['cmk_deletion'] = False + self['regions'][region]['metric_filters_pattern_checks']['s3_policy_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['aws_configuration_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['security_group_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['nacl_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['network_gateways_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['route_table_changes'] = False + self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = False for metric_filter_id, metric_filter in self['regions'][region]['metric_filters'].items(): # Check events + if metric_filter['pattern'] == 'filterPattern": "{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") }': + self['regions'][region]['metric_filters_pattern_checks']['unauthorized_api_calls'] = True if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = "ConsoleLogin") && ($.additionalEventData.MFAUsed != "Yes") }': self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = True + if metric_filter['pattern'] == 'filterPattern": "{ $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" }': + self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName=DeleteGroupPolicy) || ($..eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }': + self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }': + self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }': + self['regions'][region]['metric_filters_pattern_checks']['console_authentication_failures'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = kms.amazonaws.com) && (($.eventName = DisableKey) || ($.eventName = ScheduleKeyDeletion)) }': + self['regions'][region]['metric_filters_pattern_checks']['cmk_deletion'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketReplication)) }': + self['regions'][region]['metric_filters_pattern_checks']['s3_policy_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = config.amazonaws.com) && (($.eventName = StopConfigurationRecorder) || ($.eventName = DeleteDeliveryChannel) || ($.eventName = PutDeliveryChannel) || ($.eventName = PutConfigurationRecorder)) }': + self['regions'][region]['metric_filters_pattern_checks']['aws_configuration_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) }': + self['regions'][region]['metric_filters_pattern_checks']['security_group_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }': + self['regions'][region]['metric_filters_pattern_checks']['nacl_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }': + self['regions'][region]['metric_filters_pattern_checks']['network_gateways_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }': + self['regions'][region]['metric_filters_pattern_checks']['route_table_changes'] = True + if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }': + self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = True diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json index 78800b96e..17f0bbd8c 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-aws-configuration-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for AWS configuration changes", + "description": "No CloudWatch alarm for \"AWS Configuration Changes\"", "rationale": "There was no CloudWatch alarm to monitor AWS configuration changes. Monitoring for AWS configuration changes will help ensure sustained visibility to changes performed in the AWS account.", "remediation": "Enable a CloudWatch alarm to detect AWS configuration changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.9" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.aws_configuration_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json index a5cb35480..1008dbabd 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cloudtrail-configuration-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for CloudTrail configuration changes", + "description": "No CloudWatch alarm for \"CloudTrail Configuration Changes\"", "rationale": "There was no CloudWatch alarm to monitor CloudTrail configuration changes. Monitoring for CloudTrail policy changes will help ensure sustained visibility to activities performed in the AWS account.", "remediation": "Enable a CloudWatch alarm to monitor CloudTrail configuration changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.5" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.cloudtrail_configuration_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json index cd06e1325..894921641 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-cmk-deletion.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for disabled or deleted master keys", + "description": "No CloudWatch alarm for \"Disabled or Deleted Master Keys\"", "rationale": "There was no CloudWatch alarm to alert about disabled or deleted master keys. Monitoring for disabled or deleted master keys can prevent permanent loss of data encrypted with such keys.", "remediation": "Enable a CloudWatch alarm to detect recently disabled or deleted master keys.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.7" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.cmk_deletion", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json index 23ecfb861..162d209bc 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-console-authentication-failures.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for failed console authentications", + "description": "No CloudWatch alarm for \"Failed Console Authentications\"", "rationale": "There was no CloudWatch alarm for failed console authentication requests. Monitoring for failed console authentications can decrease the lead time to detect brute force attacks.", "remediation": "Enable a CloudWatch alarm to monitor failed authentication attempts.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.6" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.console_authentication_failures", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-iam-policy-changes.json similarity index 74% rename from ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json rename to ScoutSuite/providers/aws/rules/findings/logs-no-alarm-iam-policy-changes.json index df7fa442c..b37961662 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-IAM-policy-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-iam-policy-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for IAM policy changes", + "description": "No CloudWatch alarm for \"IAM Policy Changes\"", "rationale": "There was no CloudWatch alarm to monitor IAM policy changes. Monitoring for IAM policy changes will help ensure authentication and authorization control remain intact.", "remediation": "Enable a CloudWatch alarm to monitor the usage of the root account.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.4" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.iam_policy_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json index c2b02d43e..0ed4e495b 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-nacl-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for Network Access Control Lists changes", + "description": "No CloudWatch alarm for \"Network Access Control Lists Changes\"", "rationale": "There was no CloudWatch alarm to detect changes to NACL. Monitoring for NACL changes will help ensure that no service or resource is unintentionally exposed.", "remediation": "Enable a CloudWatch alarm to detect NACL changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.11" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.nacl_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json index f17a876ca..06b483891 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-network-gateways-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for network gateways changes", + "description": "No CloudWatch alarm for \"Network Gateways Changes\"", "rationale": "There was no CloudWatch alarm to monitor changes in network gateways. Monitoring for network gateways changes will help ensure that all traffic traverses the VPC border via a controlled path.", "remediation": "Enable a CloudWatch alarm to detect network gateways changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.12" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.network_gateways_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json index 5bf7e979a..7d1bf248a 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-root-usage.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for root account usage", + "description": "No CloudWatch alarm for \"Root Account Usage\"", "rationale": "There was no CloudWatch alarm for the usage of the root account. Monitoring for root account log ins will provide visibility into the use of a fully privileged account.", "remediation": "Enable a CloudWatch alarm to monitor the usage of the root account.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.3" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.root_usage", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json index 9cc890405..fed58aa40 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-route-table-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for route table changes", + "description": "No CloudWatch alarm for \"Route Table Changes\"", "rationale": "There was no CloudWatch alarm to monitor changes in route tables. Monitoring for route table changes will help ensure that all VPC traffic flows thorough an expected path.", "remediation": "Enable a CloudWatch alarm to detect route table changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.13" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.route_table_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json index d79fc807d..172afbd82 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-s3-policy-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for S3 bucket policy changes", + "description": "No CloudWatch alarm for \"S3 Bucket Policy Changes\"", "rationale": "There was no CloudWatch alarm to detect changes in S3 bucket policy changes. Monitoring for changes in S3 bucket policy changes may reduce the time to detect and fix permissive policies on sensitive S3 buckets.", "remediation": "Enable a CloudWatch alarm to detect policy changes in S3 buckets.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.8" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.s3_policy_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json index c85c457f0..d5f4e1894 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-security-group-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for security group changes", + "description": "No CloudWatch alarm for \"Security Group Changes\"", "rationale": "There was no CloudWatch alarm to monitor changes to security groups. Monitoring for security group changes will help ensure that no service or resource is unintentionally exposed.", "remediation": "Enable a CloudWatch alarm to monitor security group changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.10" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.security_group_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json index 74dc101a5..7d9d475a5 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-signin-without-mfa.json @@ -20,10 +20,9 @@ } ], "dashboard_name": "Regions", - "path": "cloudwatch.regions.id.metric_filters_pattern_checks.console_login_mfa", - "display_path": "cloudwatch.regions.id.metric_filters.id", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ "cloudwatch.regions.id.metric_filters_pattern_checks.console_login_mfa", "false", diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json index 4a5b7dd6d..d069e0e34 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-unauthorized-api-calls.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for unauthorized API calls", + "description": "No CloudWatch Alarm for \"Unauthorized API Calls\"", "rationale": "There was no CloudWatch alarm for unauthorized API calls. Monitoring for unauthorized API calls helps reveal application errors and detect malicious activity.", "remediation": "Enable a CloudWatch alarm to monitor unauthorized API calls.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.1" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.unauthorized_api_calls", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json index 44632cdec..48d35ee04 100644 --- a/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json +++ b/ScoutSuite/providers/aws/rules/findings/logs-no-alarm-vpc-changes.json @@ -1,5 +1,5 @@ { - "description": "No CloudWatch alarm for VPC changes", + "description": "No CloudWatch alarm for \"VPC Changes\"", "rationale": "There was no CloudWatch alarm to monitor VPC changes. Monitoring for VPC changes will help ensure authentication and authorization controls remain intact.", "remediation": "Enable a CloudWatch alarm to detect VPC changes.", "compliance": [ @@ -19,13 +19,13 @@ "reference": "3.14" } ], - "dashboard_name": "Cloudwatch", - "path": "cloudwatch.regions.id.alarms.id", + "dashboard_name": "Regions", + "path": "cloudwatch.regions.id.metric_filters.id", "conditions": [ - "and", + "or", [ - "cloudwatch.regions.id.alarms.id.AlarmActions", - "empty", + "cloudwatch.regions.id.metric_filters_pattern_checks.vpc_changes", + "false", "" ] ] diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 27a0c6da7..304de41cd 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -300,7 +300,7 @@ "scored": true } ], - "logs-no-alarm-IAM-policy-changes.json": [ + "logs-no-alarm-iam-policy-changes.json": [ { "comment": "Recommendation 3.4", "enabled": true, From 2941a2a8199e2457706694a6297b738d3450561c Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 26 May 2020 18:52:31 +0200 Subject: [PATCH 029/979] Add ARN to partial --- .../html/partials/aws/services.ec2.regions.id.snapshots.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html index bf03d8966..95d2dd648 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html @@ -7,7 +7,8 @@

    {{name}}

    Information

      -
    • Id: {{id}}
      • +
    • ID: {{id}}
      • +
    • ARN: {{arn}}
    • Date: {{StartTime}}
    • Description:{{Description}}
    • State: {{State}}
      • From 7d30321c7a90c087f327f5f66c38e7bfe2e6acb8 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Wed, 27 May 2020 16:51:48 +0200 Subject: [PATCH 030/979] Added Cloudtrail S3 bucket findings --- .../rules/findings/s3-bucket-world-acl.json | 19 +++ .../findings/s3-bucket-world-policy-star.json | 18 +++ .../aws/rules/rulesets/cis-1.2.0.json | 108 +++++++++++++++++- 3 files changed, 140 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json index cee261d45..3b40295a6 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json @@ -1,5 +1,24 @@ { "description": "_ARG_2_", + "rationale": "Allowing public access to any S3 bucket may disclose sensitive information stored in them or allow unauthenticated users to upload any type of files.", + "remediation": "Remove any public access that has been granted to the affected buckets via an ACL", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.3" + } + ], "dashboard_name": "Bucket ACLs", "display_path": "s3.buckets.id", "path": "s3.buckets.id.grantees.id", diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json index 87c103be7..3a276cacd 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json @@ -1,6 +1,24 @@ { "description": "All Actions Authorized to All Principals", "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "remediation": "Remove any Statement having an Effect set to Allow and a Principal set to \"*\" or {\"AWS\":\"*\"} in the affected bucket policy", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "2.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "2.3" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "2.3" + } + ], "dashboard_name": "Buckets", "display_path": "s3.buckets.id", "path": "s3.buckets.id.policy.Statement.id", diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 304de41cd..81f858f98 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -206,7 +206,7 @@ ], "cloudtrail-not-configured.json": [ { - "comment": "Recommendation 2.1 (part 2/2)", + "comment": "Recommendation 2.1 (Part 2/2)", "enabled": true, "level": "danger", "scored": true @@ -220,12 +220,110 @@ "scored": true } ], - "TODO_2.json": [ + "s3-bucket-world-acl.json": [ { - "comment": "Recommendation 2.3", - "enabled": false, + "args": [ + "AllUsers", + "read", + "Bucket world-listable (anonymous)", + "warning" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, "level": "danger", - "scored": true + "score": true + }, + { + "args": [ + "AllUsers", + "read_acp", + "Bucket's permissions world-readable (anonymous)", + "warning" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AllUsers", + "write", + "Bucket world-writable (anonymous)", + "danger" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AllUsers", + "write_acp", + "Bucket's permissions world-writable (anonymous)", + "danger" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AuthenticatedUsers", + "read", + "Bucket world-listable", + "danger" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AuthenticatedUsers", + "read_acp", + "Bucket's permissions world-readable", + "warning" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AuthenticatedUsers", + "write", + "Bucket world-writable", + "danger" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + }, + { + "args": [ + "AuthenticatedUsers", + "write_acp", + "Bucket's permissions world-writable", + "danger" + ], + "comment": "Recommendation 2.3 (Part 1/2)", + "enabled": true, + "level": "danger", + "score": true + } + ], + "s3-bucket-world-policy-star.json": [ + { + "comment": "Recommendation 2.3 (Part 2/2)", + "enabled": true, + "level": "danger", + "score": true } ], "cloudtrail-no-cloudwatch-integration.json": [ From a03a75d2655877310cfe8cb9d1f1c99e73c3ff34 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 14:08:10 -0500 Subject: [PATCH 031/979] feat: stubs for DynamoDB --- ScoutSuite/providers/aws/facade/dynamodb.py | 41 +++++++++++++++++++ .../aws/resources/dynamodb/__init__.py | 0 .../aws/resources/dynamodb/backups.py | 26 ++++++++++++ .../providers/aws/resources/dynamodb/base.py | 11 +++++ .../aws/resources/dynamodb/tables.py | 17 ++++++++ 5 files changed, 95 insertions(+) create mode 100644 ScoutSuite/providers/aws/facade/dynamodb.py create mode 100644 ScoutSuite/providers/aws/resources/dynamodb/__init__.py create mode 100644 ScoutSuite/providers/aws/resources/dynamodb/backups.py create mode 100644 ScoutSuite/providers/aws/resources/dynamodb/base.py create mode 100644 ScoutSuite/providers/aws/resources/dynamodb/tables.py diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py new file mode 100644 index 000000000..adb6514e4 --- /dev/null +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -0,0 +1,41 @@ + + + +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils +from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade + + +class DynamoDBFacase(AWSBaseFacade): + async def get_backups(self, region, table_name): + try: + return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_backups', 'BackupSummaries') + except Exception as e: + print_exception(f"Failed to get DynamoDB Backups for {table_name}") + return [] + + async def get_tables(self, region): + try: + return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tables', 'TableNames') + except Exception as e: + print_exception(f"Failed to get DynamoDB tables") + return [] + + async def get_tags_for_resource(self, region, resource_arn): + try: + return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tags_of_resource', 'Tags', ResourceArn=resource_arn) + except Exception as e: + print_exception(f"Failed to get DynamoDB tags for resource {resource_arn}") + return [] + + + async def get_table(self, table_name: str, region): + client = AWSFacadeUtils.get_client('dynamodb', self.session, region) + try: + table = await run_concurrently(lambda: client.describe_table(TableName=table_name)) + except Exception as e: + print_exception(f"Failed to get table {table_name}: {e}") + table = None + + if table: diff --git a/ScoutSuite/providers/aws/resources/dynamodb/__init__.py b/ScoutSuite/providers/aws/resources/dynamodb/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/aws/resources/dynamodb/backups.py b/ScoutSuite/providers/aws/resources/dynamodb/backups.py new file mode 100644 index 000000000..5951e40ad --- /dev/null +++ b/ScoutSuite/providers/aws/resources/dynamodb/backups.py @@ -0,0 +1,26 @@ + +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources + + +class Backups(AWSResources): + + def __init__(self, facade: AWSFacade, region: str) -> None: + super(Backups, self).__init__(facade) + self.region = region + + + async def fetch_all(self, **kwargs): + raw_backups = await self.facade.dynamodb.get_backups(self.region) + for raw_backup in raw_backups: + name, resource = await self._parse_backup(raw_backup) + self[name] = resource + + + async def _parse_backup(self, raw_backup): + backup = { + 'table_name': raw_backup.get('TableName'), + 'id': raw_backup.get('TableId'), + 'arn': raw_backup.get('TableArn'), + } + return backup['table_name'], backup diff --git a/ScoutSuite/providers/aws/resources/dynamodb/base.py b/ScoutSuite/providers/aws/resources/dynamodb/base.py new file mode 100644 index 000000000..1825a898c --- /dev/null +++ b/ScoutSuite/providers/aws/resources/dynamodb/base.py @@ -0,0 +1,11 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.regions import Regions + +from .backups import Backups + + +class DynamoDB(Regions): + _children = [(Backups, "backups")] + + def __init__(self, facade: AWSFacade): + super(Backups, self).__init__("backups", facade) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py new file mode 100644 index 000000000..12205349d --- /dev/null +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -0,0 +1,17 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources + + +class Tables(AWSResources): + def __init__(self, facade: AWSFacade, region: str) -> None: + super(Tables, self).__init__(facade) + self.region = region + + async def fetch_all(self, **kwargs): + raw_tables = await self.facade.dynamodb.get_tables(self.region) + for raw_table in raw_tables: + name, resource = await self._parse_table(raw_table) + + async def _parse_table(self, raw_table): + table = {} + table['name'] = raw_table From f24888a18b908a911ec4422c169518531e870696 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 21:32:31 -0500 Subject: [PATCH 032/979] feat: initial grab of DynamoDB Data --- ScoutSuite/providers/aws/facade/base.py | 2 + ScoutSuite/providers/aws/facade/dynamodb.py | 54 +++++++++++++++---- .../aws/resources/dynamodb/backups.py | 2 +- .../providers/aws/resources/dynamodb/base.py | 5 +- .../aws/resources/dynamodb/tables.py | 7 ++- ScoutSuite/providers/aws/services.py | 6 ++- 6 files changed, 59 insertions(+), 17 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index a2e25f743..ae0d10fca 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -8,6 +8,7 @@ from ScoutSuite.providers.aws.facade.cloudwatch import CloudWatch from ScoutSuite.providers.aws.facade.config import ConfigFacade from ScoutSuite.providers.aws.facade.directconnect import DirectConnectFacade +from ScoutSuite.providers.aws.facade.dynamodb import DynamoDBFacade from ScoutSuite.providers.aws.facade.ec2 import EC2Facade from ScoutSuite.providers.aws.facade.efs import EFSFacade from ScoutSuite.providers.aws.facade.elasticache import ElastiCacheFacade @@ -246,6 +247,7 @@ def _instantiate_facades(self): self.cloudwatch = CloudWatch(self.session) self.config = ConfigFacade(self.session) self.directconnect = DirectConnectFacade(self.session) + self.dynamodb = DynamoDBFacade(self.session) self.efs = EFSFacade(self.session) self.elasticache = ElastiCacheFacade(self.session) self.emr = EMRFacade(self.session) diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py index adb6514e4..168ba0263 100644 --- a/ScoutSuite/providers/aws/facade/dynamodb.py +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -1,4 +1,4 @@ - +# import debugpy from ScoutSuite.providers.utils import run_concurrently @@ -7,35 +7,69 @@ from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade -class DynamoDBFacase(AWSBaseFacade): +class DynamoDBFacade(AWSBaseFacade): async def get_backups(self, region, table_name): try: - return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_backups', 'BackupSummaries') + return await AWSFacadeUtils.get_all_pages( + "dynamodb", + region, + self.session, + "list_backups", + "BackupSummaries", + TableName=table_name, + ) except Exception as e: print_exception(f"Failed to get DynamoDB Backups for {table_name}") return [] async def get_tables(self, region): try: - return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tables', 'TableNames') + return await AWSFacadeUtils.get_all_pages( + "dynamodb", region, self.session, "list_tables", "TableNames" + ) except Exception as e: print_exception(f"Failed to get DynamoDB tables") return [] async def get_tags_for_resource(self, region, resource_arn): try: - return await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tags_of_resource', 'Tags', ResourceArn=resource_arn) + return await AWSFacadeUtils.get_all_pages( + "dynamodb", + region, + self.session, + "list_tags_of_resource", + "Tags", + ResourceArn=resource_arn, + ) except Exception as e: print_exception(f"Failed to get DynamoDB tags for resource {resource_arn}") return [] + async def get_table(self, region, table_name): + # debugpy.listen(5678) + # print("Waiting for debugger attach") + # debugpy.wait_for_client() - async def get_table(self, table_name: str, region): - client = AWSFacadeUtils.get_client('dynamodb', self.session, region) + client = AWSFacadeUtils.get_client("dynamodb", self.session, region) try: - table = await run_concurrently(lambda: client.describe_table(TableName=table_name)) + raw_table = await run_concurrently( + lambda: client.describe_table(TableName=table_name) + ) except Exception as e: print_exception(f"Failed to get table {table_name}: {e}") - table = None + raw_table = None + + # debugpy.breakpoint() + if raw_table["Table"]: + table = {} + raw = raw_table["Table"] + if "SSEDescription" in raw: + table["sse_description"] = raw["SSEDescription"] + table["sse_enabled"] = True + else: + table["sse_enabled"] = False - if table: + if "ArchivalSummary" in raw: + table["archival_summary"] = raw["ArchivalSummary"] + return raw["TableName"], table + return "", [] diff --git a/ScoutSuite/providers/aws/resources/dynamodb/backups.py b/ScoutSuite/providers/aws/resources/dynamodb/backups.py index 5951e40ad..7e25b78ac 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/backups.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/backups.py @@ -10,7 +10,7 @@ def __init__(self, facade: AWSFacade, region: str) -> None: self.region = region - async def fetch_all(self, **kwargs): + async def fetch_all(self): raw_backups = await self.facade.dynamodb.get_backups(self.region) for raw_backup in raw_backups: name, resource = await self._parse_backup(raw_backup) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/base.py b/ScoutSuite/providers/aws/resources/dynamodb/base.py index 1825a898c..3691f52ec 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/base.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/base.py @@ -2,10 +2,11 @@ from ScoutSuite.providers.aws.resources.regions import Regions from .backups import Backups +from .tables import Tables class DynamoDB(Regions): - _children = [(Backups, "backups")] + _children = [(Tables, "tables")] def __init__(self, facade: AWSFacade): - super(Backups, self).__init__("backups", facade) + super(DynamoDB, self).__init__("dynamodb", facade) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py index 12205349d..d372b6cd2 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/tables.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -7,11 +7,14 @@ def __init__(self, facade: AWSFacade, region: str) -> None: super(Tables, self).__init__(facade) self.region = region - async def fetch_all(self, **kwargs): + async def fetch_all(self): raw_tables = await self.facade.dynamodb.get_tables(self.region) for raw_table in raw_tables: name, resource = await self._parse_table(raw_table) + self[name] = resource async def _parse_table(self, raw_table): table = {} - table['name'] = raw_table + t, resource = await self.facade.dynamodb.get_table(self.region, raw_table) + table = {**table, **resource} + return raw_table, table diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index ba0141ea6..a5b178117 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -6,6 +6,7 @@ from ScoutSuite.providers.aws.resources.cloudwatch.base import CloudWatch from ScoutSuite.providers.aws.resources.config.base import Config from ScoutSuite.providers.aws.resources.directconnect.base import DirectConnect +from ScoutSuite.providers.aws.resources.dynamodb.base import DynamoDB from ScoutSuite.providers.aws.resources.ec2.base import EC2 from ScoutSuite.providers.aws.resources.efs.base import EFS from ScoutSuite.providers.aws.resources.elasticache.base import ElastiCache @@ -59,7 +60,7 @@ class AWSServicesConfig(BaseServicesConfig): :ivar cloudtrail: CloudTrail configuration :ivar cloudwatch: CloudWatch configuration: :ivar config: Config configuration - :ivar dynamodb: DynomaDB configuration + :ivar dynamodb: DynamoDB configuration :ivar ec2: EC2 configuration :ivar ecs: ECS configuration :ivar ecr: ECR configuration @@ -70,7 +71,7 @@ class AWSServicesConfig(BaseServicesConfig): :ivar redshift: Redshift configuration :ivar s3: S3 configuration :ivar ses: SES configuration: - "ivar sns: SNS configuration + :ivar sns: SNS configuration :ivar sqs: SQS configuration """ @@ -87,6 +88,7 @@ def __init__(self, credentials=None, **kwargs): self.cloudwatch = CloudWatch(facade) self.config = Config(facade) self.directconnect = DirectConnect(facade) + self.dynamodb = DynamoDB(facade) self.ec2 = EC2(facade) self.efs = EFS(facade) self.elasticache = ElastiCache(facade) From daf40cbe1810a23a23a2792302fcf8152d6aa36f Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 21:58:07 -0500 Subject: [PATCH 033/979] :building_construction: move parsing out of facade --- ScoutSuite/providers/aws/facade/dynamodb.py | 23 +------------------ .../aws/resources/dynamodb/tables.py | 23 +++++++++++++------ 2 files changed, 17 insertions(+), 29 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py index 168ba0263..f4d370422 100644 --- a/ScoutSuite/providers/aws/facade/dynamodb.py +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -1,6 +1,3 @@ -# import debugpy - - from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.core.console import print_exception from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils @@ -46,10 +43,6 @@ async def get_tags_for_resource(self, region, resource_arn): return [] async def get_table(self, region, table_name): - # debugpy.listen(5678) - # print("Waiting for debugger attach") - # debugpy.wait_for_client() - client = AWSFacadeUtils.get_client("dynamodb", self.session, region) try: raw_table = await run_concurrently( @@ -58,18 +51,4 @@ async def get_table(self, region, table_name): except Exception as e: print_exception(f"Failed to get table {table_name}: {e}") raw_table = None - - # debugpy.breakpoint() - if raw_table["Table"]: - table = {} - raw = raw_table["Table"] - if "SSEDescription" in raw: - table["sse_description"] = raw["SSEDescription"] - table["sse_enabled"] = True - else: - table["sse_enabled"] = False - - if "ArchivalSummary" in raw: - table["archival_summary"] = raw["ArchivalSummary"] - return raw["TableName"], table - return "", [] + return raw_table diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py index d372b6cd2..2726529f7 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/tables.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -1,3 +1,4 @@ +from debugpy.common.log import debug from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources @@ -8,13 +9,21 @@ def __init__(self, facade: AWSFacade, region: str) -> None: self.region = region async def fetch_all(self): - raw_tables = await self.facade.dynamodb.get_tables(self.region) - for raw_table in raw_tables: - name, resource = await self._parse_table(raw_table) - self[name] = resource + tables = await self.facade.dynamodb.get_tables(self.region) + for table_name in tables: + raw_table = await self.facade.dynamodb.get_table(self.region, table_name) + table = await self._parse_table(raw_table) + self[table_name] = table async def _parse_table(self, raw_table): table = {} - t, resource = await self.facade.dynamodb.get_table(self.region, raw_table) - table = {**table, **resource} - return raw_table, table + if raw_table["Table"]: + raw = raw_table["Table"] + if "SSEDescription" in raw: + table["sse_description"] = raw["SSEDescription"] + table["sse_enabled"] = True + else: + table["sse_enabled"] = False + if "ArchivalSummary" in raw: + table["archival_summary"] = raw["ArchivalSummary"] + return table From 5ea22ff0cba8039f79b41edcc531d817f23b4d14 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 22:37:51 -0500 Subject: [PATCH 034/979] convert all of the response to snake case --- .../providers/aws/resources/dynamodb/tables.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py index 2726529f7..b28d22197 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/tables.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -1,6 +1,6 @@ -from debugpy.common.log import debug from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import no_camel class Tables(AWSResources): @@ -20,10 +20,20 @@ async def _parse_table(self, raw_table): if raw_table["Table"]: raw = raw_table["Table"] if "SSEDescription" in raw: - table["sse_description"] = raw["SSEDescription"] table["sse_enabled"] = True else: table["sse_enabled"] = False - if "ArchivalSummary" in raw: - table["archival_summary"] = raw["ArchivalSummary"] + new_dict = await self.camel_keys(raw) + table.update(new_dict) + return table + + async def camel_keys(self, d: dict) -> dict: + new_table = {} + for k in d.keys(): + new_key = no_camel(k) + if type(d[k]) is dict: + new_table[new_key] = await self.camel_keys(d[k]) + else: + new_table[new_key] = d[k] + return new_table From 34dbc7f9c4fb9f38d4298d6565ec8dfa2d205805 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 23:11:53 -0500 Subject: [PATCH 035/979] feat: create snake_keys utility function --- .../aws/resources/dynamodb/tables.py | 14 ++--------- ScoutSuite/providers/aws/utils.py | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py index b28d22197..e44530bd9 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/tables.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import no_camel +from ScoutSuite.providers.aws.utils import snake_keys class Tables(AWSResources): @@ -23,17 +23,7 @@ async def _parse_table(self, raw_table): table["sse_enabled"] = True else: table["sse_enabled"] = False - new_dict = await self.camel_keys(raw) + new_dict = snake_keys(raw) table.update(new_dict) return table - - async def camel_keys(self, d: dict) -> dict: - new_table = {} - for k in d.keys(): - new_key = no_camel(k) - if type(d[k]) is dict: - new_table[new_key] = await self.camel_keys(d[k]) - else: - new_table[new_key] = d[k] - return new_table diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 517f1bc9f..4fbcc6d4b 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -83,3 +83,26 @@ def no_camel(name): """ s1 = re.sub('(.)([A-Z][a-z]+)', r'\1_\2', name) return re.sub('([a-z0-9])([A-Z])', r'\1_\2', s1).lower() + +def snake_keys(d: dict) -> dict: + """ + Converts a dictionary with CamelCase keys to camel_case + + :param name: d Dictionary to iterate over + :return: + """ + + new_table = {} + for k in d.keys(): + new_key = no_camel(k) + if type(d[k]) is dict: + new_table[new_key] = snake_keys(d[k]) + elif type(d[k]) is list: + if len(d[k]) > 0 and type(d[k][0]) is dict: + new_ary = [] + for val in d[k]: + new_ary.append(no_camel(val)) + new_table[new_key] = new_ary + else: + new_table[new_key] = d[k] + return new_table From 830ac868dd1b1f34e4e67d446998cba47b687f78 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Fri, 29 May 2020 23:22:55 -0500 Subject: [PATCH 036/979] cleanup --- ScoutSuite/providers/aws/utils.py | 50 ++++++++++++++----------------- 1 file changed, 23 insertions(+), 27 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 4fbcc6d4b..6b59c02e7 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -1,24 +1,24 @@ import re from ScoutSuite.core.console import print_exception -ec2_classic = 'EC2-Classic' +ec2_classic = "EC2-Classic" def get_caller_identity(session): - sts_client = session.client('sts') + sts_client = session.client("sts") identity = sts_client.get_caller_identity() return identity def get_aws_account_id(session): caller_identity = get_caller_identity(session) - account_id = caller_identity['Arn'].split(':')[4] + account_id = caller_identity["Arn"].split(":")[4] return account_id def get_partition_name(session): caller_identity = get_caller_identity(session) - partition_name = caller_identity['Arn'].split(':')[1] + partition_name = caller_identity["Arn"].split(":")[1] return partition_name @@ -30,14 +30,15 @@ def is_throttled(e): :return: True if it's a throttling exception else False """ try: - return (hasattr(e, 'response') - and e.response - and 'Error' in e.response - and e.response['Error']['Code'] in ['Throttling', - 'RequestLimitExceeded', - 'ThrottlingException']) + return ( + hasattr(e, "response") + and e.response + and "Error" in e.response + and e.response["Error"]["Code"] + in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] + ) except Exception as e: - print_exception('Unable to validate exception for throttling: {}'.format(e)) + print_exception("Unable to validate exception for throttling: {}".format(e)) return False @@ -64,14 +65,14 @@ def get_name(src, dst, default_attribute): :return: """ name_found = False - if 'Tags' in src: - for tag in src['Tags']: - if tag['Key'] == 'Name' and tag['Value'] != '': - dst['name'] = tag['Value'] + if "Tags" in src: + for tag in src["Tags"]: + if tag["Key"] == "Name" and tag["Value"] != "": + dst["name"] = tag["Value"] name_found = True if not name_found: - dst['name'] = src[default_attribute] - return dst['name'] + dst["name"] = src[default_attribute] + return dst["name"] def no_camel(name): @@ -81,10 +82,11 @@ def no_camel(name): :param name: Name string to convert :return: """ - s1 = re.sub('(.)([A-Z][a-z]+)', r'\1_\2', name) - return re.sub('([a-z0-9])([A-Z])', r'\1_\2', s1).lower() + s1 = re.sub("(.)([A-Z][a-z]+)", r"\1_\2", name) + return re.sub("([a-z0-9])([A-Z])", r"\1_\2", s1).lower() -def snake_keys(d: dict) -> dict: + +def snake_keys(d): """ Converts a dictionary with CamelCase keys to camel_case @@ -95,14 +97,8 @@ def snake_keys(d: dict) -> dict: new_table = {} for k in d.keys(): new_key = no_camel(k) - if type(d[k]) is dict: + if isinstance(d[k], dict): new_table[new_key] = snake_keys(d[k]) - elif type(d[k]) is list: - if len(d[k]) > 0 and type(d[k][0]) is dict: - new_ary = [] - for val in d[k]: - new_ary.append(no_camel(val)) - new_table[new_key] = new_ary else: new_table[new_key] = d[k] return new_table From 9cc9d43b115d0667554ed11f566acf71a26222dc Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:09:25 -0500 Subject: [PATCH 037/979] run pyupgrade --py3-only --- ScoutSuite/core/console.py | 1 - ScoutSuite/core/exceptions.py | 2 +- ScoutSuite/core/fs.py | 2 -- ScoutSuite/core/processingengine.py | 8 +++---- ScoutSuite/core/rule.py | 10 ++++----- ScoutSuite/core/rule_definition.py | 12 +++++----- ScoutSuite/core/ruleset.py | 6 ++--- ScoutSuite/core/server.py | 2 +- ScoutSuite/core/utils.py | 2 +- ScoutSuite/output/html.py | 14 +++++------- ScoutSuite/output/result_encoder.py | 6 ++--- ScoutSuite/output/utils.py | 3 --- ScoutSuite/providers/aliyun/provider.py | 4 ++-- .../providers/aliyun/resources/ecs/base.py | 2 +- .../aliyun/resources/ecs/instances.py | 2 +- .../providers/aliyun/resources/kms/base.py | 2 +- .../providers/aliyun/resources/kms/keys.py | 2 +- .../aliyun/resources/ram/api_keys.py | 2 +- .../providers/aliyun/resources/ram/base.py | 2 +- .../providers/aliyun/resources/ram/groups.py | 2 +- .../aliyun/resources/ram/password_policy.py | 2 +- .../aliyun/resources/ram/policies.py | 2 +- .../providers/aliyun/resources/ram/roles.py | 2 +- .../aliyun/resources/ram/security_policy.py | 2 +- .../providers/aliyun/resources/rds/base.py | 2 +- .../aliyun/resources/rds/instances.py | 2 +- .../providers/aliyun/resources/regions.py | 2 +- .../providers/aliyun/resources/vpc/base.py | 2 +- .../providers/aliyun/resources/vpc/vpcs.py | 2 +- ScoutSuite/providers/aliyun/services.py | 2 +- ScoutSuite/providers/aws/facade/base.py | 2 +- ScoutSuite/providers/aws/facade/basefacade.py | 2 +- ScoutSuite/providers/aws/facade/ec2.py | 2 +- ScoutSuite/providers/aws/facade/rds.py | 6 ++--- ScoutSuite/providers/aws/facade/s3.py | 22 +++++++++---------- ScoutSuite/providers/aws/provider.py | 4 ++-- .../providers/aws/resources/acm/base.py | 2 +- .../aws/resources/acm/certificates.py | 2 +- .../providers/aws/resources/awslambda/base.py | 2 +- .../aws/resources/awslambda/functions.py | 2 +- .../aws/resources/cloudformation/base.py | 2 +- .../aws/resources/cloudformation/stacks.py | 2 +- .../aws/resources/cloudtrail/base.py | 2 +- .../aws/resources/cloudtrail/trails.py | 8 +++---- .../aws/resources/cloudwatch/alarms.py | 2 +- .../aws/resources/cloudwatch/base.py | 2 +- .../providers/aws/resources/config/base.py | 2 +- .../aws/resources/config/recorders.py | 2 +- .../providers/aws/resources/config/rules.py | 2 +- .../aws/resources/directconnect/base.py | 2 +- .../resources/directconnect/connections.py | 2 +- ScoutSuite/providers/aws/resources/ec2/ami.py | 2 +- .../providers/aws/resources/ec2/base.py | 4 ++-- .../providers/aws/resources/ec2/instances.py | 2 +- .../aws/resources/ec2/networkinterfaces.py | 2 +- .../aws/resources/ec2/securitygroups.py | 4 ++-- .../providers/aws/resources/ec2/snapshots.py | 2 +- .../providers/aws/resources/ec2/volumes.py | 2 +- .../providers/aws/resources/efs/base.py | 2 +- .../aws/resources/efs/filesystems.py | 2 +- .../aws/resources/elasticache/base.py | 4 ++-- .../aws/resources/elasticache/cluster.py | 2 +- .../resources/elasticache/parametergroups.py | 2 +- .../resources/elasticache/securitygroups.py | 2 +- .../aws/resources/elasticache/subnetgroups.py | 2 +- .../providers/aws/resources/elb/base.py | 2 +- .../aws/resources/elb/load_balancers.py | 2 +- .../providers/aws/resources/elb/policies.py | 2 +- .../providers/aws/resources/elbv2/base.py | 2 +- .../aws/resources/elbv2/listeners.py | 2 +- .../aws/resources/elbv2/load_balancers.py | 2 +- .../providers/aws/resources/emr/base.py | 4 ++-- .../providers/aws/resources/emr/clusters.py | 2 +- .../providers/aws/resources/emr/vpcs.py | 2 +- .../providers/aws/resources/iam/base.py | 2 +- .../providers/aws/resources/kms/base.py | 2 +- .../providers/aws/resources/kms/grants.py | 2 +- .../providers/aws/resources/kms/keys.py | 2 +- .../providers/aws/resources/rds/base.py | 4 ++-- .../providers/aws/resources/rds/instances.py | 2 +- .../aws/resources/rds/parametergroups.py | 2 +- .../aws/resources/rds/securitygroups.py | 2 +- .../providers/aws/resources/rds/snapshots.py | 2 +- .../aws/resources/rds/subnetgroups.py | 2 +- .../providers/aws/resources/redshift/base.py | 2 +- .../redshift/cluster_parameter_groups.py | 2 +- .../resources/redshift/cluster_parameters.py | 2 +- .../redshift/cluster_security_groups.py | 2 +- .../aws/resources/redshift/clusters.py | 2 +- ScoutSuite/providers/aws/resources/regions.py | 2 +- .../providers/aws/resources/route53/base.py | 2 +- .../aws/resources/route53/domains.py | 2 +- .../aws/resources/route53/hosted_zones.py | 2 +- ScoutSuite/providers/aws/resources/s3/base.py | 2 +- .../aws/resources/secretsmanager/base.py | 2 +- .../aws/resources/secretsmanager/secrets.py | 2 +- .../providers/aws/resources/ses/base.py | 2 +- .../providers/aws/resources/ses/identities.py | 2 +- .../aws/resources/ses/identity_policies.py | 2 +- .../providers/aws/resources/sns/base.py | 2 +- .../aws/resources/sns/subscriptions.py | 2 +- .../providers/aws/resources/sns/topics.py | 2 +- .../providers/aws/resources/sqs/base.py | 2 +- .../providers/aws/resources/sqs/queues.py | 2 +- .../providers/aws/resources/vpc/base.py | 4 ++-- .../providers/aws/resources/vpc/flow_logs.py | 2 +- .../aws/resources/vpc/network_acls.py | 2 +- .../providers/aws/resources/vpc/subnets.py | 2 +- ScoutSuite/providers/aws/resources/vpcs.py | 2 +- ScoutSuite/providers/aws/services.py | 2 +- ScoutSuite/providers/azure/provider.py | 4 ++-- .../azure/resources/appservice/web_apps.py | 2 +- .../azure/resources/keyvault/vaults.py | 2 +- .../network/application_security_groups.py | 2 +- .../resources/network/network_interfaces.py | 2 +- .../resources/network/security_groups.py | 2 +- .../resources/network/virtual_networks.py | 2 +- .../azure/resources/network/watchers.py | 2 +- .../azure/resources/rbac/role_assignments.py | 2 +- .../providers/azure/resources/rbac/roles.py | 2 +- .../azure/resources/securitycenter/alerts.py | 2 +- .../auto_provisioning_settings.py | 2 +- .../securitycenter/compliance_results.py | 2 +- .../information_protection_policies.py | 2 +- .../resources/securitycenter/pricings.py | 2 +- .../regulatory_compliance_results.py | 2 +- .../securitycenter/security_contacts.py | 2 +- .../resources/securitycenter/settings.py | 2 +- .../database_blob_auditing_policies.py | 2 +- .../database_threat_detection_policies.py | 2 +- .../azure/resources/sqldatabase/databases.py | 2 +- .../sqldatabase/replication_links.py | 2 +- .../server_azure_ad_administrators.py | 2 +- .../server_blob_auditing_policies.py | 2 +- .../server_security_alert_policies.py | 2 +- .../azure/resources/sqldatabase/servers.py | 2 +- .../transparent_data_encryptions.py | 2 +- .../storageaccounts/blob_containers.py | 2 +- .../azure/resources/storageaccounts/queues.py | 2 +- .../storageaccounts/storage_accounts.py | 2 +- .../azure/resources/virtualmachines/disks.py | 2 +- .../azure/resources/virtualmachines/images.py | 2 +- .../resources/virtualmachines/instances.py | 2 +- .../resources/virtualmachines/snapshots.py | 2 +- ScoutSuite/providers/azure/services.py | 4 ++-- ScoutSuite/providers/base/provider.py | 7 ++---- ScoutSuite/providers/base/resources/base.py | 4 ++-- ScoutSuite/providers/base/services.py | 2 +- ScoutSuite/providers/gcp/facade/base.py | 6 ++--- .../gcp/facade/cloudresourcemanager.py | 2 +- ScoutSuite/providers/gcp/facade/cloudsql.py | 2 +- ScoutSuite/providers/gcp/facade/gce.py | 4 ++-- ScoutSuite/providers/gcp/facade/iam.py | 2 +- ScoutSuite/providers/gcp/facade/kms.py | 2 +- ScoutSuite/providers/gcp/provider.py | 4 ++-- .../gcp/resources/cloudsql/backups.py | 2 +- .../resources/cloudsql/database_instances.py | 2 +- .../providers/gcp/resources/cloudsql/users.py | 2 +- .../gcp/resources/cloudstorage/buckets.py | 2 +- .../providers/gcp/resources/gce/firewalls.py | 2 +- .../gcp/resources/gce/instance_disks.py | 2 +- .../providers/gcp/resources/gce/networks.py | 2 +- .../providers/gcp/resources/gce/snapshots.py | 2 +- .../gcp/resources/gce/subnetworks.py | 4 ++-- .../providers/gcp/resources/iam/groups.py | 2 +- .../providers/gcp/resources/iam/keys.py | 2 +- .../gcp/resources/iam/member_bindings.py | 2 +- .../resources/iam/service_account_bindings.py | 2 +- .../gcp/resources/iam/service_accounts.py | 4 ++-- .../providers/gcp/resources/iam/users.py | 2 +- .../providers/gcp/resources/kms/keyrings.py | 2 +- .../providers/gcp/resources/kms/keys.py | 2 +- ScoutSuite/providers/gcp/resources/regions.py | 2 +- .../resources/stackdriverlogging/metrics.py | 2 +- .../gcp/resources/stackdriverlogging/sinks.py | 2 +- .../stackdrivermonitoring/alert_policies.py | 2 +- .../stackdrivermonitoring/uptime_checks.py | 2 +- ScoutSuite/providers/gcp/resources/zones.py | 2 +- ScoutSuite/providers/gcp/services.py | 2 +- ScoutSuite/providers/oci/provider.py | 4 ++-- .../oci/resources/identity/api_keys.py | 2 +- .../identity/authentication_policy.py | 2 +- .../providers/oci/resources/identity/base.py | 2 +- .../oci/resources/identity/groups.py | 2 +- .../oci/resources/identity/policies.py | 2 +- .../providers/oci/resources/kms/base.py | 2 +- .../providers/oci/resources/kms/keys.py | 2 +- .../providers/oci/resources/kms/keyvaults.py | 2 +- .../oci/resources/objectstorage/base.py | 2 +- .../oci/resources/objectstorage/buckets.py | 2 +- ScoutSuite/providers/oci/services.py | 2 +- ScoutSuite/utils.py | 2 -- 192 files changed, 242 insertions(+), 257 deletions(-) diff --git a/ScoutSuite/core/console.py b/ScoutSuite/core/console.py index 9c05a1a1a..344948eba 100755 --- a/ScoutSuite/core/console.py +++ b/ScoutSuite/core/console.py @@ -4,7 +4,6 @@ import traceback import coloredlogs -from six.moves import input from ScoutSuite import ERRORS_LIST diff --git a/ScoutSuite/core/exceptions.py b/ScoutSuite/core/exceptions.py index 783974828..ee23d4400 100755 --- a/ScoutSuite/core/exceptions.py +++ b/ScoutSuite/core/exceptions.py @@ -3,7 +3,7 @@ from ScoutSuite.output.result_encoder import JavaScriptEncoder -class RuleExceptions(object): +class RuleExceptions: """ Exceptions handling """ diff --git a/ScoutSuite/core/fs.py b/ScoutSuite/core/fs.py index 3f46cd52e..0cd8451e5 100755 --- a/ScoutSuite/core/fs.py +++ b/ScoutSuite/core/fs.py @@ -1,5 +1,3 @@ -from __future__ import print_function - import datetime import json import os diff --git a/ScoutSuite/core/processingengine.py b/ScoutSuite/core/processingengine.py index 3c86389e3..d2f7bd4af 100755 --- a/ScoutSuite/core/processingengine.py +++ b/ScoutSuite/core/processingengine.py @@ -4,7 +4,7 @@ from ScoutSuite.core.utils import recurse -class ProcessingEngine(object): +class ProcessingEngine: """ """ @@ -21,7 +21,7 @@ def __init__(self, ruleset): manage_dictionary(self.rules, rule.path, []) self.rules[rule.path].append(rule) except Exception as e: - print_exception('Failed to create rule %s: %s' % (rule.filename, e)) + print_exception('Failed to create rule {}: {}'.format(rule.filename, e)) def run(self, cloud_provider, skip_dashboard=False): # Clean up existing findings @@ -35,7 +35,7 @@ def run(self, cloud_provider, skip_dashboard=False): if not rule.enabled: # or rule.service not in []: # TODO: handle this... continue - print_debug('Processing %s rule "%s" (%s)' % (rule.service, rule.description, rule.filename)) + print_debug('Processing {} rule "{}" ({})'.format(rule.service, rule.description, rule.filename)) finding_path = rule.path path = finding_path.split('.') service = path[0] @@ -68,7 +68,7 @@ def run(self, cloud_provider, skip_dashboard=False): cloud_provider.services[service][self.ruleset.rule_type][rule.key]['references'] = \ rule.references if hasattr(rule, 'references') else None except Exception as e: - print_exception('Failed to process rule defined in %s: %s' % (rule.filename, e)) + print_exception('Failed to process rule defined in {}: {}'.format(rule.filename, e)) # Fallback if process rule failed to ensure report creation and data dump still happen cloud_provider.services[service][self.ruleset.rule_type][rule.key]['checked_items'] = 0 cloud_provider.services[service][self.ruleset.rule_type][rule.key]['flagged_items'] = 0 diff --git a/ScoutSuite/core/rule.py b/ScoutSuite/core/rule.py index 1c9199cd0..0f2bec78d 100755 --- a/ScoutSuite/core/rule.py +++ b/ScoutSuite/core/rule.py @@ -29,7 +29,7 @@ ] -class Rule(object): +class Rule: def to_string(self): return str(vars(self)) @@ -71,8 +71,8 @@ def set_definition(self, rule_definitions, attributes=None, ip_ranges=None, para if condition[0].startswith('_INCLUDE_('): include = re.findall(r'_INCLUDE_\((.*?)\)', condition[0])[0] # new_conditions = load_data(include, key_name = 'conditions') - rules_path = '%s/%s' % (self.data_path, include) - with open(rules_path, 'rt') as f: + rules_path = '{}/{}'.format(self.data_path, include) + with open(rules_path) as f: new_conditions = f.read() for (i, value) in enumerate(condition[1]): new_conditions = re.sub(condition[1][i], condition[2][i], new_conditions) @@ -139,6 +139,6 @@ def set_definition(self, rule_definitions, attributes=None, ip_ranges=None, para setattr(self, 'key', self.filename) setattr(self, 'key', self.key.replace('.json', '')) if self.key_suffix: - setattr(self, 'key', '%s-%s' % (self.key, self.key_suffix)) + setattr(self, 'key', '{}-{}'.format(self.key, self.key_suffix)) except Exception as e: - print_exception('Failed to set definition %s: %s' % (self.filename, e)) + print_exception('Failed to set definition {}: {}'.format(self.filename, e)) diff --git a/ScoutSuite/core/rule_definition.py b/ScoutSuite/core/rule_definition.py index f4a19b2bc..2a849aca5 100755 --- a/ScoutSuite/core/rule_definition.py +++ b/ScoutSuite/core/rule_definition.py @@ -4,7 +4,7 @@ from ScoutSuite.core.console import print_error, print_exception -class RuleDefinition(object): +class RuleDefinition: def __init__(self, data_path, file_name=None, rule_dirs=None, string_definition=None): rule_dirs = [] if rule_dirs is None else rule_dirs @@ -28,7 +28,7 @@ def __str__(self): value = '-' * 80 + '\n' + ' ' * padding + ' %s' % getattr(self, 'description') + '\n' + '-' * 80 + '\n' quiet_list = ['descriptions', 'rule_dirs', 'rule_types', 'rules_data_path', 'string_definition'] value += '\n'.join( - '%s: %s' % (attr, str(getattr(self, attr))) for attr in vars(self) if attr not in quiet_list) + '{}: {}'.format(attr, str(getattr(self, attr))) for attr in vars(self) if attr not in quiet_list) value += '\n' return value @@ -46,7 +46,7 @@ def load(self): try: file_path = os.path.join(rule_dir, self.file_name) if rule_dir else self.file_name except Exception as e: - print_exception('Failed to load file %s: %s' % (self.file_name, str(e))) + print_exception('Failed to load file {}: {}'.format(self.file_name, str(e))) if os.path.isfile(file_path): self.file_path = file_path file_name_valid = True @@ -72,11 +72,11 @@ def load(self): print_error('Error: could not find %s' % self.file_name) else: try: - with open(self.file_path, 'rt') as f: + with open(self.file_path) as f: self.string_definition = f.read() self.load_from_string_definition() except Exception as e: - print_exception('Failed to load rule defined in %s: %s' % (self.file_name, str(e))) + print_exception('Failed to load rule defined in {}: {}'.format(self.file_name, str(e))) def load_from_string_definition(self): try: @@ -84,4 +84,4 @@ def load_from_string_definition(self): for attr in definition: setattr(self, attr, definition[attr]) except Exception as e: - print_exception('Failed to load string definition %s: %s' % (self.string_definition, str(e))) + print_exception('Failed to load string definition {}: {}'.format(self.string_definition, str(e))) diff --git a/ScoutSuite/core/ruleset.py b/ScoutSuite/core/ruleset.py index ef6ea7f80..1069e1d3a 100755 --- a/ScoutSuite/core/ruleset.py +++ b/ScoutSuite/core/ruleset.py @@ -73,7 +73,7 @@ def load(self, rule_type, quiet=False): """ if self.filename and os.path.exists(self.filename): try: - with open(self.filename, 'rt') as f: + with open(self.filename) as f: ruleset = json.load(f) self.about = ruleset['about'] if 'about' in ruleset else '' self.rules = {} @@ -82,7 +82,7 @@ def load(self, rule_type, quiet=False): for rule in ruleset['rules'][filename]: self.handle_rule_versions(filename, rule_type, rule) except Exception as e: - print_exception('Ruleset file %s contains malformed JSON: %s' % (self.filename, e)) + print_exception('Ruleset file {} contains malformed JSON: {}'.format(self.filename, e)) self.rules = [] self.about = '' else: @@ -193,7 +193,7 @@ def find_file(self, filename, filetype='rulesets'): if filename and not os.path.isfile(filename): # Not a valid relative / absolute path, check Scout's data under findings/ or filters/ if not filename.startswith('findings/') and not filename.startswith('filters/'): - filename = '%s/%s' % (filetype, filename) + filename = '{}/{}'.format(filetype, filename) if not os.path.isfile(filename): filename = os.path.join(self.rules_data_path, filename) if not os.path.isfile(filename) and not filename.endswith('.json'): diff --git a/ScoutSuite/core/server.py b/ScoutSuite/core/server.py index 13d342777..e127591e9 100755 --- a/ScoutSuite/core/server.py +++ b/ScoutSuite/core/server.py @@ -7,7 +7,7 @@ count_re = re.compile(r".*_count$") -class Server(object): +class Server: """ Boots a server that serves the result of the report for the user. This is still a proof of concept, but will eventually be used to serve data when it exceeds 400mb. diff --git a/ScoutSuite/core/utils.py b/ScoutSuite/core/utils.py index 83fb02465..f639d4edb 100755 --- a/ScoutSuite/core/utils.py +++ b/ScoutSuite/core/utils.py @@ -74,7 +74,7 @@ def recurse(all_info, current_info, target_path, current_path, config, add_suffi results = results + recurse(all_info, split_current_info, copy.deepcopy(target_path), split_current_path, config, add_suffix) # Python 2-3 compatible way to check for string type - elif isinstance(current_info, string_types): + elif isinstance(current_info, str): split_current_path = copy.deepcopy(current_path) results = results + recurse(all_info, current_info, [], split_current_path, config, add_suffix) diff --git a/ScoutSuite/output/html.py b/ScoutSuite/output/html.py index 8d312cd05..4650da35d 100755 --- a/ScoutSuite/output/html.py +++ b/ScoutSuite/output/html.py @@ -1,5 +1,3 @@ -from __future__ import print_function - import datetime import os import shutil @@ -15,7 +13,7 @@ from ScoutSuite.output.utils import get_filename, prompt_for_overwrite -class HTMLReport(object): +class HTMLReport: """ Base HTML report """ @@ -46,10 +44,10 @@ def get_content_from_folder(self, templates_type): os.path.isfile(os.path.join(template_dir, f))] for filename in template_files: try: - with open('%s' % filename, 'rt') as f: + with open('%s' % filename) as f: contents = contents + f.read() except Exception as e: - print_exception('Error reading filename %s: %s' % (filename, e)) + print_exception('Error reading filename {}: {}'.format(filename, e)) return contents def get_content_from_file(self, filename): @@ -57,10 +55,10 @@ def get_content_from_file(self, filename): template_dir = os.path.join(self.html_data_path, 'conditionals') filename = template_dir + filename try: - with open('%s' % filename, 'rt') as f: + with open('%s' % filename) as f: contents = contents + f.read() except Exception as e: - print_exception('Error reading filename %s: %s' % (filename, e)) + print_exception('Error reading filename {}: {}'.format(filename, e)) return contents def prepare_html_report_dir(self): @@ -93,7 +91,7 @@ def __init__(self, provider, report_name=None, report_dir=None, timestamp=False, self.provider = provider self.result_format = result_format - super(ScoutReport, self).__init__(report_name, report_dir, timestamp, exceptions, result_format) + super().__init__(report_name, report_dir, timestamp, exceptions, result_format) def save(self, config, exceptions, force_write=False, debug=False): self.prepare_html_report_dir() diff --git a/ScoutSuite/output/result_encoder.py b/ScoutSuite/output/result_encoder.py index dcf676a4a..15e6f309d 100755 --- a/ScoutSuite/output/result_encoder.py +++ b/ScoutSuite/output/result_encoder.py @@ -1,5 +1,3 @@ -from __future__ import print_function - import datetime import json import os @@ -36,7 +34,7 @@ def default(self, o): return str(o) -class ScoutResultEncoder(object): +class ScoutResultEncoder: def __init__(self, report_name=None, report_dir=None, timestamp=None): self.report_name = report_name if self.report_name: @@ -99,7 +97,7 @@ class JavaScriptEncoder(ScoutResultEncoder): def load_from_file(self, file_type, file_path=None, first_line=None): if not file_path: file_path, first_line = get_filename(file_type, self.report_name, self.report_dir) - with open(file_path, 'rt') as f: + with open(file_path) as f: json_payload = f.readlines() if first_line: json_payload.pop(0) diff --git a/ScoutSuite/output/utils.py b/ScoutSuite/output/utils.py index c139cc250..fead8ed57 100755 --- a/ScoutSuite/output/utils.py +++ b/ScoutSuite/output/utils.py @@ -1,9 +1,6 @@ -from __future__ import print_function - import os import sys -from six.moves import input from ScoutSuite import DEFAULT_REPORT_DIRECTORY, DEFAULT_REPORT_RESULTS_DIRECTORY from ScoutSuite.core.console import print_error diff --git a/ScoutSuite/providers/aliyun/provider.py b/ScoutSuite/providers/aliyun/provider.py index f95d3e147..29bdc9769 100755 --- a/ScoutSuite/providers/aliyun/provider.py +++ b/ScoutSuite/providers/aliyun/provider.py @@ -26,7 +26,7 @@ def __init__(self, self.credentials = kwargs['credentials'] self.account_id = self.credentials.caller_details['AccountId'] - super(AliyunProvider, self).__init__(report_dir, timestamp, services, skipped_services) + super().__init__(report_dir, timestamp, services, skipped_services) def get_report_name(self): """ @@ -39,5 +39,5 @@ def get_report_name(self): def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): - super(AliyunProvider, self).preprocessing() + super().preprocessing() diff --git a/ScoutSuite/providers/aliyun/resources/ecs/base.py b/ScoutSuite/providers/aliyun/resources/ecs/base.py index 4a3ac626c..e9c78639d 100755 --- a/ScoutSuite/providers/aliyun/resources/ecs/base.py +++ b/ScoutSuite/providers/aliyun/resources/ecs/base.py @@ -9,4 +9,4 @@ class ECS(Regions): ] def __init__(self, facade: AliyunFacade): - super(ECS, self).__init__('ecs', facade) + super().__init__('ecs', facade) diff --git a/ScoutSuite/providers/aliyun/resources/ecs/instances.py b/ScoutSuite/providers/aliyun/resources/ecs/instances.py index c82927932..a07048102 100755 --- a/ScoutSuite/providers/aliyun/resources/ecs/instances.py +++ b/ScoutSuite/providers/aliyun/resources/ecs/instances.py @@ -4,7 +4,7 @@ class Instances(AliyunResources): def __init__(self, facade: AliyunFacade, region: str): - super(Instances, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aliyun/resources/kms/base.py b/ScoutSuite/providers/aliyun/resources/kms/base.py index 38329b6e0..b1cf6292e 100755 --- a/ScoutSuite/providers/aliyun/resources/kms/base.py +++ b/ScoutSuite/providers/aliyun/resources/kms/base.py @@ -9,4 +9,4 @@ class KMS(Regions): ] def __init__(self, facade: AliyunFacade): - super(KMS, self).__init__('kms', facade) + super().__init__('kms', facade) diff --git a/ScoutSuite/providers/aliyun/resources/kms/keys.py b/ScoutSuite/providers/aliyun/resources/kms/keys.py index e430fe95f..4cdaf409b 100755 --- a/ScoutSuite/providers/aliyun/resources/kms/keys.py +++ b/ScoutSuite/providers/aliyun/resources/kms/keys.py @@ -4,7 +4,7 @@ class Keys(AliyunResources): def __init__(self, facade: AliyunFacade, region: str): - super(Keys, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aliyun/resources/ram/api_keys.py b/ScoutSuite/providers/aliyun/resources/ram/api_keys.py index 75336e743..7f0f70759 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/api_keys.py +++ b/ScoutSuite/providers/aliyun/resources/ram/api_keys.py @@ -4,7 +4,7 @@ class ApiKeys(AliyunResources): def __init__(self, facade: AliyunFacade, user): - super(ApiKeys, self).__init__(facade) + super().__init__(facade) self.user = user async def fetch_all(self): diff --git a/ScoutSuite/providers/aliyun/resources/ram/base.py b/ScoutSuite/providers/aliyun/resources/ram/base.py index ac48b169e..d258f3a36 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/base.py +++ b/ScoutSuite/providers/aliyun/resources/ram/base.py @@ -19,7 +19,7 @@ class RAM(AliyunCompositeResources): ] def __init__(self, facade: AliyunFacade): - super(RAM, self).__init__(facade) + super().__init__(facade) self.service = 'ram' async def fetch_all(self, **kwargs): diff --git a/ScoutSuite/providers/aliyun/resources/ram/groups.py b/ScoutSuite/providers/aliyun/resources/ram/groups.py index 00b2aed3a..c203ba870 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/groups.py +++ b/ScoutSuite/providers/aliyun/resources/ram/groups.py @@ -4,7 +4,7 @@ class Groups(AliyunResources): def __init__(self, facade: AliyunFacade): - super(Groups, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): for raw_group in await self.facade.ram.get_groups(): diff --git a/ScoutSuite/providers/aliyun/resources/ram/password_policy.py b/ScoutSuite/providers/aliyun/resources/ram/password_policy.py index d36923c0e..cc2ee3f88 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/password_policy.py +++ b/ScoutSuite/providers/aliyun/resources/ram/password_policy.py @@ -4,7 +4,7 @@ class PasswordPolicy(AliyunResources): def __init__(self, facade: AliyunFacade): - super(PasswordPolicy, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_password_policy = await self.facade.ram.get_password_policy() diff --git a/ScoutSuite/providers/aliyun/resources/ram/policies.py b/ScoutSuite/providers/aliyun/resources/ram/policies.py index c6923210f..c92e510f0 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/policies.py +++ b/ScoutSuite/providers/aliyun/resources/ram/policies.py @@ -5,7 +5,7 @@ class Policies(AliyunResources): def __init__(self, facade: AliyunFacade): - super(Policies, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): for raw_policy in await self.facade.ram.get_policies(): diff --git a/ScoutSuite/providers/aliyun/resources/ram/roles.py b/ScoutSuite/providers/aliyun/resources/ram/roles.py index cd718ee83..efc7c3d1f 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/roles.py +++ b/ScoutSuite/providers/aliyun/resources/ram/roles.py @@ -4,7 +4,7 @@ class Roles(AliyunResources): def __init__(self, facade: AliyunFacade): - super(Roles, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): for raw_role in await self.facade.ram.get_roles(): diff --git a/ScoutSuite/providers/aliyun/resources/ram/security_policy.py b/ScoutSuite/providers/aliyun/resources/ram/security_policy.py index e839484d2..b4392864c 100755 --- a/ScoutSuite/providers/aliyun/resources/ram/security_policy.py +++ b/ScoutSuite/providers/aliyun/resources/ram/security_policy.py @@ -4,7 +4,7 @@ class SecurityPolicy(AliyunResources): def __init__(self, facade: AliyunFacade): - super(SecurityPolicy, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_security_policy = await self.facade.ram.get_security_policy() diff --git a/ScoutSuite/providers/aliyun/resources/rds/base.py b/ScoutSuite/providers/aliyun/resources/rds/base.py index e815b562a..de201acb8 100755 --- a/ScoutSuite/providers/aliyun/resources/rds/base.py +++ b/ScoutSuite/providers/aliyun/resources/rds/base.py @@ -9,5 +9,5 @@ class RDS(Regions): ] def __init__(self, facade: AliyunFacade): - super(RDS, self).__init__('rds', facade) + super().__init__('rds', facade) diff --git a/ScoutSuite/providers/aliyun/resources/rds/instances.py b/ScoutSuite/providers/aliyun/resources/rds/instances.py index 03fce666a..9e0e905a0 100755 --- a/ScoutSuite/providers/aliyun/resources/rds/instances.py +++ b/ScoutSuite/providers/aliyun/resources/rds/instances.py @@ -4,7 +4,7 @@ class Instances(AliyunResources): def __init__(self, facade: AliyunFacade, region: str): - super(Instances, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aliyun/resources/regions.py b/ScoutSuite/providers/aliyun/resources/regions.py index 8d995d86c..f7fbd5e9b 100755 --- a/ScoutSuite/providers/aliyun/resources/regions.py +++ b/ScoutSuite/providers/aliyun/resources/regions.py @@ -6,7 +6,7 @@ class Regions(AliyunCompositeResources, metaclass=abc.ABCMeta): def __init__(self, service: str, facade: AliyunFacade): - super(Regions, self).__init__(facade) + super().__init__(facade) self.service = service async def fetch_all(self, regions=None): diff --git a/ScoutSuite/providers/aliyun/resources/vpc/base.py b/ScoutSuite/providers/aliyun/resources/vpc/base.py index 7f876d613..11cb86ca0 100755 --- a/ScoutSuite/providers/aliyun/resources/vpc/base.py +++ b/ScoutSuite/providers/aliyun/resources/vpc/base.py @@ -9,4 +9,4 @@ class VPC(Regions): ] def __init__(self, facade: AliyunFacade): - super(VPC, self).__init__('vpc', facade) + super().__init__('vpc', facade) diff --git a/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py b/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py index 9c4bb7139..14dd0e116 100755 --- a/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py +++ b/ScoutSuite/providers/aliyun/resources/vpc/vpcs.py @@ -4,7 +4,7 @@ class VPCs(AliyunResources): def __init__(self, facade: AliyunFacade, region: str): - super(VPCs, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aliyun/services.py b/ScoutSuite/providers/aliyun/services.py index 6ee1cfdd7..633125505 100755 --- a/ScoutSuite/providers/aliyun/services.py +++ b/ScoutSuite/providers/aliyun/services.py @@ -12,7 +12,7 @@ class AliyunServicesConfig(BaseServicesConfig): def __init__(self, credentials, **kwargs): - super(AliyunServicesConfig, self).__init__(credentials) + super().__init__(credentials) facade = AliyunFacade(credentials) diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index a2e25f743..375f70b2e 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -58,7 +58,7 @@ class AWSFacade(AWSBaseFacade): def __init__(self, credentials=None): - super(AWSFacade, self).__init__() + super().__init__() self.owner_id = get_aws_account_id(credentials.session) self.session = credentials.session self._instantiate_facades() diff --git a/ScoutSuite/providers/aws/facade/basefacade.py b/ScoutSuite/providers/aws/facade/basefacade.py index e168ffef1..7429669b6 100755 --- a/ScoutSuite/providers/aws/facade/basefacade.py +++ b/ScoutSuite/providers/aws/facade/basefacade.py @@ -1,6 +1,6 @@ import boto3 -class AWSBaseFacade(object): +class AWSBaseFacade: def __init__(self, session: boto3.session.Session = None): self.session = session diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 27af07f7e..c316c8d21 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -17,7 +17,7 @@ class EC2Facade(AWSBaseFacade): def __init__(self, session: boto3.session.Session, owner_id: str): self.owner_id = owner_id - super(EC2Facade, self).__init__(session) + super().__init__(session) async def get_instance_user_data(self, region: str, instance_id: str): ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region) diff --git a/ScoutSuite/providers/aws/facade/rds.py b/ScoutSuite/providers/aws/facade/rds.py index bf98bf005..e6b1e4b56 100755 --- a/ScoutSuite/providers/aws/facade/rds.py +++ b/ScoutSuite/providers/aws/facade/rds.py @@ -53,9 +53,9 @@ async def _get_and_set_instance_tags(self, instance: {}, region: str): instance['Tags'] = {x['Key']: x['Value'] for x in instance_tagset['TagList']} except ClientError as e: if e.response['Error']['Code'] != 'NoSuchTagSet': - print_exception('Failed to get db instance tags for %s: %s' % (instance['DBInstanceIdentifier'], e)) + print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) except Exception as e: - print_exception('Failed to get db instance tags for %s: %s' % (instance['DBInstanceIdentifier'], e)) + print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) instance['Tags'] = {} async def _get_and_set_instance_clusters(self, instance: {}, region: str): @@ -170,7 +170,7 @@ async def _get_and_set_db_parameters(self, parameter_group: {}, region: str): parameter_name = parameter.pop('ParameterName') parameter_group['Parameters'][parameter_name] = parameter except Exception as e: - print_exception('Failed fetching DB parameters for %s: %s' % (name, e)) + print_exception('Failed fetching DB parameters for {}: {}'.format(name, e)) async def get_security_groups(self, region: str) : try: diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 6af1e674e..8ae342427 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -81,7 +81,7 @@ async def _get_and_set_s3_bucket_logging(self, bucket: {}): try: logging = await run_concurrently(lambda: client.get_bucket_logging(Bucket=bucket['Name'])) except Exception as e: - print_exception('Failed to get logging configuration for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) bucket['logging'] = 'Unknown' else: if 'LoggingEnabled' in logging: @@ -97,7 +97,7 @@ async def _get_and_set_s3_bucket_versioning(self, bucket: {}): bucket['versioning_status_enabled'] = self._status_to_bool(versioning.get('Status')) bucket['version_mfa_delete_enabled'] = self._status_to_bool(versioning.get('MFADelete')) except Exception as e: - print_exception('Failed to get versioning configuration for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) bucket['versioning_status_enabled'] = None bucket['version_mfa_delete_enabled'] = None @@ -110,7 +110,7 @@ async def _get_and_set_s3_bucket_webhosting(self, bucket: {}): if "NoSuchWebsiteConfiguration" in str(e): bucket['web_hosting_enabled'] = False else: - print_exception('Failed to get web hosting configuration for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e)) async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): bucket_name = bucket['Name'] @@ -123,9 +123,9 @@ async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): bucket['default_encryption_enabled'] = False else: bucket['default_encryption_enabled'] = None - print_exception('Failed to get encryption configuration for %s: %s' % (bucket_name, e)) + print_exception('Failed to get encryption configuration for {}: {}'.format(bucket_name, e)) except Exception as e: - print_exception('Failed to get encryption configuration for %s: %s' % (bucket_name, e)) + print_exception('Failed to get encryption configuration for {}: {}'.format(bucket_name, e)) bucket['default_encryption'] = 'Unknown' async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): @@ -156,7 +156,7 @@ async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): self._set_s3_permissions(grantees[grantee]['permissions'], permission) bucket['grantees'] = grantees except Exception as e: - print_exception('Failed to get ACL configuration for %s: %s' % (bucket_name, e)) + print_exception('Failed to get ACL configuration for {}: {}'.format(bucket_name, e)) bucket['grantees'] = {} async def _get_and_set_s3_bucket_policy(self, bucket: {}): @@ -166,9 +166,9 @@ async def _get_and_set_s3_bucket_policy(self, bucket: {}): bucket['policy'] = json.loads(bucket_policy['Policy']) except ClientError as e: if e.response['Error']['Code'] != 'NoSuchBucketPolicy': - print_exception('Failed to get bucket policy for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) except Exception as e: - print_exception('Failed to get bucket policy for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) bucket['grantees'] = {} async def _get_and_set_s3_bucket_tags(self, bucket: {}): @@ -178,9 +178,9 @@ async def _get_and_set_s3_bucket_tags(self, bucket: {}): bucket['tags'] = {x['Key']: x['Value'] for x in bucket_tagset['TagSet']} except ClientError as e: if e.response['Error']['Code'] != 'NoSuchTagSet': - print_exception('Failed to get bucket tags for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) except Exception as e: - print_exception('Failed to get bucket tags for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) bucket['tags'] = {} def _set_s3_bucket_secure_transport(self, bucket: {}): @@ -201,7 +201,7 @@ def _set_s3_bucket_secure_transport(self, bucket: {}): else: bucket['secure_transport_enabled'] = False except Exception as e: - print_exception('Failed to evaluate bucket policy for %s: %s' % (bucket['Name'], e)) + print_exception('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e)) bucket['secure_transport'] = None @staticmethod diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 7a6b1780c..24904b223 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -40,7 +40,7 @@ def __init__(self, profile='default', report_dir=None, timestamp=None, services= self.account_id = get_aws_account_id(self.credentials.session) - super(AWSProvider, self).__init__(report_dir, timestamp, + super().__init__(report_dir, timestamp, services, skipped_services, result_format) def get_report_name(self): @@ -95,7 +95,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): self._add_cidr_display_name(ip_ranges, ip_ranges_name_key) - super(AWSProvider, self).preprocessing() + super().preprocessing() def _add_cidr_display_name(self, ip_ranges, ip_ranges_name_key): if len(ip_ranges): diff --git a/ScoutSuite/providers/aws/resources/acm/base.py b/ScoutSuite/providers/aws/resources/acm/base.py index bfbe91e3b..9033ff731 100755 --- a/ScoutSuite/providers/aws/resources/acm/base.py +++ b/ScoutSuite/providers/aws/resources/acm/base.py @@ -10,4 +10,4 @@ class Certificates(Regions): ] def __init__(self, facade: AWSFacade): - super(Certificates, self).__init__('acm', facade) + super().__init__('acm', facade) diff --git a/ScoutSuite/providers/aws/resources/acm/certificates.py b/ScoutSuite/providers/aws/resources/acm/certificates.py index 920b076d6..77532c1a2 100755 --- a/ScoutSuite/providers/aws/resources/acm/certificates.py +++ b/ScoutSuite/providers/aws/resources/acm/certificates.py @@ -6,7 +6,7 @@ class Certificates(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Certificates, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/awslambda/base.py b/ScoutSuite/providers/aws/resources/awslambda/base.py index 9516f5772..8883439c1 100755 --- a/ScoutSuite/providers/aws/resources/awslambda/base.py +++ b/ScoutSuite/providers/aws/resources/awslambda/base.py @@ -10,4 +10,4 @@ class Lambdas(Regions): ] def __init__(self, facade: AWSFacade): - super(Lambdas, self).__init__('lambda', facade) + super().__init__('lambda', facade) diff --git a/ScoutSuite/providers/aws/resources/awslambda/functions.py b/ScoutSuite/providers/aws/resources/awslambda/functions.py index 04a0ee7a6..6d5404480 100755 --- a/ScoutSuite/providers/aws/resources/awslambda/functions.py +++ b/ScoutSuite/providers/aws/resources/awslambda/functions.py @@ -4,7 +4,7 @@ class Functions(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Functions, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/cloudformation/base.py b/ScoutSuite/providers/aws/resources/cloudformation/base.py index 621af14fb..1cdc7027a 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/base.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/base.py @@ -9,4 +9,4 @@ class CloudFormation(Regions): ] def __init__(self, facade: AWSFacade): - super(CloudFormation, self).__init__('cloudformation', facade) + super().__init__('cloudformation', facade) diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index dc81df735..6fa5b9a20 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -6,7 +6,7 @@ class Stacks(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Stacks, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/base.py b/ScoutSuite/providers/aws/resources/cloudtrail/base.py index 766a83223..bcd1fc881 100755 --- a/ScoutSuite/providers/aws/resources/cloudtrail/base.py +++ b/ScoutSuite/providers/aws/resources/cloudtrail/base.py @@ -10,7 +10,7 @@ class CloudTrail(Regions): ] def __init__(self, facade: AWSFacade): - super(CloudTrail, self).__init__('cloudtrail', facade) + super().__init__('cloudtrail', facade) async def finalize(self): global_events_logging = [] diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py index 84e7872a3..1cc863f35 100755 --- a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py +++ b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py @@ -7,7 +7,7 @@ class Trails(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Trails, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): @@ -25,7 +25,7 @@ def _parse_trail(self, raw_trail): raw_trail['HomeRegion'] != self.region: for key in ['HomeRegion', 'TrailARN']: trail[key] = raw_trail[key] - trail['scout_link'] = 'services.cloudtrail.regions.%s.trails.%s' % (raw_trail['HomeRegion'], trail_id) + trail['scout_link'] = 'services.cloudtrail.regions.{}.trails.{}'.format(raw_trail['HomeRegion'], trail_id) return trail_id, trail for key in raw_trail: @@ -52,8 +52,8 @@ def _parse_trail(self, raw_trail): def data_logging_status(self, trail): for event_selector in trail['EventSelectors']: has_wildcard = \ - {u'Values': ['arn:aws:s3'], 'Type': 'AWS::S3::Object'} in event_selector['DataResources'] or \ - {u'Values': ['arn:aws:lambda'], 'Type': 'AWS::Lambda::Function'} in event_selector['DataResources'] + {'Values': ['arn:aws:s3'], 'Type': 'AWS::S3::Object'} in event_selector['DataResources'] or \ + {'Values': ['arn:aws:lambda'], 'Type': 'AWS::Lambda::Function'} in event_selector['DataResources'] is_logging = trail['IsLogging'] if has_wildcard and is_logging and self.is_fresh(trail): return True diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py b/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py index 45a5f8f00..369255610 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/alarms.py @@ -5,7 +5,7 @@ class Alarms(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Alarms, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index 83fe0c8ab..3b17555f1 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -10,4 +10,4 @@ class CloudWatch(Regions): ] def __init__(self, facade: AWSFacade): - super(CloudWatch, self).__init__('cloudwatch', facade) + super().__init__('cloudwatch', facade) diff --git a/ScoutSuite/providers/aws/resources/config/base.py b/ScoutSuite/providers/aws/resources/config/base.py index 7f4f09679..e2959c3b8 100755 --- a/ScoutSuite/providers/aws/resources/config/base.py +++ b/ScoutSuite/providers/aws/resources/config/base.py @@ -11,4 +11,4 @@ class Config(Regions): ] def __init__(self, facade: AWSFacade): - super(Config, self).__init__('config', facade) + super().__init__('config', facade) diff --git a/ScoutSuite/providers/aws/resources/config/recorders.py b/ScoutSuite/providers/aws/resources/config/recorders.py index 9352d6684..81a7d2982 100755 --- a/ScoutSuite/providers/aws/resources/config/recorders.py +++ b/ScoutSuite/providers/aws/resources/config/recorders.py @@ -4,7 +4,7 @@ class Recorders(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Recorders, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/config/rules.py b/ScoutSuite/providers/aws/resources/config/rules.py index e23eb3162..484e083b0 100755 --- a/ScoutSuite/providers/aws/resources/config/rules.py +++ b/ScoutSuite/providers/aws/resources/config/rules.py @@ -4,7 +4,7 @@ class Rules(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Rules, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/directconnect/base.py b/ScoutSuite/providers/aws/resources/directconnect/base.py index a76ff05dc..bd597a54c 100755 --- a/ScoutSuite/providers/aws/resources/directconnect/base.py +++ b/ScoutSuite/providers/aws/resources/directconnect/base.py @@ -10,4 +10,4 @@ class DirectConnect(Regions): ] def __init__(self, facade: AWSFacade): - super(DirectConnect, self).__init__('directconnect', facade) + super().__init__('directconnect', facade) diff --git a/ScoutSuite/providers/aws/resources/directconnect/connections.py b/ScoutSuite/providers/aws/resources/directconnect/connections.py index 0596710a2..82de5af90 100755 --- a/ScoutSuite/providers/aws/resources/directconnect/connections.py +++ b/ScoutSuite/providers/aws/resources/directconnect/connections.py @@ -4,7 +4,7 @@ class Connections(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Connections, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index 2e0538846..ca30e6a83 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -4,7 +4,7 @@ class AmazonMachineImages(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(AmazonMachineImages, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/ec2/base.py b/ScoutSuite/providers/aws/resources/ec2/base.py index 759ec5065..0a82deac7 100755 --- a/ScoutSuite/providers/aws/resources/ec2/base.py +++ b/ScoutSuite/providers/aws/resources/ec2/base.py @@ -14,10 +14,10 @@ class EC2(Regions): ] def __init__(self, facade): - super(EC2, self).__init__('ec2', facade) + super().__init__('ec2', facade) async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs): - await super(EC2, self).fetch_all(regions, excluded_regions, partition_name) + await super().fetch_all(regions, excluded_regions, partition_name) for region in self['regions']: self['regions'][region]['instances_count'] =\ diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index ab59acbe5..ca3ebf30e 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -7,7 +7,7 @@ class EC2Instances(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(EC2Instances, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py index a76930b2d..cb0bfd599 100755 --- a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py +++ b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py @@ -4,7 +4,7 @@ class NetworkInterfaces(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(NetworkInterfaces, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index c6da28c3f..9a61edd2c 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -8,7 +8,7 @@ class SecurityGroups(AWSResources): icmp_message_types_dict = load_data('icmp_message_types.json', 'icmp_message_types') def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(SecurityGroups, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc @@ -61,7 +61,7 @@ def _parse_security_group_rules(self, rules): elif rule['FromPort'] == rule['ToPort']: port_value = str(rule['FromPort']) else: - port_value = '%s-%s' % (rule['FromPort'], rule['ToPort']) + port_value = '{}-{}'.format(rule['FromPort'], rule['ToPort']) manage_dictionary(protocols[ip_protocol]['ports'], port_value, {}) # Save grants, values are either a CIDR or an EC2 security group diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index d3304dd56..3ee74219d 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -5,7 +5,7 @@ class Snapshots(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Snapshots, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 9dc79b2da..5809cb502 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -5,7 +5,7 @@ class Volumes(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Volumes, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/efs/base.py b/ScoutSuite/providers/aws/resources/efs/base.py index 5c7461bf1..5f8db459d 100755 --- a/ScoutSuite/providers/aws/resources/efs/base.py +++ b/ScoutSuite/providers/aws/resources/efs/base.py @@ -10,4 +10,4 @@ class EFS(Regions): ] def __init__(self, facade: AWSFacade): - super(EFS, self).__init__('efs', facade) + super().__init__('efs', facade) diff --git a/ScoutSuite/providers/aws/resources/efs/filesystems.py b/ScoutSuite/providers/aws/resources/efs/filesystems.py index e0b1af0fd..8c1b157b8 100755 --- a/ScoutSuite/providers/aws/resources/efs/filesystems.py +++ b/ScoutSuite/providers/aws/resources/efs/filesystems.py @@ -4,7 +4,7 @@ class FileSystems(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(FileSystems, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/elasticache/base.py b/ScoutSuite/providers/aws/resources/elasticache/base.py index 89ddf3747..afcf8cc12 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/base.py +++ b/ScoutSuite/providers/aws/resources/elasticache/base.py @@ -13,10 +13,10 @@ class ElastiCache(Regions): ] def __init__(self, facade: AWSFacade): - super(ElastiCache, self).__init__('elasticache', facade) + super().__init__('elasticache', facade) async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs): - await super(ElastiCache, self).fetch_all(regions, excluded_regions, partition_name) + await super().fetch_all(regions, excluded_regions, partition_name) for region in self['regions']: self['regions'][region]['clusters_count'] = \ diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index ecf4d9d70..30e657718 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -4,7 +4,7 @@ class Clusters(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(Clusters, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py b/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py index a624ae77f..7aa776d00 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py +++ b/ScoutSuite/providers/aws/resources/elasticache/parametergroups.py @@ -5,7 +5,7 @@ class ParameterGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(ParameterGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py b/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py index b30792a35..d16234411 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py @@ -4,7 +4,7 @@ class SecurityGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(SecurityGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py b/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py index 573b77724..1e99e6bf0 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py +++ b/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py @@ -4,7 +4,7 @@ class SubnetGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(SubnetGroups, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/elb/base.py b/ScoutSuite/providers/aws/resources/elb/base.py index 0f463bd7b..95f244968 100755 --- a/ScoutSuite/providers/aws/resources/elb/base.py +++ b/ScoutSuite/providers/aws/resources/elb/base.py @@ -12,4 +12,4 @@ class ELB(Regions): ] def __init__(self, facade: AWSFacade): - super(ELB, self).__init__('elb', facade) + super().__init__('elb', facade) diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py index 5e4ffff78..74660b7dd 100755 --- a/ScoutSuite/providers/aws/resources/elb/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elb/load_balancers.py @@ -6,7 +6,7 @@ class LoadBalancers(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(LoadBalancers, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/elb/policies.py b/ScoutSuite/providers/aws/resources/elb/policies.py index 513a9bfa2..3f808166b 100755 --- a/ScoutSuite/providers/aws/resources/elb/policies.py +++ b/ScoutSuite/providers/aws/resources/elb/policies.py @@ -5,7 +5,7 @@ class Policies(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Policies, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/elbv2/base.py b/ScoutSuite/providers/aws/resources/elbv2/base.py index 48540c798..25c23a1de 100755 --- a/ScoutSuite/providers/aws/resources/elbv2/base.py +++ b/ScoutSuite/providers/aws/resources/elbv2/base.py @@ -10,4 +10,4 @@ class ELBv2(Regions): ] def __init__(self, facade: AWSFacade): - super(ELBv2, self).__init__('elbv2', facade) + super().__init__('elbv2', facade) diff --git a/ScoutSuite/providers/aws/resources/elbv2/listeners.py b/ScoutSuite/providers/aws/resources/elbv2/listeners.py index e2b38cc7b..5ab5e32eb 100755 --- a/ScoutSuite/providers/aws/resources/elbv2/listeners.py +++ b/ScoutSuite/providers/aws/resources/elbv2/listeners.py @@ -4,7 +4,7 @@ class Listeners(AWSResources): def __init__(self, facade: AWSFacade, region: str, load_balancer_arn: str): - super(Listeners, self).__init__(facade) + super().__init__(facade) self.region = region self.load_balancer_arn = load_balancer_arn diff --git a/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py b/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py index f8cd80da7..0b7c54fa1 100755 --- a/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py @@ -10,7 +10,7 @@ class LoadBalancers(AWSCompositeResources): ] def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(LoadBalancers, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/emr/base.py b/ScoutSuite/providers/aws/resources/emr/base.py index d0c69b3ff..57c2855aa 100755 --- a/ScoutSuite/providers/aws/resources/emr/base.py +++ b/ScoutSuite/providers/aws/resources/emr/base.py @@ -10,10 +10,10 @@ class EMR(Regions): ] def __init__(self, facade: AWSFacade): - super(EMR, self).__init__('emr', facade) + super().__init__('emr', facade) async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs): - await super(EMR, self).fetch_all(regions, excluded_regions, partition_name) + await super().fetch_all(regions, excluded_regions, partition_name) for region in self['regions']: self['regions'][region]['clusters_count'] = sum( diff --git a/ScoutSuite/providers/aws/resources/emr/clusters.py b/ScoutSuite/providers/aws/resources/emr/clusters.py index 3f1ebaee3..9708bc415 100755 --- a/ScoutSuite/providers/aws/resources/emr/clusters.py +++ b/ScoutSuite/providers/aws/resources/emr/clusters.py @@ -4,7 +4,7 @@ class EMRClusters(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(EMRClusters, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/emr/vpcs.py b/ScoutSuite/providers/aws/resources/emr/vpcs.py index 7b20ab21c..83eb19fd8 100755 --- a/ScoutSuite/providers/aws/resources/emr/vpcs.py +++ b/ScoutSuite/providers/aws/resources/emr/vpcs.py @@ -12,7 +12,7 @@ class EMRVpcs(AWSCompositeResources): def __init__(self, facade: AWSFacade, region: str): self.region = region - super(EMRVpcs, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): # EMR won't disclose its VPC, so we put everything in a VPC named "EMR-UNKNOWN-VPC", and we diff --git a/ScoutSuite/providers/aws/resources/iam/base.py b/ScoutSuite/providers/aws/resources/iam/base.py index 03bbef6a0..b70d687b1 100755 --- a/ScoutSuite/providers/aws/resources/iam/base.py +++ b/ScoutSuite/providers/aws/resources/iam/base.py @@ -19,7 +19,7 @@ class IAM(AWSCompositeResources): ] def __init__(self, facade: AWSFacade): - super(IAM, self).__init__(facade) + super().__init__(facade) self.service = 'iam' async def fetch_all(self, partition_name='aws', **kwargs): diff --git a/ScoutSuite/providers/aws/resources/kms/base.py b/ScoutSuite/providers/aws/resources/kms/base.py index bc318763d..688be56bd 100755 --- a/ScoutSuite/providers/aws/resources/kms/base.py +++ b/ScoutSuite/providers/aws/resources/kms/base.py @@ -10,4 +10,4 @@ class KMS(Regions): ] def __init__(self, facade: AWSFacade): - super(KMS, self).__init__('kms', facade) + super().__init__('kms', facade) diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py index 072900891..4684979f1 100755 --- a/ScoutSuite/providers/aws/resources/kms/grants.py +++ b/ScoutSuite/providers/aws/resources/kms/grants.py @@ -4,7 +4,7 @@ class Grants(AWSResources): def __init__(self, facade: AWSFacade, region: str, key_id: str): - super(Grants, self).__init__(facade) + super().__init__(facade) self.region = region self.key_id = key_id diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py index b1fbb9be3..0a31bc65e 100755 --- a/ScoutSuite/providers/aws/resources/kms/keys.py +++ b/ScoutSuite/providers/aws/resources/kms/keys.py @@ -10,7 +10,7 @@ class Keys(AWSCompositeResources): ] def __init__(self, facade: AWSFacade, region: str): - super(Keys, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/rds/base.py b/ScoutSuite/providers/aws/resources/rds/base.py index 60271f04b..4e0132eac 100755 --- a/ScoutSuite/providers/aws/resources/rds/base.py +++ b/ScoutSuite/providers/aws/resources/rds/base.py @@ -13,10 +13,10 @@ class RDS(Regions): ] def __init__(self, facade: AWSFacade): - super(RDS, self).__init__('rds', facade) + super().__init__('rds', facade) async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs): - await super(RDS, self).fetch_all(regions, excluded_regions, partition_name) + await super().fetch_all(regions, excluded_regions, partition_name) for region in self['regions']: self['regions'][region]['instances_count'] =\ diff --git a/ScoutSuite/providers/aws/resources/rds/instances.py b/ScoutSuite/providers/aws/resources/rds/instances.py index c2e8abb85..6e3504cf2 100755 --- a/ScoutSuite/providers/aws/resources/rds/instances.py +++ b/ScoutSuite/providers/aws/resources/rds/instances.py @@ -4,7 +4,7 @@ class RDSInstances(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(RDSInstances, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/rds/parametergroups.py b/ScoutSuite/providers/aws/resources/rds/parametergroups.py index c7bc244f5..bf248dde3 100755 --- a/ScoutSuite/providers/aws/resources/rds/parametergroups.py +++ b/ScoutSuite/providers/aws/resources/rds/parametergroups.py @@ -5,7 +5,7 @@ class ParameterGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(ParameterGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/rds/securitygroups.py b/ScoutSuite/providers/aws/resources/rds/securitygroups.py index 3e936955f..fcc7dff38 100755 --- a/ScoutSuite/providers/aws/resources/rds/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/rds/securitygroups.py @@ -4,7 +4,7 @@ class SecurityGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(SecurityGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/rds/snapshots.py b/ScoutSuite/providers/aws/resources/rds/snapshots.py index 1bdaf0734..fb90dd8a0 100755 --- a/ScoutSuite/providers/aws/resources/rds/snapshots.py +++ b/ScoutSuite/providers/aws/resources/rds/snapshots.py @@ -4,7 +4,7 @@ class Snapshots(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(Snapshots, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py index ff96b5d8c..9719429c0 100755 --- a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py +++ b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py @@ -4,7 +4,7 @@ class SubnetGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(SubnetGroups, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/redshift/base.py b/ScoutSuite/providers/aws/resources/redshift/base.py index 50b2ba7a3..d58b3a2dc 100755 --- a/ScoutSuite/providers/aws/resources/redshift/base.py +++ b/ScoutSuite/providers/aws/resources/redshift/base.py @@ -14,4 +14,4 @@ class Redshift(Regions): ] def __init__(self, facade: AWSFacade): - super(Redshift, self).__init__('redshift', facade) + super().__init__('redshift', facade) diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py index 987dd2c08..ca8fb5b03 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py @@ -11,7 +11,7 @@ class ClusterParameterGroups(AWSCompositeResources): ] def __init__(self, facade: AWSFacade, region: str): - super(ClusterParameterGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py index e12c8732f..c5ed6ece3 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py @@ -4,7 +4,7 @@ class ClusterParameters(AWSResources): def __init__(self, facade: AWSFacade, region: str, parameter_group_name: str): - super(ClusterParameters, self).__init__(facade) + super().__init__(facade) self.region = region self.parameter_group_name = parameter_group_name diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py index bce999212..195834883 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_security_groups.py @@ -4,7 +4,7 @@ class ClusterSecurityGroups(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(ClusterSecurityGroups, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/redshift/clusters.py b/ScoutSuite/providers/aws/resources/redshift/clusters.py index 4cd885cec..aca61e0fa 100755 --- a/ScoutSuite/providers/aws/resources/redshift/clusters.py +++ b/ScoutSuite/providers/aws/resources/redshift/clusters.py @@ -4,7 +4,7 @@ class Clusters(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): - super(Clusters, self).__init__(facade) + super().__init__(facade) self.region = region self.vpc = vpc diff --git a/ScoutSuite/providers/aws/resources/regions.py b/ScoutSuite/providers/aws/resources/regions.py index 1581a1be7..54c72037e 100755 --- a/ScoutSuite/providers/aws/resources/regions.py +++ b/ScoutSuite/providers/aws/resources/regions.py @@ -6,7 +6,7 @@ class Regions(AWSCompositeResources, metaclass=abc.ABCMeta): def __init__(self, service: str, facade: AWSFacade): - super(Regions, self).__init__(facade) + super().__init__(facade) self.service = service async def fetch_all(self, regions=None, excluded_regions=None, partition_name='aws', **kwargs): diff --git a/ScoutSuite/providers/aws/resources/route53/base.py b/ScoutSuite/providers/aws/resources/route53/base.py index 23da39370..5f6b9e678 100755 --- a/ScoutSuite/providers/aws/resources/route53/base.py +++ b/ScoutSuite/providers/aws/resources/route53/base.py @@ -12,4 +12,4 @@ class Route53(Regions): ] def __init__(self, facade: AWSFacade): - super(Route53, self).__init__('route53domains', facade) + super().__init__('route53domains', facade) diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index ee86434f5..d0b9cd6b7 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -5,7 +5,7 @@ class Domains(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Domains, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py index daabdc349..be1049849 100755 --- a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py +++ b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py @@ -4,7 +4,7 @@ class HostedZones(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(HostedZones, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/s3/base.py b/ScoutSuite/providers/aws/resources/s3/base.py index 6a0dad387..2828169a7 100755 --- a/ScoutSuite/providers/aws/resources/s3/base.py +++ b/ScoutSuite/providers/aws/resources/s3/base.py @@ -9,7 +9,7 @@ class S3(AWSCompositeResources): ] def __init__(self, facade: AWSFacade): - super(S3, self).__init__(facade) + super().__init__(facade) self.service = 's3' async def fetch_all(self, partition_name='aws', **kwargs): diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/base.py b/ScoutSuite/providers/aws/resources/secretsmanager/base.py index f0ca00fdc..6517f405f 100755 --- a/ScoutSuite/providers/aws/resources/secretsmanager/base.py +++ b/ScoutSuite/providers/aws/resources/secretsmanager/base.py @@ -10,4 +10,4 @@ class SecretsManager(Regions): ] def __init__(self, facade: AWSFacade): - super(SecretsManager, self).__init__('sqs', facade) + super().__init__('sqs', facade) diff --git a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py index 6587ad6a3..157a7bd66 100755 --- a/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py +++ b/ScoutSuite/providers/aws/resources/secretsmanager/secrets.py @@ -4,7 +4,7 @@ class Secrets(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Secrets, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/ses/base.py b/ScoutSuite/providers/aws/resources/ses/base.py index 20173df5e..de0c00681 100755 --- a/ScoutSuite/providers/aws/resources/ses/base.py +++ b/ScoutSuite/providers/aws/resources/ses/base.py @@ -10,4 +10,4 @@ class SES(Regions): ] def __init__(self, facade: AWSFacade): - super(SES, self).__init__('ses', facade) + super().__init__('ses', facade) diff --git a/ScoutSuite/providers/aws/resources/ses/identities.py b/ScoutSuite/providers/aws/resources/ses/identities.py index 364b57cf3..742d4fa66 100755 --- a/ScoutSuite/providers/aws/resources/ses/identities.py +++ b/ScoutSuite/providers/aws/resources/ses/identities.py @@ -11,7 +11,7 @@ class Identities(AWSCompositeResources): ] def __init__(self, facade: AWSFacade, region: str): - super(Identities, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/ses/identity_policies.py b/ScoutSuite/providers/aws/resources/ses/identity_policies.py index 17958a7cd..6fcae5746 100755 --- a/ScoutSuite/providers/aws/resources/ses/identity_policies.py +++ b/ScoutSuite/providers/aws/resources/ses/identity_policies.py @@ -7,7 +7,7 @@ class IdentityPolicies(AWSResources): def __init__(self, facade: AWSFacade, region: str, identity_name: str): - super(IdentityPolicies, self).__init__(facade) + super().__init__(facade) self.region = region self.identity_name = identity_name diff --git a/ScoutSuite/providers/aws/resources/sns/base.py b/ScoutSuite/providers/aws/resources/sns/base.py index 49256f9cb..9efe2856c 100755 --- a/ScoutSuite/providers/aws/resources/sns/base.py +++ b/ScoutSuite/providers/aws/resources/sns/base.py @@ -10,4 +10,4 @@ class SNS(Regions): ] def __init__(self, facade: AWSFacade): - super(SNS, self).__init__('sns', facade) + super().__init__('sns', facade) diff --git a/ScoutSuite/providers/aws/resources/sns/subscriptions.py b/ScoutSuite/providers/aws/resources/sns/subscriptions.py index b39219575..e28d74e7e 100755 --- a/ScoutSuite/providers/aws/resources/sns/subscriptions.py +++ b/ScoutSuite/providers/aws/resources/sns/subscriptions.py @@ -4,7 +4,7 @@ class Subscriptions(AWSResources): def __init__(self, facade: AWSFacade, region: str, topic_name: str): - super(Subscriptions, self).__init__(facade) + super().__init__(facade) self.region = region self.topic_name = topic_name diff --git a/ScoutSuite/providers/aws/resources/sns/topics.py b/ScoutSuite/providers/aws/resources/sns/topics.py index 8b33f513c..b98fd3b10 100755 --- a/ScoutSuite/providers/aws/resources/sns/topics.py +++ b/ScoutSuite/providers/aws/resources/sns/topics.py @@ -12,7 +12,7 @@ class Topics(AWSCompositeResources): ] def __init__(self, facade: AWSFacade, region: str): - super(Topics, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/sqs/base.py b/ScoutSuite/providers/aws/resources/sqs/base.py index d50b2f244..a7ca846d8 100755 --- a/ScoutSuite/providers/aws/resources/sqs/base.py +++ b/ScoutSuite/providers/aws/resources/sqs/base.py @@ -10,4 +10,4 @@ class SQS(Regions): ] def __init__(self, facade: AWSFacade): - super(SQS, self).__init__('sqs', facade) + super().__init__('sqs', facade) diff --git a/ScoutSuite/providers/aws/resources/sqs/queues.py b/ScoutSuite/providers/aws/resources/sqs/queues.py index 8d23b8af2..cee4fe757 100755 --- a/ScoutSuite/providers/aws/resources/sqs/queues.py +++ b/ScoutSuite/providers/aws/resources/sqs/queues.py @@ -6,7 +6,7 @@ class Queues(AWSResources): def __init__(self, facade: AWSFacade, region: str): - super(Queues, self).__init__(facade) + super().__init__(facade) self.region = region async def fetch_all(self): diff --git a/ScoutSuite/providers/aws/resources/vpc/base.py b/ScoutSuite/providers/aws/resources/vpc/base.py index a35c3cc9d..7d95b0234 100755 --- a/ScoutSuite/providers/aws/resources/vpc/base.py +++ b/ScoutSuite/providers/aws/resources/vpc/base.py @@ -21,7 +21,7 @@ class VPC(Regions): def __init__(self, facade: AWSFacade): # VPC is not a real service but a subset of ec2: - super(VPC, self).__init__('ec2', facade) + super().__init__('ec2', facade) # TODO: move these helpers elsewhere: @@ -59,5 +59,5 @@ def get_cidr_name(cidr, ip_ranges_files, ip_ranges_name_key): ip_prefix = netaddr.IPNetwork(ip_range['ip_prefix']) cidr = netaddr.IPNetwork(cidr) if cidr in ip_prefix: - return 'Unknown CIDR in %s %s' % (ip_range['service'], ip_range['region']) + return 'Unknown CIDR in {} {}'.format(ip_range['service'], ip_range['region']) return 'Unknown CIDR' diff --git a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py index 979b48640..a6a137565 100755 --- a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py +++ b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py @@ -7,7 +7,7 @@ class FlowLogs(AWSResources): def __init__(self, facade: AWSFacade, region: str): self.region = region - super(FlowLogs, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_logs = await self.facade.ec2.get_flow_logs(self.region) diff --git a/ScoutSuite/providers/aws/resources/vpc/network_acls.py b/ScoutSuite/providers/aws/resources/vpc/network_acls.py index 7acd2f327..19543e70c 100755 --- a/ScoutSuite/providers/aws/resources/vpc/network_acls.py +++ b/ScoutSuite/providers/aws/resources/vpc/network_acls.py @@ -11,7 +11,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): self.region = region self.vpc = vpc - super(NetworkACLs, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_network_acls = await self.facade.ec2.get_network_acls(self.region, self.vpc) diff --git a/ScoutSuite/providers/aws/resources/vpc/subnets.py b/ScoutSuite/providers/aws/resources/vpc/subnets.py index c0c5e6c20..caa63ceb7 100755 --- a/ScoutSuite/providers/aws/resources/vpc/subnets.py +++ b/ScoutSuite/providers/aws/resources/vpc/subnets.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): self.region = region self.vpc = vpc - super(Subnets, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_subnets = await self.facade.ec2.get_subnets(self.region, self.vpc) diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py index 50a31c44f..18a6ac83e 100755 --- a/ScoutSuite/providers/aws/resources/vpcs.py +++ b/ScoutSuite/providers/aws/resources/vpcs.py @@ -8,7 +8,7 @@ class Vpcs(AWSCompositeResources): """ def __init__(self, facade, region: str, add_ec2_classic=False): - super(Vpcs, self).__init__(facade) + super().__init__(facade) self.region = region self.add_ec2_classic = add_ec2_classic diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index fd0ed4e10..2d1233215 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -76,7 +76,7 @@ class AWSServicesConfig(BaseServicesConfig): def __init__(self, credentials=None, **kwargs): - super(AWSServicesConfig, self).__init__(credentials) + super().__init__(credentials) facade = AWSFacade(credentials) diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index e234a0f1f..af6863a81 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -48,7 +48,7 @@ def __init__(self, self.result_format = result_format - super(AzureProvider, self).__init__(report_dir, timestamp, + super().__init__(report_dir, timestamp, services, skipped_services, result_format) def get_report_name(self): @@ -75,7 +75,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): if not self.last_run: self._match_rbac_roles_and_principals() - super(AzureProvider, self).preprocessing() + super().preprocessing() def _match_rbac_roles_and_principals(self): """ diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py index b1ee7691d..36f15522b 100755 --- a/ScoutSuite/providers/azure/resources/appservice/web_apps.py +++ b/ScoutSuite/providers/azure/resources/appservice/web_apps.py @@ -6,7 +6,7 @@ class WebApplication(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(WebApplication, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py index 1db639b54..c09c9b4eb 100755 --- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py +++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py @@ -6,7 +6,7 @@ class Vaults(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Vaults, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/network/application_security_groups.py b/ScoutSuite/providers/azure/resources/network/application_security_groups.py index e5d325d75..ddda8af54 100755 --- a/ScoutSuite/providers/azure/resources/network/application_security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/application_security_groups.py @@ -6,7 +6,7 @@ class ApplicationSecurityGroups(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(ApplicationSecurityGroups, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/network/network_interfaces.py b/ScoutSuite/providers/azure/resources/network/network_interfaces.py index 4858161dc..64e6c36fc 100755 --- a/ScoutSuite/providers/azure/resources/network/network_interfaces.py +++ b/ScoutSuite/providers/azure/resources/network/network_interfaces.py @@ -6,7 +6,7 @@ class NetworkInterfaces(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(NetworkInterfaces, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/network/security_groups.py b/ScoutSuite/providers/azure/resources/network/security_groups.py index dc543cf1f..1c3e234c8 100755 --- a/ScoutSuite/providers/azure/resources/network/security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/security_groups.py @@ -6,7 +6,7 @@ class SecurityGroups(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(SecurityGroups, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/network/virtual_networks.py b/ScoutSuite/providers/azure/resources/network/virtual_networks.py index ede523786..e57103ffc 100755 --- a/ScoutSuite/providers/azure/resources/network/virtual_networks.py +++ b/ScoutSuite/providers/azure/resources/network/virtual_networks.py @@ -6,7 +6,7 @@ class VirtualNetworks(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(VirtualNetworks, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/network/watchers.py b/ScoutSuite/providers/azure/resources/network/watchers.py index 3a0c88dcb..418e6c94d 100755 --- a/ScoutSuite/providers/azure/resources/network/watchers.py +++ b/ScoutSuite/providers/azure/resources/network/watchers.py @@ -6,7 +6,7 @@ class Watchers(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Watchers, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py index 9385b65e0..f5eafbd52 100755 --- a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py +++ b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py @@ -5,7 +5,7 @@ class RoleAssignments(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(RoleAssignments, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/rbac/roles.py b/ScoutSuite/providers/azure/resources/rbac/roles.py index cf1f92e6b..2db66a5a7 100755 --- a/ScoutSuite/providers/azure/resources/rbac/roles.py +++ b/ScoutSuite/providers/azure/resources/rbac/roles.py @@ -5,7 +5,7 @@ class Roles(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Roles, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/alerts.py b/ScoutSuite/providers/azure/resources/securitycenter/alerts.py index f4f859215..a80762b40 100644 --- a/ScoutSuite/providers/azure/resources/securitycenter/alerts.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/alerts.py @@ -5,7 +5,7 @@ class Alerts(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Alerts, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py b/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py index 9533e7196..629c0743c 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/auto_provisioning_settings.py @@ -5,7 +5,7 @@ class AutoProvisioningSettings(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(AutoProvisioningSettings, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py b/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py index ae4cee04a..d0c7ea611 100644 --- a/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/compliance_results.py @@ -6,7 +6,7 @@ class ComplianceResults(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(ComplianceResults, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py b/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py index be32880a8..cfb83928f 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/information_protection_policies.py @@ -5,7 +5,7 @@ class InformationProtectionPolicies(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(InformationProtectionPolicies, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/pricings.py b/ScoutSuite/providers/azure/resources/securitycenter/pricings.py index d9d535baf..b0ff19c8c 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/pricings.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/pricings.py @@ -5,7 +5,7 @@ class Pricings(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Pricings, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py index 5a2d06abc..0d19bcdec 100644 --- a/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/regulatory_compliance_results.py @@ -6,7 +6,7 @@ class RegulatoryComplianceResults(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(RegulatoryComplianceResults, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py b/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py index 5c969e2d3..2e02ba043 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/security_contacts.py @@ -5,7 +5,7 @@ class SecurityContacts(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(SecurityContacts, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/securitycenter/settings.py b/ScoutSuite/providers/azure/resources/securitycenter/settings.py index 551b66505..b4d87f03f 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/settings.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/settings.py @@ -5,7 +5,7 @@ class Settings(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Settings, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py index 47e152b0d..ed51c7610 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/database_blob_auditing_policies.py @@ -6,7 +6,7 @@ class DatabaseBlobAuditingPolicies(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str, subscription_id: str): - super(DatabaseBlobAuditingPolicies, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.database_name = database_name diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py index d4a441aa0..05719898d 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/database_threat_detection_policies.py @@ -6,7 +6,7 @@ class DatabaseThreatDetectionPolicies(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str, subscription_id: str): - super(DatabaseThreatDetectionPolicies, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.database_name = database_name diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/databases.py b/ScoutSuite/providers/azure/resources/sqldatabase/databases.py index e3d5bd826..0232b5629 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/databases.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/databases.py @@ -16,7 +16,7 @@ class Databases(AzureCompositeResources): ] def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): - super(Databases, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py b/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py index fa6a45526..d081a8e94 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/replication_links.py @@ -6,7 +6,7 @@ class ReplicationLinks(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str, subscription_id: str): - super(ReplicationLinks, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.database_name = database_name diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py index 4bcd79da0..6d79a7c38 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/server_azure_ad_administrators.py @@ -5,7 +5,7 @@ class ServerAzureAdAdministrators(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): - super(ServerAzureAdAdministrators, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py index 7708c47f3..97836ae78 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/server_blob_auditing_policies.py @@ -5,7 +5,7 @@ class ServerBlobAuditingPolicies(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): - super(ServerBlobAuditingPolicies, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py index cff1d02e7..4afee5d5b 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/server_security_alert_policies.py @@ -5,7 +5,7 @@ class ServerSecurityAlertPolicies(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): - super(ServerSecurityAlertPolicies, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py index b6259d979..52327193e 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py @@ -18,7 +18,7 @@ class Servers(AzureCompositeResources): ] def __init__(self, facade: AzureFacade, subscription_id: str): - super(Servers, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py b/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py index 29a517f4f..ddf9bfb14 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/transparent_data_encryptions.py @@ -6,7 +6,7 @@ class TransparentDataEncryptions(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, database_name: str, subscription_id: str): - super(TransparentDataEncryptions, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.server_name = server_name self.database_name = database_name diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py b/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py index 7a36b7e34..70be49746 100755 --- a/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/blob_containers.py @@ -5,7 +5,7 @@ class BlobContainers(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, storage_account_name: str, subscription_id: str): - super(BlobContainers, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.storage_account_name = storage_account_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/queues.py b/ScoutSuite/providers/azure/resources/storageaccounts/queues.py index 3dcba5414..37c2a4635 100644 --- a/ScoutSuite/providers/azure/resources/storageaccounts/queues.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/queues.py @@ -5,7 +5,7 @@ class Queues(AzureResources): def __init__(self, facade: AzureFacade, resource_group_name: str, storage_account_name: str, subscription_id: str): - super(Queues, self).__init__(facade) + super().__init__(facade) self.resource_group_name = resource_group_name self.storage_account_name = storage_account_name self.subscription_id = subscription_id diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py index 16ab6d840..5f015a2a9 100755 --- a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py @@ -14,7 +14,7 @@ class StorageAccounts(AzureCompositeResources): ] def __init__(self, facade: AzureFacade, subscription_id: str): - super(StorageAccounts, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index 40c91ef0d..05d3c5302 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -6,7 +6,7 @@ class Disks(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Disks, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/images.py b/ScoutSuite/providers/azure/resources/virtualmachines/images.py index afb36b8b7..3f99b9ee5 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/images.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/images.py @@ -6,7 +6,7 @@ class Images(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Images, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index b2878a0d9..dfe756cdb 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -7,7 +7,7 @@ class Instances(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Instances, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py index b7c9541b0..2ff5219ad 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py @@ -6,7 +6,7 @@ class Snapshots(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): - super(Snapshots, self).__init__(facade) + super().__init__(facade) self.subscription_id = subscription_id async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py index b4db87635..ca1504ffe 100755 --- a/ScoutSuite/providers/azure/services.py +++ b/ScoutSuite/providers/azure/services.py @@ -34,7 +34,7 @@ def __init__(self, programmatic_execution=None, **kwargs): - super(AzureServicesConfig, self).__init__(credentials) + super().__init__(credentials) facade = AzureFacade(credentials, subscription_ids, all_subscriptions, @@ -68,7 +68,7 @@ def _is_provider(self, provider_name): return provider_name == 'azure' async def fetch(self, services: list, regions: list, excluded_regions: list): - await super(AzureServicesConfig, self).fetch(services, regions, excluded_regions) + await super().fetch(services, regions, excluded_regions) # This is a unique case where we'll want to fetch additional resources (in the AAD service) in the # event the RBAC service was included. There's no existing cross-service fetching logic (only cross-service diff --git a/ScoutSuite/providers/base/provider.py b/ScoutSuite/providers/base/provider.py index b034d7469..5bee80827 100755 --- a/ScoutSuite/providers/base/provider.py +++ b/ScoutSuite/providers/base/provider.py @@ -1,6 +1,3 @@ -from __future__ import print_function -from __future__ import unicode_literals - import copy import json @@ -10,7 +7,7 @@ from ScoutSuite.providers.base.configs.browser import get_object_at -class BaseProvider(object): +class BaseProvider: """ Base class for the different providers. @@ -95,7 +92,7 @@ def _load_metadata(self): :return: None """ # Load metadata - with open(self.metadata_path, 'rt') as f: + with open(self.metadata_path) as f: self.metadata = json.load(f) @staticmethod diff --git a/ScoutSuite/providers/base/resources/base.py b/ScoutSuite/providers/base/resources/base.py index 656155a7d..b1ef3ff0e 100755 --- a/ScoutSuite/providers/base/resources/base.py +++ b/ScoutSuite/providers/base/resources/base.py @@ -19,7 +19,7 @@ class Resources(dict, metaclass=abc.ABCMeta): def __init__(self, service_facade): self.facade = service_facade - super(Resources, self).__init__() + super().__init__() @abc.abstractmethod async def fetch_all(self, **kwargs): @@ -34,7 +34,7 @@ async def fetch_all(self, **kwargs): class CompositeResources(Resources, metaclass=abc.ABCMeta): """This class represents a node in the hierarchical structure. As inherited from `Resources`, it still \ - stores instances of a given type of resources internally but also stores some kind of nested resources \ + stores instances of a given type of resources internally but also stores some kind of nested resources \\ referred to as its 'children'. """ diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index 96db93b4b..f1c3768d2 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -5,7 +5,7 @@ from ScoutSuite.utils import format_service_name -class BaseServicesConfig(object): +class BaseServicesConfig: def __init__(self, credentials): self.credentials = credentials diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 57c80f572..ef4bc3b7e 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -21,7 +21,7 @@ class GCPFacade(GCPBaseFacade): def __init__(self, default_project_id=None, project_id=None, folder_id=None, organization_id=None, all_projects=None): - super(GCPFacade, self).__init__('cloudresourcemanager', 'v1') + super().__init__('cloudresourcemanager', 'v1') self.default_project_id = default_project_id self.all_projects = all_projects @@ -110,10 +110,10 @@ async def _get_projects_recursively(self, parent_type, parent_id): request = resourcemanager_client.projects().list(filter='parent.id:"%s"' % parent_id) # get parent children projects in children folders recursively - folder_request = resourcemanager_client_v2.folders().list(parent='%ss/%s' % (parent_type, parent_id)) + folder_request = resourcemanager_client_v2.folders().list(parent='{}s/{}'.format(parent_type, parent_id)) folder_response = await GCPFacadeUtils.get_all('folders', folder_request, projects_group) for folder in folder_response: - projects.extend(await self._get_projects_recursively("folder", folder['name'].strip(u'folders/'))) + projects.extend(await self._get_projects_recursively("folder", folder['name'].strip('folders/'))) project_response = await GCPFacadeUtils.get_all('projects', request, projects_group) if project_response: diff --git a/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py b/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py index 3ce7fa3d8..1070644a2 100755 --- a/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py +++ b/ScoutSuite/providers/gcp/facade/cloudresourcemanager.py @@ -4,7 +4,7 @@ class CloudResourceManagerFacade(GCPBaseFacade): def __init__(self): - super(CloudResourceManagerFacade, self).__init__('cloudresourcemanager', 'v1') + super().__init__('cloudresourcemanager', 'v1') async def get_member_bindings(self, project_id: str): try: diff --git a/ScoutSuite/providers/gcp/facade/cloudsql.py b/ScoutSuite/providers/gcp/facade/cloudsql.py index d8901f8c7..5f0e3eed5 100755 --- a/ScoutSuite/providers/gcp/facade/cloudsql.py +++ b/ScoutSuite/providers/gcp/facade/cloudsql.py @@ -5,7 +5,7 @@ class CloudSQLFacade(GCPBaseFacade): def __init__(self): - super(CloudSQLFacade, self).__init__('sqladmin', 'v1beta4') + super().__init__('sqladmin', 'v1beta4') async def get_backups(self, project_id: str, instance_name: str): try: diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index fc769d2b7..0c1f6fd9d 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -6,7 +6,7 @@ class GCEFacade(GCPBaseFacade): def __init__(self): - super(GCEFacade, self).__init__('compute', 'v1') + super().__init__('compute', 'v1') async def get_disks(self, project_id, zone): try: @@ -48,7 +48,7 @@ async def _add_metadata(self, project_id, instances): instance['commonInstanceMetadata'] = common_instance_metadata def metadata_to_dict(self, metadata): - return dict((item['key'], item['value']) for item in metadata['items']) if 'items' in metadata else {} + return {item['key']: item['value'] for item in metadata['items']} if 'items' in metadata else {} async def get_networks(self, project_id): try: diff --git a/ScoutSuite/providers/gcp/facade/iam.py b/ScoutSuite/providers/gcp/facade/iam.py index c9a5269a3..bf2604015 100755 --- a/ScoutSuite/providers/gcp/facade/iam.py +++ b/ScoutSuite/providers/gcp/facade/iam.py @@ -5,7 +5,7 @@ class IAMFacade(GCPBaseFacade): def __init__(self): - super(IAMFacade, self).__init__('iam', 'v1') + super().__init__('iam', 'v1') async def get_service_accounts(self, project_id: str): try: diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py index 427b5867e..3e8321cbf 100755 --- a/ScoutSuite/providers/gcp/facade/kms.py +++ b/ScoutSuite/providers/gcp/facade/kms.py @@ -10,7 +10,7 @@ class KMSFacade(GCPBaseFacade): def __init__(self): # This facade is currently using both libraries as the Cloud Client library doesn't support locations self.cloud_client = kms.KeyManagementServiceClient() # Cloud Client - super(KMSFacade, self).__init__('cloudkms', 'v1') # API Client + super().__init__('cloudkms', 'v1') # API Client async def get_locations(self, project_id: str): diff --git a/ScoutSuite/providers/gcp/provider.py b/ScoutSuite/providers/gcp/provider.py index 34f19d610..947822e05 100755 --- a/ScoutSuite/providers/gcp/provider.py +++ b/ScoutSuite/providers/gcp/provider.py @@ -35,7 +35,7 @@ def __init__(self, self.result_format = result_format - super(GCPProvider, self).__init__(report_dir, timestamp, + super().__init__(report_dir, timestamp, services, skipped_services, result_format) def get_report_name(self): @@ -82,7 +82,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): self._match_instances_and_snapshots() self._match_networks_and_instances() - super(GCPProvider, self).preprocessing() + super().preprocessing() def _match_instances_and_snapshots(self): """ diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/backups.py b/ScoutSuite/providers/gcp/resources/cloudsql/backups.py index b5338e037..4e57ea8cb 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/backups.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/backups.py @@ -4,7 +4,7 @@ class Backups(Resources): def __init__(self, facade: GCPFacade, project_id: str, instance_name: str): - super(Backups, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.instance_name = instance_name diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 5bef07ea7..ca9a5e4cc 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -13,7 +13,7 @@ class DatabaseInstances(GCPCompositeResources): ] def __init__(self, facade: GCPFacade, project_id: str): - super(DatabaseInstances, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/users.py b/ScoutSuite/providers/gcp/resources/cloudsql/users.py index e40bb9fbf..ba2a5fc4f 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/users.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/users.py @@ -4,7 +4,7 @@ class Users(Resources): def __init__(self, facade: GCPFacade, project_id: str, instance_name: str): - super(Users, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.instance_name = instance_name diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py index c8ff1b83b..9a9f8fd85 100755 --- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py +++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py @@ -6,7 +6,7 @@ class Buckets(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Buckets, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/firewalls.py b/ScoutSuite/providers/gcp/resources/gce/firewalls.py index f79214517..b7c53e0d1 100755 --- a/ScoutSuite/providers/gcp/resources/gce/firewalls.py +++ b/ScoutSuite/providers/gcp/resources/gce/firewalls.py @@ -4,7 +4,7 @@ class Firewalls(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Firewalls, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/instance_disks.py b/ScoutSuite/providers/gcp/resources/gce/instance_disks.py index 178548b0d..a82128f2e 100755 --- a/ScoutSuite/providers/gcp/resources/gce/instance_disks.py +++ b/ScoutSuite/providers/gcp/resources/gce/instance_disks.py @@ -3,7 +3,7 @@ class InstanceDisks(Disks): def __init__(self, facade, instance): - super(InstanceDisks, self).__init__(facade) + super().__init__(facade) self.instance = instance def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/networks.py b/ScoutSuite/providers/gcp/resources/gce/networks.py index 9c82754c2..12e8c0f11 100755 --- a/ScoutSuite/providers/gcp/resources/gce/networks.py +++ b/ScoutSuite/providers/gcp/resources/gce/networks.py @@ -4,7 +4,7 @@ class Networks(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Networks, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/snapshots.py b/ScoutSuite/providers/gcp/resources/gce/snapshots.py index cce1eb334..dd3248b8c 100755 --- a/ScoutSuite/providers/gcp/resources/gce/snapshots.py +++ b/ScoutSuite/providers/gcp/resources/gce/snapshots.py @@ -4,7 +4,7 @@ class Snapshots(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Snapshots, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py index 3df21ce4d..56aab2a34 100755 --- a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py +++ b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py @@ -4,7 +4,7 @@ class Subnetworks(Resources): def __init__(self, facade: GCPFacade, project_id: str, region: str): - super(Subnetworks, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.region = region @@ -19,7 +19,7 @@ def _parse_subnetwork(self, raw_subnetwork): subnetwork_dict['id'] = raw_subnetwork['id'] subnetwork_dict['project_id'] = raw_subnetwork['selfLink'].split('/')[-5] subnetwork_dict['region'] = raw_subnetwork['region'].split('/')[-1] - subnetwork_dict['name'] = "%s-%s" % (raw_subnetwork['name'], subnetwork_dict['region']) + subnetwork_dict['name'] = "{}-{}".format(raw_subnetwork['name'], subnetwork_dict['region']) subnetwork_dict['subnetwork'] = raw_subnetwork['network'].split('/')[-1] subnetwork_dict['gateway_address'] = raw_subnetwork['gatewayAddress'] subnetwork_dict['ip_range'] = raw_subnetwork['ipCidrRange'] diff --git a/ScoutSuite/providers/gcp/resources/iam/groups.py b/ScoutSuite/providers/gcp/resources/iam/groups.py index edb034687..5ce52b63d 100755 --- a/ScoutSuite/providers/gcp/resources/iam/groups.py +++ b/ScoutSuite/providers/gcp/resources/iam/groups.py @@ -5,7 +5,7 @@ class Groups(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Groups, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/iam/keys.py b/ScoutSuite/providers/gcp/resources/iam/keys.py index 683030eb2..83c567e92 100755 --- a/ScoutSuite/providers/gcp/resources/iam/keys.py +++ b/ScoutSuite/providers/gcp/resources/iam/keys.py @@ -4,7 +4,7 @@ class Keys(Resources): def __init__(self, facade: GCPFacade, project_id: str, service_account_email: str): - super(Keys, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.service_account_email = service_account_email diff --git a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py index 0ae2999d5..ae2027f42 100755 --- a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py +++ b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py @@ -6,7 +6,7 @@ class Bindings(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Bindings, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py b/ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py index 668bc48d3..a5d8006d7 100755 --- a/ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py +++ b/ScoutSuite/providers/gcp/resources/iam/service_account_bindings.py @@ -4,7 +4,7 @@ class ServiceAccountBindings(Resources): def __init__(self, facade: GCPFacade, project_id: str, service_account_email: str): - super(ServiceAccountBindings, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.service_account_email = service_account_email diff --git a/ScoutSuite/providers/gcp/resources/iam/service_accounts.py b/ScoutSuite/providers/gcp/resources/iam/service_accounts.py index 8fa8412a7..3ff02807f 100755 --- a/ScoutSuite/providers/gcp/resources/iam/service_accounts.py +++ b/ScoutSuite/providers/gcp/resources/iam/service_accounts.py @@ -12,7 +12,7 @@ class ServiceAccounts(GCPCompositeResources): ] def __init__(self, facade: GCPFacade, project_id: str): - super(ServiceAccounts, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): @@ -34,7 +34,7 @@ def _parse_service_account(self, raw_service_account): service_account_dict['email'] = raw_service_account['email'] service_account_dict['project_id'] = raw_service_account['projectId'] - pattern = re.compile('.+@{}\.iam\.gserviceaccount\.com'.format(service_account_dict['project_id'])) + pattern = re.compile(r'.+@{}\.iam\.gserviceaccount\.com'.format(service_account_dict['project_id'])) if pattern.match(service_account_dict['email']): service_account_dict['default_service_account'] = False else: diff --git a/ScoutSuite/providers/gcp/resources/iam/users.py b/ScoutSuite/providers/gcp/resources/iam/users.py index ac11ebeb4..36b7172e2 100755 --- a/ScoutSuite/providers/gcp/resources/iam/users.py +++ b/ScoutSuite/providers/gcp/resources/iam/users.py @@ -5,7 +5,7 @@ class Users(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Users, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/kms/keyrings.py b/ScoutSuite/providers/gcp/resources/kms/keyrings.py index e9d1346ee..890bfb023 100755 --- a/ScoutSuite/providers/gcp/resources/kms/keyrings.py +++ b/ScoutSuite/providers/gcp/resources/kms/keyrings.py @@ -9,7 +9,7 @@ class KeyRings(GCPCompositeResources): ] def __init__(self, facade: GCPFacade, project_id: str): - super(KeyRings, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/kms/keys.py b/ScoutSuite/providers/gcp/resources/kms/keys.py index a8eae64e2..801f2f356 100755 --- a/ScoutSuite/providers/gcp/resources/kms/keys.py +++ b/ScoutSuite/providers/gcp/resources/kms/keys.py @@ -4,7 +4,7 @@ class Keys(Resources): def __init__(self, facade: GCPFacade, project_id: str, keyring_name: str, location: str): - super(Keys, self).__init__(facade) + super().__init__(facade) self.project_id = project_id self.keyring_name = keyring_name self.location = location diff --git a/ScoutSuite/providers/gcp/resources/regions.py b/ScoutSuite/providers/gcp/resources/regions.py index d1b354c15..2dff774bc 100755 --- a/ScoutSuite/providers/gcp/resources/regions.py +++ b/ScoutSuite/providers/gcp/resources/regions.py @@ -4,7 +4,7 @@ class Regions(GCPCompositeResources): def __init__(self, facade: GCPFacade, project_id: str): - super(Regions, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py index f45072291..40a2c2881 100755 --- a/ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py +++ b/ScoutSuite/providers/gcp/resources/stackdriverlogging/metrics.py @@ -4,7 +4,7 @@ class Metrics(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Metrics, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py index 0f582e119..62da226b1 100755 --- a/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py +++ b/ScoutSuite/providers/gcp/resources/stackdriverlogging/sinks.py @@ -4,7 +4,7 @@ class Sinks(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(Sinks, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py index 657740ab5..66d7b39cb 100755 --- a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/alert_policies.py @@ -5,7 +5,7 @@ class AlertPolicies(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(AlertPolicies, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py index a4427ca3f..b037dbeb5 100755 --- a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/uptime_checks.py @@ -5,7 +5,7 @@ class UptimeChecks(Resources): def __init__(self, facade: GCPFacade, project_id: str): - super(UptimeChecks, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/zones.py b/ScoutSuite/providers/gcp/resources/zones.py index bf043e55f..2f1f75e68 100755 --- a/ScoutSuite/providers/gcp/resources/zones.py +++ b/ScoutSuite/providers/gcp/resources/zones.py @@ -4,7 +4,7 @@ class Zones(GCPCompositeResources): def __init__(self, facade: GCPFacade, project_id: str): - super(Zones, self).__init__(facade) + super().__init__(facade) self.project_id = project_id async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py index 636d7bd50..72ae52b95 100755 --- a/ScoutSuite/providers/gcp/services.py +++ b/ScoutSuite/providers/gcp/services.py @@ -21,7 +21,7 @@ def __init__(self, credentials=None, default_project_id=None, project_id=None, folder_id=None, organization_id=None, all_projects=None, **kwargs): - super(GCPServicesConfig, self).__init__(credentials) + super().__init__(credentials) facade = GCPFacade(default_project_id, project_id, folder_id, organization_id, all_projects) diff --git a/ScoutSuite/providers/oci/provider.py b/ScoutSuite/providers/oci/provider.py index f92995fe0..327afc409 100755 --- a/ScoutSuite/providers/oci/provider.py +++ b/ScoutSuite/providers/oci/provider.py @@ -26,7 +26,7 @@ def __init__(self, self.credentials = kwargs['credentials'] self.account_id = self.credentials.get_scope() - super(OracleProvider, self).__init__(report_dir, timestamp, services, skipped_services) + super().__init__(report_dir, timestamp, services, skipped_services) def get_report_name(self): """ @@ -39,5 +39,5 @@ def get_report_name(self): def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): - super(OracleProvider, self).preprocessing() + super().preprocessing() diff --git a/ScoutSuite/providers/oci/resources/identity/api_keys.py b/ScoutSuite/providers/oci/resources/identity/api_keys.py index 3cbef484e..7e43de224 100755 --- a/ScoutSuite/providers/oci/resources/identity/api_keys.py +++ b/ScoutSuite/providers/oci/resources/identity/api_keys.py @@ -5,7 +5,7 @@ class ApiKeys(OracleResources): def __init__(self, facade: OracleFacade, user): - super(ApiKeys, self).__init__(facade) + super().__init__(facade) self.user = user async def fetch_all(self): diff --git a/ScoutSuite/providers/oci/resources/identity/authentication_policy.py b/ScoutSuite/providers/oci/resources/identity/authentication_policy.py index 425993e72..6856f6264 100755 --- a/ScoutSuite/providers/oci/resources/identity/authentication_policy.py +++ b/ScoutSuite/providers/oci/resources/identity/authentication_policy.py @@ -4,7 +4,7 @@ class PasswordPolicy(OracleResources): def __init__(self, facade: OracleFacade): - super(PasswordPolicy, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_authentication_policy = await self.facade.identity.get_authentication_policy() diff --git a/ScoutSuite/providers/oci/resources/identity/base.py b/ScoutSuite/providers/oci/resources/identity/base.py index 85fd5e2b6..727bb662a 100755 --- a/ScoutSuite/providers/oci/resources/identity/base.py +++ b/ScoutSuite/providers/oci/resources/identity/base.py @@ -15,7 +15,7 @@ class Identity(OracleCompositeResources): ] def __init__(self, facade: OracleFacade): - super(Identity, self).__init__(facade) + super().__init__(facade) self.service = 'identity' async def fetch_all(self, **kwargs): diff --git a/ScoutSuite/providers/oci/resources/identity/groups.py b/ScoutSuite/providers/oci/resources/identity/groups.py index 9a260ed4e..bd31eb89f 100755 --- a/ScoutSuite/providers/oci/resources/identity/groups.py +++ b/ScoutSuite/providers/oci/resources/identity/groups.py @@ -5,7 +5,7 @@ class Groups(OracleResources): def __init__(self, facade: OracleFacade): - super(Groups, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): for raw_group in await self.facade.identity.get_groups(): diff --git a/ScoutSuite/providers/oci/resources/identity/policies.py b/ScoutSuite/providers/oci/resources/identity/policies.py index 907b30012..b9aeb2e9d 100755 --- a/ScoutSuite/providers/oci/resources/identity/policies.py +++ b/ScoutSuite/providers/oci/resources/identity/policies.py @@ -5,7 +5,7 @@ class Policies(OracleResources): def __init__(self, facade: OracleFacade): - super(Policies, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): for raw_policy in await self.facade.identity.get_policies(): diff --git a/ScoutSuite/providers/oci/resources/kms/base.py b/ScoutSuite/providers/oci/resources/kms/base.py index 2f799c8f6..338b69270 100755 --- a/ScoutSuite/providers/oci/resources/kms/base.py +++ b/ScoutSuite/providers/oci/resources/kms/base.py @@ -9,7 +9,7 @@ class KMS(OracleCompositeResources): ] def __init__(self, facade: OracleFacade): - super(KMS, self).__init__(facade) + super().__init__(facade) self.service = 'kms' async def fetch_all(self, **kwargs): diff --git a/ScoutSuite/providers/oci/resources/kms/keys.py b/ScoutSuite/providers/oci/resources/kms/keys.py index 5546c61b6..a8179860b 100755 --- a/ScoutSuite/providers/oci/resources/kms/keys.py +++ b/ScoutSuite/providers/oci/resources/kms/keys.py @@ -5,7 +5,7 @@ class Keys(OracleResources): def __init__(self, facade: OracleFacade, keyvault): - super(Keys, self).__init__(facade) + super().__init__(facade) self.key_vault = keyvault async def fetch_all(self): diff --git a/ScoutSuite/providers/oci/resources/kms/keyvaults.py b/ScoutSuite/providers/oci/resources/kms/keyvaults.py index e187db532..86bce2beb 100755 --- a/ScoutSuite/providers/oci/resources/kms/keyvaults.py +++ b/ScoutSuite/providers/oci/resources/kms/keyvaults.py @@ -11,7 +11,7 @@ class KeyVaults(OracleCompositeResources): ] def __init__(self, facade: OracleFacade): - super(KeyVaults, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): raw_keyvaults = await self.facade.kms.get_vaults() diff --git a/ScoutSuite/providers/oci/resources/objectstorage/base.py b/ScoutSuite/providers/oci/resources/objectstorage/base.py index 82bd8b5c9..b61c35fa8 100755 --- a/ScoutSuite/providers/oci/resources/objectstorage/base.py +++ b/ScoutSuite/providers/oci/resources/objectstorage/base.py @@ -9,7 +9,7 @@ class ObjectStorage(OracleCompositeResources): ] def __init__(self, facade: OracleFacade): - super(ObjectStorage, self).__init__(facade) + super().__init__(facade) self.service = 'objectstorage' async def fetch_all(self, **kwargs): diff --git a/ScoutSuite/providers/oci/resources/objectstorage/buckets.py b/ScoutSuite/providers/oci/resources/objectstorage/buckets.py index 50f35502a..f9e4bcac8 100755 --- a/ScoutSuite/providers/oci/resources/objectstorage/buckets.py +++ b/ScoutSuite/providers/oci/resources/objectstorage/buckets.py @@ -4,7 +4,7 @@ class Buckets(OracleResources): def __init__(self, facade: OracleFacade): - super(Buckets, self).__init__(facade) + super().__init__(facade) async def fetch_all(self): diff --git a/ScoutSuite/providers/oci/services.py b/ScoutSuite/providers/oci/services.py index 3b97dd920..e9b3c7767 100755 --- a/ScoutSuite/providers/oci/services.py +++ b/ScoutSuite/providers/oci/services.py @@ -8,7 +8,7 @@ class OracleServicesConfig(BaseServicesConfig): def __init__(self, credentials: OracleCredentials = None, **kwargs): - super(OracleServicesConfig, self).__init__(credentials) + super().__init__(credentials) facade = OracleFacade(credentials) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 8da92ccb6..4babc48aa 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -1,5 +1,3 @@ -from __future__ import print_function - formatted_service_name = { # AWS 'acm': 'ACM', From 5e3c39afbdac775a4c23a20b0ebc40d97adb4603 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:23:36 -0500 Subject: [PATCH 038/979] :construction_worker: add GitHub Actions --- .github/workflows/testing.yml | 51 +++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/testing.yml diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 000000000..74abdf9be --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,51 @@ +name: Python package + +on: [push, pull-request] + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [3.5, 3.6, 3.7, 3.8] + + steps: + - uses: actions/checkout@v2 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v2 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -U setuptools + pip install -r requirements.txt + pip install flake8 + pip install coveralls + pip install codecov + pip install autopep8 + pip install pytest + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + - name: Lint with flake8 + run: | + # stop the build if there are Python syntax errors or undefined names + flake8 . + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + - name: Autopep 8 + run: | + autopep8 --diff --recursive --max-line-length=127 . + - name: Test with nosetests + run: | + nosetests --with-coverage tests/test-utils.py + nosetests --with-coverage tests/test-core.py + nosetests --with-coverage tests/test-output.py + nosetests --with-coverage tests/test-utils-conditions.py + nosetests --with-coverage tests/test-main.py + nosetests --with-coverage tests/test-resources.py + nosetests --with-coverage tests/test-rules-ruleset.py + nosetests --with-coverage tests/test-rules-processingengine.py + + # Not sure what the secret for this will be, but could be set in GitHub Secrets and replaced + nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" From f0bf2d72f5dc0c65641e86bc0ea55e0c762e3d13 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:25:55 -0500 Subject: [PATCH 039/979] fix event that GHA triggers on --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 74abdf9be..5822428f1 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -1,6 +1,6 @@ name: Python package -on: [push, pull-request] +on: [push, pull_request] jobs: build: From 80ff6dc83ab2492e0b8fd9260e08ed979b5b5acb Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:28:34 -0500 Subject: [PATCH 040/979] add nose to dependencies installation --- .github/workflows/testing.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5822428f1..ed4d71967 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -26,6 +26,7 @@ jobs: pip install codecov pip install autopep8 pip install pytest + pip install nose if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Lint with flake8 run: | From 3059401477869bf8718751e0b914678d66c8a732 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:31:03 -0500 Subject: [PATCH 041/979] cache dependencies to speed up builds --- .github/workflows/testing.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index ed4d71967..965c4596e 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -16,6 +16,16 @@ jobs: uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} + - name: Cache pip + uses: actions/cache@v2 + with: + # This path is specific to Ubuntu + path: ~/.cache/pip + # Look to see if there is a cache hit for the corresponding requirements file + key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + ${{ runner.os }}- - name: Install dependencies run: | python -m pip install --upgrade pip From 784cb7ead16f5375c35e49bdebbe7bd71196f187 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:42:41 -0500 Subject: [PATCH 042/979] add more test deps --- .github/workflows/testing.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 965c4596e..244935812 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -36,6 +36,8 @@ jobs: pip install codecov pip install autopep8 pip install pytest + pip install mock + pip install unittest pip install nose if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Lint with flake8 From ebb9e45c7567e60871d4a6871c4221c0b502c194 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:45:22 -0500 Subject: [PATCH 043/979] remove unittest pip (built-in) --- .github/workflows/testing.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 244935812..16b8f6ade 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -37,7 +37,6 @@ jobs: pip install autopep8 pip install pytest pip install mock - pip install unittest pip install nose if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - name: Lint with flake8 From f6fb177d6ae5eefd756bc53c20bf84dbc7e77de0 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:51:36 -0500 Subject: [PATCH 044/979] only run on pushes to master and PR's --- .github/workflows/testing.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 16b8f6ade..af47723ee 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -1,6 +1,11 @@ name: Python package -on: [push, pull_request] +on: + push: + branches: + - develop + pull_request: + jobs: build: From e8066d98290b20041095e701280b0f4a080addfa Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 12:56:39 -0500 Subject: [PATCH 045/979] fix: remove forked differences We have additional changes in our forked branch of `develop`, need to take those out --- ScoutSuite/providers/aws/facade/ec2.py | 16 +--------------- ScoutSuite/providers/aws/resources/ec2/ami.py | 7 ++----- .../providers/aws/resources/ec2/instances.py | 2 +- .../providers/aws/resources/ec2/snapshots.py | 2 -- .../providers/aws/resources/ec2/volumes.py | 2 -- ScoutSuite/providers/aws/services.py | 4 ++-- 6 files changed, 6 insertions(+), 27 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 27af07f7e..7eb73e60c 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -102,19 +102,12 @@ async def get_network_interfaces(self, region: str, vpc: str): async def get_volumes(self, region: str): try: volumes = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_volumes', 'Volumes') - await get_and_set_concurrently([self._get_and_set_key_manager, self._get_and_set_volume_tags], volumes, region=region) + await get_and_set_concurrently([self._get_and_set_key_manager], volumes, region=region) return volumes except Exception as e: print_exception('Failed to get EC2 volumes: {}'.format(e)) return [] - async def _get_and_set_volume_tags(self, volume: {}, region: str): - if "Tags" in volume: - volume["tags"] = {x["Key"]: x["Value"] for x in volume["Tags"]} - else: - volume["tags"] = {} - return volume - async def _get_and_set_key_manager(self, volume: {}, region: str): kms_client = AWSFacadeUtils.get_client('kms', self.session, region) if 'KmsKeyId' in volume: @@ -195,13 +188,6 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): [flow_log for flow_log in self.flow_logs_cache[region] if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']] - async def get_and_set_ec2_instance_tags(self, raw_instance: {}): - if 'Tags' in raw_instance: - instance = {x['Key']: x['Value'] for x in raw_instance['Tags']} - else: - instance = {} - return instance - async def get_peering_connections(self, region): try: peering_connections = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_vpc_peering_connections', 'VpcPeeringConnections') diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index 2e0538846..6c6ec3565 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -14,9 +14,6 @@ async def fetch_all(self): self[name] = resource def _parse_image(self, raw_image): - raw_image['id'] = raw_image['ImageId'] - raw_image['name'] = raw_image['Name'] - if 'Tags' in raw_image: - raw_image['tags'] = {x["Key"]: x["Value"] for x in raw_image["Tags"]} - + raw_image['id'] = raw_image.get('ImageId') + raw_image['name'] = raw_image.get('Name') return raw_image['id'], raw_image diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index ab59acbe5..11d5b3105 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -28,7 +28,7 @@ async def _parse_instance(self, raw_instance): get_name(raw_instance, instance, 'InstanceId') get_keys(raw_instance, instance, - ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId', 'Tags']) + ['KeyName', 'LaunchTime', 'InstanceType', 'State', 'IamInstanceProfile', 'SubnetId']) instance['network_interfaces'] = {} for eni in raw_instance['NetworkInterfaces']: diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index d3304dd56..d48b5f9e6 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -18,8 +18,6 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['id'] = raw_snapshot.pop('SnapshotId') raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) - if "Tags" in raw_snapshot: - raw_snapshot['tags'] = {x["Key"]: x["Value"] for x in raw_snapshot["Tags"]} return raw_snapshot['id'], raw_snapshot @staticmethod diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 9dc79b2da..6dec86616 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -17,6 +17,4 @@ async def fetch_all(self): def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') - if "Tags" in raw_volume: - raw_volume['tags'] = {x["Key"]: x["Value"] for x in raw_volume["Tags"]} return raw_volume['id'], raw_volume diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index fd0ed4e10..ba0141ea6 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -69,8 +69,8 @@ class AWSServicesConfig(BaseServicesConfig): :ivar rds: RDS configuration :ivar redshift: Redshift configuration :ivar s3: S3 configuration - :ivar ses: SES configuration - :ivar sns: SNS configuration + :ivar ses: SES configuration: + "ivar sns: SNS configuration :ivar sqs: SQS configuration """ From f4e54148b88bf9b387a98ae2ba7a1595563783f5 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:05:54 -0500 Subject: [PATCH 046/979] add coverage callout --- .github/workflows/testing.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index af47723ee..1f6e054c0 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -66,3 +66,8 @@ jobs: # Not sure what the secret for this will be, but could be set in GitHub Secrets and replaced nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" + + - name: run coverage + run: | + coveralls + codecov From c6e408c7963644ce981139f1bc98b31f90c20d52 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:07:22 -0500 Subject: [PATCH 047/979] use built-in coveralls github Action --- .github/workflows/testing.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 1f6e054c0..4b7119c96 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -69,5 +69,8 @@ jobs: - name: run coverage run: | - coveralls codecov + - name: Coveralls + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} From 66c8b9608d3515257d1b311f608eca9e43bf3775 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:12:04 -0500 Subject: [PATCH 048/979] use codecov GHA --- .github/workflows/testing.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 4b7119c96..14f38e686 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -67,9 +67,13 @@ jobs: # Not sure what the secret for this will be, but could be set in GitHub Secrets and replaced nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" - - name: run coverage - run: | - codecov + - uses: codecov/codecov-action@v1 + with: + token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos + file: ./coverage.xml # optional + flags: unittests # optional + name: codecov-umbrella # optional + fail_ci_if_error: true # optional (default = false) - name: Coveralls uses: coverallsapp/github-action@master with: From 3388d88fb5098918640a60cece667b8320f0aec1 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:13:09 -0500 Subject: [PATCH 049/979] remove optional fields, don't fail build on error in coverage --- .github/workflows/testing.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 14f38e686..39abdf70a 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -68,12 +68,6 @@ jobs: nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" - uses: codecov/codecov-action@v1 - with: - token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos - file: ./coverage.xml # optional - flags: unittests # optional - name: codecov-umbrella # optional - fail_ci_if_error: true # optional (default = false) - name: Coveralls uses: coverallsapp/github-action@master with: From b56db05f932e04a70cac3c64a1950236f4f5833b Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:20:14 -0500 Subject: [PATCH 050/979] fix: specify coverage file --- .github/workflows/testing.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 39abdf70a..c8d19bc7a 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -68,6 +68,9 @@ jobs: nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" - uses: codecov/codecov-action@v1 + with: + file: ./.coverage + - name: Coveralls uses: coverallsapp/github-action@master with: From d378a49fba032ee3da5750c65f6ca3c970651209 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:21:52 -0500 Subject: [PATCH 051/979] remove coveralls call --- .github/workflows/testing.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index c8d19bc7a..c9bf26b70 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -71,7 +71,8 @@ jobs: with: file: ./.coverage - - name: Coveralls - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + # disabling because it can't find the .lcov coverage file + # - name: Coveralls + # uses: coverallsapp/github-action@master + # with: + # github-token: ${{ secrets.GITHUB_TOKEN }} From 52b32c338d02b29cf1c4f246a4cb954e5c503ee2 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 13:28:29 -0500 Subject: [PATCH 052/979] add additional run on 'master' branch --- .github/workflows/testing.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index c9bf26b70..4abccf2a8 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -4,6 +4,7 @@ on: push: branches: - develop + - master pull_request: From f589b3ac3343fb95c1ca80fa573f475a3810b061 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 20:42:26 -0500 Subject: [PATCH 053/979] fix: recursive descent snake_keys and tests --- ScoutSuite/providers/aws/utils.py | 5 +++ tests/test-utils.py | 71 +++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 12 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 6b59c02e7..6a3e98946 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -99,6 +99,11 @@ def snake_keys(d): new_key = no_camel(k) if isinstance(d[k], dict): new_table[new_key] = snake_keys(d[k]) + elif isinstance(d[k], list): + new_ary = [] + for v in d[k]: + new_ary.append(snake_keys(v)) + new_table[new_key] = new_ary else: new_table[new_key] = d[k] return new_table diff --git a/tests/test-utils.py b/tests/test-utils.py index a2435747d..f34a932fe 100755 --- a/tests/test-utils.py +++ b/tests/test-utils.py @@ -1,3 +1,5 @@ +import unittest + # Import AWS utils from ScoutSuite.providers.aws.utils import ( get_keys, @@ -6,30 +8,32 @@ is_throttled, get_aws_account_id, get_partition_name, + snake_keys, ) from ScoutSuite.utils import * import collections import mock +import datetime + # # Test methods for ScoutSuite/utils.py # -class TestScoutUtilsClass: - +class TestScoutUtilsClass(unittest.TestCase): def test_format_service_name(self): - assert (format_service_name('iAm') == 'IAM') - assert (format_service_name('cloudformation') == 'CloudFormation') + assert format_service_name("iAm") == "IAM" + assert format_service_name("cloudformation") == "CloudFormation" def test_get_keys(self): - test1 = {'a': 'b', 'c': 'd'} - test2 = {'a': '', 'e': 'f'} - get_keys(test1, test2, 'a') - assert (test2['a'] == 'b') - assert ('c' not in test2) - get_keys(test1, test2, 'c') - assert (test2['c'] == 'd') + test1 = {"a": "b", "c": "d"} + test2 = {"a": "", "e": "f"} + get_keys(test1, test2, "a") + assert test2["a"] == "b" + assert "c" not in test2 + get_keys(test1, test2, "c") + assert test2["c"] == "d" def test_no_camel(self): - assert (no_camel('TestTest') == 'test_test') + assert no_camel("TestTest") == "test_test" def test_is_throttled(self): CustomException = collections.namedtuple("CustomException", "response") @@ -79,3 +83,46 @@ def test_get_partition_name(self): return_value={"Arn": "a:b:c:d:e:f:"}, ): assert get_partition_name("") == "b" + + def test_snake_case(self): + src = { + "AttributeDefinitions": [ + {"AttributeName": "string", "AttributeType": "S"}, + ], + "TableName": "string", + "KeySchema": [{"AttributeName": "string", "KeyType": "HASH"},], + "TableStatus": "CREATING", + "CreationDateTime": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None), + "ProvisionedThroughput": { + "LastIncreaseDateTime": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None), + "LastDecreaseDateTime": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None), + "NumberOfDecreasesToday": 123, + "ReadCapacityUnits": 123, + "WriteCapacityUnits": 123, + }, + "TableSizeBytes": 123, + } + dest = { + "attribute_definitions": [ + {"attribute_name": "string", "attribute_type": "S"}, + ], + "table_name": "string", + "key_schema": [{"attribute_name": "string", "key_type": "HASH"}], + "table_status": "CREATING", + "creation_date_time": datetime.datetime(2015, 1, 1, 1, 1, 1, 1, None), + "provisioned_throughput": { + "last_increase_date_time": datetime.datetime( + 2015, 1, 1, 1, 1, 1, 1, None + ), + "last_decrease_date_time": datetime.datetime( + 2015, 1, 1, 1, 1, 1, 1, None + ), + "number_of_decreases_today": 123, + "read_capacity_units": 123, + "write_capacity_units": 123, + }, + "table_size_bytes": 123, + } + d = snake_keys(src) + self.maxDiff = None + self.assertEquals(d, dest) From 3c9af6539d216d966c48751d79eb4ba89060d436 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 20:45:48 -0500 Subject: [PATCH 054/979] fix: 3.5 doesn't support f-strings; remove them --- ScoutSuite/providers/aws/facade/dynamodb.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py index f4d370422..cc4b7c6f7 100644 --- a/ScoutSuite/providers/aws/facade/dynamodb.py +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -16,7 +16,7 @@ async def get_backups(self, region, table_name): TableName=table_name, ) except Exception as e: - print_exception(f"Failed to get DynamoDB Backups for {table_name}") + print_exception("Failed to get DynamoDB Backups for {}".format(table_name)) return [] async def get_tables(self, region): @@ -25,7 +25,7 @@ async def get_tables(self, region): "dynamodb", region, self.session, "list_tables", "TableNames" ) except Exception as e: - print_exception(f"Failed to get DynamoDB tables") + print_exception("Failed to get DynamoDB tables") return [] async def get_tags_for_resource(self, region, resource_arn): @@ -39,7 +39,9 @@ async def get_tags_for_resource(self, region, resource_arn): ResourceArn=resource_arn, ) except Exception as e: - print_exception(f"Failed to get DynamoDB tags for resource {resource_arn}") + print_exception( + "Failed to get DynamoDB tags for resource {}".format(resource_arn) + ) return [] async def get_table(self, region, table_name): @@ -49,6 +51,6 @@ async def get_table(self, region, table_name): lambda: client.describe_table(TableName=table_name) ) except Exception as e: - print_exception(f"Failed to get table {table_name}: {e}") + print_exception("Failed to get table {}: {}".format(table_name, e)) raw_table = None return raw_table From 2bf098cfa20d7afdce546b5f1d47611766250641 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sat, 30 May 2020 21:20:52 -0500 Subject: [PATCH 055/979] remove unused import --- ScoutSuite/providers/aws/resources/dynamodb/base.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/base.py b/ScoutSuite/providers/aws/resources/dynamodb/base.py index 3691f52ec..479c04499 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/base.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/base.py @@ -1,7 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.regions import Regions -from .backups import Backups from .tables import Tables From 9520bc8893421438039404726a60926d9af6af74 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sun, 31 May 2020 09:04:19 -0500 Subject: [PATCH 056/979] remove unused import --- ScoutSuite/core/utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/core/utils.py b/ScoutSuite/core/utils.py index f639d4edb..0d63e72e2 100755 --- a/ScoutSuite/core/utils.py +++ b/ScoutSuite/core/utils.py @@ -2,7 +2,6 @@ Single-service rule processing functions """ -from six import string_types import copy from ScoutSuite.core.console import print_exception From 43827aa019e5d1fb559d66590363543ce147586c Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Sun, 31 May 2020 10:25:04 -0500 Subject: [PATCH 057/979] fix capture variable issue (lgtm) --- ScoutSuite/providers/azure/facade/securitycenter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index 5b0ed4cac..08430df36 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -105,7 +105,7 @@ async def get_regulatory_compliance_results(self, subscription_id: str): for standard in compliance_standards: try: compliance_controls = await run_concurrently( - lambda: list(client.regulatory_compliance_controls.list( + lambda standard=standard: list(client.regulatory_compliance_controls.list( regulatory_compliance_standard_name=standard.name)) ) for control in compliance_controls: From 6c82dc6e24a16021096dbdd43927f47690f0a544 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Mon, 1 Jun 2020 12:54:51 -0500 Subject: [PATCH 058/979] fix: only iterate over keys in dict --- ScoutSuite/providers/aws/utils.py | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 6a3e98946..06709240b 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -95,15 +95,14 @@ def snake_keys(d): """ new_table = {} - for k in d.keys(): - new_key = no_camel(k) - if isinstance(d[k], dict): - new_table[new_key] = snake_keys(d[k]) - elif isinstance(d[k], list): - new_ary = [] - for v in d[k]: - new_ary.append(snake_keys(v)) - new_table[new_key] = new_ary - else: - new_table[new_key] = d[k] + if isinstance(d, dict): + for k in d.keys(): + new_key = no_camel(k) + if isinstance(d[k], dict): + new_table[new_key] = snake_keys(d[k]) + elif isinstance(d[k], list): + new_ary = [snake_keys(v) for v in d[k]] + new_table[new_key] = new_ary + else: + new_table[new_key] = d[k] return new_table From 6322da11ffcc8d5574b79820b85d9e8e89d6a25d Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Mon, 1 Jun 2020 13:08:41 -0500 Subject: [PATCH 059/979] add test for snake_case array --- tests/test-utils.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/test-utils.py b/tests/test-utils.py index f34a932fe..f239d26ff 100755 --- a/tests/test-utils.py +++ b/tests/test-utils.py @@ -101,6 +101,11 @@ def test_snake_case(self): "WriteCapacityUnits": 123, }, "TableSizeBytes": 123, + "AnotherArray": [ + "One", + "Two" + "AnotherThing" + ] } dest = { "attribute_definitions": [ @@ -122,6 +127,7 @@ def test_snake_case(self): "write_capacity_units": 123, }, "table_size_bytes": 123, + "another_array": ["One", "Two", "AnotherThing"] } d = snake_keys(src) self.maxDiff = None From 8b4f005df125f52667f9ca6d8416513c1a5fffb6 Mon Sep 17 00:00:00 2001 From: Pau Risa Date: Tue, 2 Jun 2020 17:17:20 +0200 Subject: [PATCH 060/979] Fixed VPC, IAM and HTML partial bugs --- ...rvices.vpc.regions.id.vpcs.id.subnets.html | 2 +- ScoutSuite/providers/aws/metadata.json | 2 +- .../providers/aws/resources/vpc/base.py | 2 - .../aws/resources/vpc/peering_connections.py | 1 + .../aws/resources/vpc/route_tables.py | 19 -------- .../cloudtrail-s3-bucket-no-logging.json | 48 ------------------- .../iam-root-account-no-hardware-mfa.json | 44 +++++++++++++++++ .../findings/iam-root-account-no-mfa.json | 15 ------ ...n => vpc-routing-tables-with-peering.json} | 3 +- .../findings/vpc-subnet-without-flow-log.json | 2 +- .../aws/rules/rulesets/cis-1.2.0.json | 18 +++++-- 11 files changed, 62 insertions(+), 94 deletions(-) delete mode 100644 ScoutSuite/providers/aws/resources/vpc/route_tables.py delete mode 100644 ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json rename ScoutSuite/providers/aws/rules/findings/{ec2-route-tables-full-peering.json => vpc-routing-tables-with-peering.json} (90%) diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html index 345b4404c..7cecbe4e5 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html @@ -31,7 +31,7 @@

      Instances

    -

    Flow logs +

    Flow logs {{> count_badge count=flow_logs.length}}

      diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 825fddde3..4771b786c 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -124,7 +124,7 @@ "path": "services.vpc.regions.id.vpcs.id.subnets" }, "peering_connections": { - "hidden": true, + "hidden": false, "path": "services.vpc.regions.id.peering_connections", "callbacks": [ [ "process_vpc_peering_connections_callback", {} ] diff --git a/ScoutSuite/providers/aws/resources/vpc/base.py b/ScoutSuite/providers/aws/resources/vpc/base.py index f3eff169c..802c31464 100755 --- a/ScoutSuite/providers/aws/resources/vpc/base.py +++ b/ScoutSuite/providers/aws/resources/vpc/base.py @@ -7,7 +7,6 @@ from .flow_logs import FlowLogs from .vpcs import RegionalVpcs from .peering_connections import PeeringConnections -from .route_tables import RouteTables known_cidrs = {'0.0.0.0/0': 'All'} aws_ip_ranges = {} @@ -18,7 +17,6 @@ class VPC(Regions): (RegionalVpcs, 'vpcs'), (FlowLogs, 'flow_logs'), (PeeringConnections, 'peering_connections') - # (RouteTables, 'route_tables') ] def __init__(self, facade: AWSFacade): diff --git a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py index fa8be7a2c..75ef8c98f 100755 --- a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py +++ b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py @@ -10,6 +10,7 @@ def __init__(self, facade: AWSFacade, region: str): async def fetch_all(self): raw_peering_connections = await self.facade.ec2.get_peering_connections(self.region) + for raw_peering_connection in raw_peering_connections: id, peering_connection = self._parse_peering_connections(raw_peering_connection) self[id] = peering_connection diff --git a/ScoutSuite/providers/aws/resources/vpc/route_tables.py b/ScoutSuite/providers/aws/resources/vpc/route_tables.py deleted file mode 100644 index 5699e4bb4..000000000 --- a/ScoutSuite/providers/aws/resources/vpc/route_tables.py +++ /dev/null @@ -1,19 +0,0 @@ -from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.resources.base import AWSResources - - -class RouteTables(AWSResources): - def __init__(self, facade: AWSFacade, region: str): - super().__init__(facade) - self.facade = facade - self.region = region - - async def fetch_all(self): - raw_route_tables = await self.facade.ec2.get_route_tables(self.region) - for raw_route_table in raw_route_tables: - id, route_table = self._parse_route_tables(raw_route_table) - self[id] = route_table - - def _parse_route_tables(self, raw_route_table): - pass - # return route_table_id, raw_route_tables diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json deleted file mode 100644 index 74f121ccf..000000000 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-s3-bucket-no-logging.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "description": "CloudTrail S3 Bucket Access Logging Is Disabled", - "rationale": "The lack of S3 bucket logging prevents log information to be accessed in security and incident response workflows.", - "remediation": "Ensure that critical S3 buckets have Logging enabled", - "compliance": [ - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.0.0", - "reference": "2.6" - }, - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.1.0", - "reference": "2.6" - }, - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.2.0", - "reference": "2.6" - } - ], - "dashboard_name": "Buckets", - "path": "s3.buckets.id", - "conditions": [ - "and", - [ - "s3.buckets.id.policy.id.", - "withKey", - "Statement" - ], - [ - "s3.buckets.id.policy.id.Statement.id.", - "withKey", - "Principal" - ], - [ - "s3.buckets.id.policy.id.Statement.id.Principal.Service", - "containString", - "cloudtrail.amazonaws.com" - ], - [ - "s3.buckets.id.logging", - "equal", - "Disabled" - ] - ], - "id_suffix": "logging" -} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json new file mode 100644 index 000000000..2be2b4dc6 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json @@ -0,0 +1,44 @@ +{ + "description": "Root Account without hardware MFA", + "rationale": "The root account is the most privileged user in an account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they're prompted for their user name and password and for an authentication code from their AWS MFA device.", + "remediation": "Enable MFA for the root account", + "compliance": [ + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.0.0", + "reference": "1.13" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.1.0", + "reference": "1.14" + }, + { + "name": "CIS Amazon Web Services Foundations", + "version": "1.2.0", + "reference": "1.14" + } + ], + "references": [ + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13" + ], + "dashboard_name": "Root account", + "path": "iam.credential_reports.id", + "conditions": [ + "and", + [ + "iam.credential_reports.id.mfa_active", + "notTrue", + "" + ], + [ + "iam.credential_reports.id.name", + "equal", + "" + ] + ], + "keys": [ + "this" + ], + "id_suffix": "mfa_hardware_active" +} diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json index b51f400b1..e242c1e3b 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json @@ -3,30 +3,15 @@ "rationale": "The root account is the most privileged user in an account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they're prompted for their user name and password and for an authentication code from their AWS MFA device.", "remediation": "Enable MFA for the root account", "compliance": [ - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.0.0", - "reference": "1.13" - }, { "name": "CIS Amazon Web Services Foundations", "version": "1.1.0", "reference": "1.13" }, - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.1.0", - "reference": "1.14" - }, { "name": "CIS Amazon Web Services Foundations", "version": "1.2.0", "reference": "1.13" - }, - { - "name": "CIS Amazon Web Services Foundations", - "version": "1.2.0", - "reference": "1.14" } ], "references": [ diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json b/ScoutSuite/providers/aws/rules/findings/vpc-routing-tables-with-peering.json similarity index 90% rename from ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json rename to ScoutSuite/providers/aws/rules/findings/vpc-routing-tables-with-peering.json index 5352a6b7d..f3927bf15 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2-route-tables-full-peering.json +++ b/ScoutSuite/providers/aws/rules/findings/vpc-routing-tables-with-peering.json @@ -15,13 +15,12 @@ } ], "dashboard_name": "Rulesets", - "display_path": "vpc.regions.id.peering_connections.peering_connections.id", "path": "vpc.regions.id.peering_connections.id", "conditions": [ "and", [ "vpc.regions.id.peering_connections.peering_connection_id", - "notNull", + "null", "" ] ], diff --git a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json index 003925b81..3d9974718 100755 --- a/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json +++ b/ScoutSuite/providers/aws/rules/findings/vpc-subnet-without-flow-log.json @@ -37,5 +37,5 @@ "" ] ], - "id_suffix": "NoFlowLog" + "id_suffix": "no_flowlog" } \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json index 81f858f98..a89607ad1 100644 --- a/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/aws/rules/rulesets/cis-1.2.0.json @@ -112,7 +112,15 @@ ], "iam-root-account-no-mfa.json": [ { - "comment": "Recommendation 1.13 and 1.14 (it is not possible to check if MFA is hardware or software)", + "comment": "Recommendation 1.13", + "enabled": true, + "level": "danger", + "scored": true + } + ], + "iam-root-account-no-hardware-mfa.json": [ + { + "comment": "Recommendation 1.14", "enabled": true, "level": "danger", "scored": true @@ -164,7 +172,7 @@ "scored": false } ], - "TODO.json": [ + "todo-recommendation-1-19.json": [ { "comment": "Recommendation 1.19 (TODO)", "enabled": false, @@ -526,10 +534,10 @@ "scored": "true" } ], - "ec2-route-tables-full-peering.json": [ + "vpc-routing-tables-with-peering.json": [ { - "comment": "Recommendation 4.4 TODO", - "enabled": false, + "comment": "Recommendation 4.4", + "enabled": true, "level": "warning", "scored": "false" } From 5fd185cb9ee6f68459f298e3ef6fbfe61e253d62 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Wed, 3 Jun 2020 11:09:42 -0500 Subject: [PATCH 061/979] revert addition of tag mapping Mixed a mistake from another PR into this one. --- ScoutSuite/providers/aws/facade/ec2.py | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index c316c8d21..5083fcab0 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -102,19 +102,12 @@ async def get_network_interfaces(self, region: str, vpc: str): async def get_volumes(self, region: str): try: volumes = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_volumes', 'Volumes') - await get_and_set_concurrently([self._get_and_set_key_manager, self._get_and_set_volume_tags], volumes, region=region) + await get_and_set_concurrently([self._get_and_set_key_manager], volumes, region=region) return volumes except Exception as e: print_exception('Failed to get EC2 volumes: {}'.format(e)) return [] - async def _get_and_set_volume_tags(self, volume: {}, region: str): - if "Tags" in volume: - volume["tags"] = {x["Key"]: x["Value"] for x in volume["Tags"]} - else: - volume["tags"] = {} - return volume - async def _get_and_set_key_manager(self, volume: {}, region: str): kms_client = AWSFacadeUtils.get_client('kms', self.session, region) if 'KmsKeyId' in volume: @@ -195,13 +188,6 @@ async def _get_and_set_subnet_flow_logs(self, subnet: {}, region: str): [flow_log for flow_log in self.flow_logs_cache[region] if flow_log['ResourceId'] == subnet['SubnetId'] or flow_log['ResourceId'] == subnet['VpcId']] - async def get_and_set_ec2_instance_tags(self, raw_instance: {}): - if 'Tags' in raw_instance: - instance = {x['Key']: x['Value'] for x in raw_instance['Tags']} - else: - instance = {} - return instance - async def get_peering_connections(self, region): try: peering_connections = await AWSFacadeUtils.get_all_pages('ec2', region, self.session, 'describe_vpc_peering_connections', 'VpcPeeringConnections') From 1c94820d2097a3489ce068acf43dc261428a40d4 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Wed, 3 Jun 2020 11:10:35 -0500 Subject: [PATCH 062/979] revert tag mapping addition Another mistake from another PR to revert the mapping of tags to the AMI instance. --- ScoutSuite/providers/aws/resources/ec2/ami.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index ca30e6a83..ffa75a8cb 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -16,7 +16,5 @@ async def fetch_all(self): def _parse_image(self, raw_image): raw_image['id'] = raw_image['ImageId'] raw_image['name'] = raw_image['Name'] - if 'Tags' in raw_image: - raw_image['tags'] = {x["Key"]: x["Value"] for x in raw_image["Tags"]} return raw_image['id'], raw_image From c654959310481a827187efb9b79f1a7823f05263 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Wed, 3 Jun 2020 11:19:12 -0500 Subject: [PATCH 063/979] revert tag mapping --- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 3ee74219d..cbeb4ee44 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -18,8 +18,6 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['id'] = raw_snapshot.pop('SnapshotId') raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) - if "Tags" in raw_snapshot: - raw_snapshot['tags'] = {x["Key"]: x["Value"] for x in raw_snapshot["Tags"]} return raw_snapshot['id'], raw_snapshot @staticmethod From edd859864dd2bc120d02f29a04933122e21f97ed Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Wed, 3 Jun 2020 11:19:30 -0500 Subject: [PATCH 064/979] revert tag addition --- ScoutSuite/providers/aws/resources/ec2/volumes.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 5809cb502..2382b7b83 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -17,6 +17,4 @@ async def fetch_all(self): def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') - if "Tags" in raw_volume: - raw_volume['tags'] = {x["Key"]: x["Value"] for x in raw_volume["Tags"]} return raw_volume['id'], raw_volume From c69f2d02fc27b43c72417a77ab7590940ed420c1 Mon Sep 17 00:00:00 2001 From: Nick Klauer Date: Thu, 4 Jun 2020 10:23:01 -0500 Subject: [PATCH 065/979] fix: tests --- ScoutSuite/providers/aws/utils.py | 7 ++++++- tests/test-utils.py | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 06709240b..b7c41d919 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -101,7 +101,12 @@ def snake_keys(d): if isinstance(d[k], dict): new_table[new_key] = snake_keys(d[k]) elif isinstance(d[k], list): - new_ary = [snake_keys(v) for v in d[k]] + new_ary = [] + for v in d[k]: + if isinstance(v, dict): + new_ary.append(snake_keys(v)) + else: + new_ary.append(v) new_table[new_key] = new_ary else: new_table[new_key] = d[k] diff --git a/tests/test-utils.py b/tests/test-utils.py index f239d26ff..99700e654 100755 --- a/tests/test-utils.py +++ b/tests/test-utils.py @@ -103,8 +103,8 @@ def test_snake_case(self): "TableSizeBytes": 123, "AnotherArray": [ "One", - "Two" - "AnotherThing" + "Two", + "AnotherThing", ] } dest = { From c8c9486660f7470663364ab1418fc2ab42ded4c4 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Fri, 5 Jun 2020 10:54:14 +0100 Subject: [PATCH 066/979] Added env variables to aws lambda information --- .../aws/services.awslambda.regions.id.functions.html | 5 +++++ ScoutSuite/providers/aws/facade/awslambda.py | 9 +++++++++ .../providers/aws/resources/awslambda/functions.py | 12 ++++++++++++ 3 files changed, 26 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html b/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html index 4fe3b8b43..b9321b168 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html +++ b/ScoutSuite/output/data/html/partials/aws/services.awslambda.regions.id.functions.html @@ -21,6 +21,11 @@

      Information

      {{> accordion_policy name = 'Resource-Based Policy' policy_path = (concat 'awslambda.regions' region 'functions' @key 'access_policy') document = access_policy}}
    {{/if}} + {{#if env_variables}} +
    + {{> accordion_policy name = 'Environment Variables' policy_path = (concat 'awslambda.regions' region 'functions' @key 'env_variables') document = env_variables}} +
    + {{/if}} diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py index b1ee7691d..c560dfc58 100755 --- a/ScoutSuite/providers/azure/resources/appservice/web_apps.py +++ b/ScoutSuite/providers/azure/resources/appservice/web_apps.py @@ -22,7 +22,10 @@ def _parse_web_app(self, raw_web_app): web_app_dict['kind'] = raw_web_app.kind web_app_dict['location'] = raw_web_app.location web_app_dict['type'] = raw_web_app.type - web_app_dict['tags'] = raw_web_app.tags + if raw_web_app.tags is not None: + web_app_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_web_app.tags.items()] + else: + web_app_dict['tags'] = [] web_app_dict['state'] = raw_web_app.state web_app_dict['host_names'] = raw_web_app.host_names web_app_dict['repository_site_name'] = raw_web_app.repository_site_name diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py index 1db639b54..b978f4187 100755 --- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py +++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py @@ -21,7 +21,10 @@ def _parse_key_vault(self, raw_vault): vault['type'] = raw_vault.type vault['location'] = raw_vault.location vault['additional_properties'] = raw_vault.additional_properties - vault['tags'] = raw_vault.tags + if raw_vault.tags is not None: + vault['tags'] = ["{}:{}".format(key, value) for key, value in raw_vault.tags.items()] + else: + vault['tags'] = [] vault['properties'] = raw_vault.properties vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault) return vault['id'], vault diff --git a/ScoutSuite/providers/azure/resources/network/application_security_groups.py b/ScoutSuite/providers/azure/resources/network/application_security_groups.py index e5d325d75..dbbfcb5bb 100755 --- a/ScoutSuite/providers/azure/resources/network/application_security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/application_security_groups.py @@ -20,7 +20,10 @@ def _parse_application_security_group(self, raw_application_security_group): application_security_group_dict['name'] = raw_application_security_group.name application_security_group_dict['type'] = raw_application_security_group.type application_security_group_dict['location'] = raw_application_security_group.location - application_security_group_dict['tags'] = raw_application_security_group.tags + if raw_application_security_group.tags is not None: + application_security_group_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_application_security_group.tags.items()] + else: + application_security_group_dict['tags'] = [] application_security_group_dict['resource_guid'] = raw_application_security_group.resource_guid application_security_group_dict['provisioning_state'] = raw_application_security_group.provisioning_state application_security_group_dict['etag'] = raw_application_security_group.etag diff --git a/ScoutSuite/providers/azure/resources/network/network_interfaces.py b/ScoutSuite/providers/azure/resources/network/network_interfaces.py index 4858161dc..562ad0b98 100755 --- a/ScoutSuite/providers/azure/resources/network/network_interfaces.py +++ b/ScoutSuite/providers/azure/resources/network/network_interfaces.py @@ -22,7 +22,10 @@ def _parse_network_interface(self, raw_network_interface): get_non_provider_id(raw_network_interface.virtual_machine.id.lower()) if \ raw_network_interface.virtual_machine else None network_interface_dict['name'] = raw_network_interface.name - network_interface_dict['tags'] = raw_network_interface.tags + if raw_network_interface.tags is not None: + network_interface_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_network_interface.tags.items()] + else: + network_interface_dict['tags'] = [] network_interface_dict['interface_endpoint'] = raw_network_interface.interface_endpoint if \ hasattr(raw_network_interface, 'interface_endpoint') else None network_interface_dict['primary'] = raw_network_interface.primary diff --git a/ScoutSuite/providers/azure/resources/network/security_groups.py b/ScoutSuite/providers/azure/resources/network/security_groups.py index dc543cf1f..da868f1dd 100755 --- a/ScoutSuite/providers/azure/resources/network/security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/security_groups.py @@ -23,7 +23,10 @@ def _parse_network_security_group(self, network_security_group): network_security_group_dict['resource_guid'] = network_security_group.resource_guid network_security_group_dict['type'] = network_security_group.type network_security_group_dict['etag'] = network_security_group.etag - network_security_group_dict['tags'] = network_security_group.tags + if network_security_group.tags is not None: + network_security_group_dict['tags'] = ["{}:{}".format(key, value) for key, value in network_security_group.tags.items()] + else: + network_security_group_dict['tags'] = [] network_security_group_dict['additional_properties'] = network_security_group.additional_properties network_security_group_dict['security_rules'] = self._parse_security_rules(network_security_group) diff --git a/ScoutSuite/providers/azure/resources/network/virtual_networks.py b/ScoutSuite/providers/azure/resources/network/virtual_networks.py index ede523786..2b58c2eee 100755 --- a/ScoutSuite/providers/azure/resources/network/virtual_networks.py +++ b/ScoutSuite/providers/azure/resources/network/virtual_networks.py @@ -21,7 +21,10 @@ def _parse_virtual_network(self, raw_virtual_network): virtual_network_dict['enable_vm_protection'] = raw_virtual_network.enable_vm_protection virtual_network_dict['etag'] = str(raw_virtual_network.etag) - virtual_network_dict['tags'] = raw_virtual_network.tags + if raw_virtual_network.tags is not None: + virtual_network_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_virtual_network.tags.items()] + else: + virtual_network_dict['tags'] = [] virtual_network_dict['virtual_network_peerings'] = raw_virtual_network.virtual_network_peerings virtual_network_dict['enable_ddos_protection'] = raw_virtual_network.enable_ddos_protection virtual_network_dict['resource_guid'] = raw_virtual_network.resource_guid diff --git a/ScoutSuite/providers/azure/resources/network/watchers.py b/ScoutSuite/providers/azure/resources/network/watchers.py index 3a0c88dcb..cde095a73 100755 --- a/ScoutSuite/providers/azure/resources/network/watchers.py +++ b/ScoutSuite/providers/azure/resources/network/watchers.py @@ -20,7 +20,10 @@ def _parse_network_watcher(self, raw_watcher): watcher_dict['name'] = raw_watcher.name watcher_dict['type'] = raw_watcher.type watcher_dict['location'] = raw_watcher.location - watcher_dict['tags'] = raw_watcher.tags + if raw_watcher.tags is not None: + watcher_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_watcher.tags.items()] + else: + watcher_dict['tags'] = [] watcher_dict['etag'] = raw_watcher.etag watcher_dict['additional_properties'] = raw_watcher.additional_properties watcher_dict['provisioning_state'] = raw_watcher.provisioning_state From 06d282fb93914bcd198028227949f720062f4a7f Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Jun 2020 18:24:34 +0200 Subject: [PATCH 106/979] Fixed bug when empty/no tags + resource group name processing and partial view for: - Appservice: web_apps - Keyvault: vaults - Network: application_security_groups, network_interfaces, security_groups, virtual_networks, watchers - SQLdatabase: servers, databases - Storageaccounts: storage_accounts - Virtualmachines: instances Useful reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources --- ....appservice.subscriptions.id.web_apps.html | 21 +++++----- ...ices.keyvault.subscriptions.id.vaults.html | 7 ++-- ...ptions.id.application_security_groups.html | 15 +++---- ...k.subscriptions.id.network_interfaces.html | 1 + ...work.subscriptions.id.security_groups.html | 15 +++---- ...ork.subscriptions.id.virtual_networks.html | 1 + ...ces.network.subscriptions.id.watchers.html | 1 + ....sqldatabase.subscriptions.id.servers.html | 42 ++++++++++--------- ...nts.subscriptions.id.storage_accounts.html | 1 + ...almachines.subscriptions.id.instances.html | 9 ++-- .../azure/resources/appservice/web_apps.py | 2 + .../azure/resources/keyvault/vaults.py | 2 + .../network/application_security_groups.py | 2 + .../resources/network/network_interfaces.py | 2 + .../resources/network/security_groups.py | 2 + .../resources/network/virtual_networks.py | 2 + .../azure/resources/network/watchers.py | 2 + .../azure/resources/sqldatabase/databases.py | 4 +- .../azure/resources/sqldatabase/servers.py | 5 ++- .../storageaccounts/storage_accounts.py | 5 ++- .../resources/virtualmachines/instances.py | 7 +++- 21 files changed, 93 insertions(+), 55 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html index 4507e6ba5..a16ec749b 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html +++ b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html @@ -6,16 +6,6 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    -
    Tags: - {{#each tags}} -
    - {{value_or_none this}} -
       - {{else}} -
    None
    - {{/each}} -
    Location: {{value_or_none location}}
    State: {{value_or_none state}}
    Usage State: {{value_or_none usage_state}}
    @@ -37,6 +27,17 @@

    Information

    Traffic Manager Host Names: {{value_or_none traffic_manager_host_names}}
    Programming Language: {{value_or_none programming_language}}
    Programming Language Version: {{value_or_none programming_language_version}}
    +
    Tags: + {{#each tags}} +
    + {{value_or_none this}} +
       + {{else}} +
    None
    + {{/each}} +
    +
    Resource group: {{value_or_none resource_group_name}}

    Identities

    diff --git a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html index 014553492..033cdf5fc 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html +++ b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html @@ -6,7 +6,9 @@

    {{name}}

    Information

    ID: {{ id }}
    -
    Tags: +
    Location: {{value_or_none location}}
    +
    Public Access: {{ convert_bool_to_enabled public_access_allowed }}
    +
    Tags: {{#each tags}}
    @@ -16,8 +18,7 @@

    Information

    None
    {{/each}}
    -
    Location: {{value_or_none location}}
    -
    Public Access: {{ convert_bool_to_enabled public_access_allowed }}
    +
    Resource group: {{value_or_none resource_group_name}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html index 5b89ae61e..51b501e3f 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html +++ b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.application_security_groups.html @@ -7,18 +7,19 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    -
    Tags: +
    Location: {{value_or_none location}}
    +
    Provisioning State: {{value_or_none provisioning_state}}
    +
    Tags: {{#each tags}} -
    - {{value_or_none this}} -
       +
    + {{value_or_none this}} +
       {{else}}
    None
    {{/each}}
    -
    Location: {{value_or_none location}}
    -
    Provisioning State: {{value_or_none provisioning_state}}
    +
    Resource group: {{value_or_none resource_group_name}}

    Attached Network Interfaces

    diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html index 1fd3c7962..c57860f7a 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html +++ b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.network_interfaces.html @@ -28,6 +28,7 @@

    Information

    None
    {{/each}}
    +
    Resource group: {{value_or_none resource_group_name}}

    IP Configuration

    diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html index 8fe072879..9dcb5794c 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html +++ b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.security_groups.html @@ -7,18 +7,19 @@

    {{name}}

    Information

    Name: {{name}}
    -
    Tags: +
    Location: {{ location }}
    +
    State: {{ provisioning_state }}
    +
    Tags: {{#each tags}} -
    - {{value_or_none this}} -
       +
    + {{value_or_none this}} +
       {{else}}
    None
    {{/each}}
    -
    Location: {{ location }}
    -
    State: {{ provisioning_state }}
    +
    Resource group: {{value_or_none resource_group_name}}
    {{!--
    Exposed Ports: diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html index 6f329441f..0f9c23f47 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html +++ b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.virtual_networks.html @@ -27,6 +27,7 @@

    Information

    None
    {{/each}}
    +
    Resource group: {{value_or_none resource_group_name}}

    Subnets

    diff --git a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html index a5bde1a3d..b15e1f821 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.network.subscriptions.id.watchers.html @@ -19,6 +19,7 @@

    Information

    None
    {{/each}}
    +
    Resource group: {{value_or_none resource_group_name}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html index 92058d2c1..e06b2d54a 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html @@ -7,16 +7,6 @@

    {{name}}

    Information

    SQL Server Name: {{name}}
    -
    Tags: - {{#each tags}} -
    - {{value_or_none this}} -
       - {{else}} -
    None
    - {{/each}} -
    -
    Azure Active Directory Admin: {{value_or_none ad_admin.login}}
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    Auditing retention period: {{ auditing.retention_days }}
    @@ -24,6 +14,17 @@

    Information

    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    Threat detection retention period: {{ threat_detection.retention_days }}
    +
    Tags: + {{#each tags}} +
    + {{value_or_none this}} +
       + {{else}} +
    None
    + {{/each}} +
    +
    Resource group: {{value_or_none resource_group_name}}
    @@ -32,16 +33,6 @@

    SQL Databases

    {{#each databases}}
    Database name: {{@key}}
    -
    Tags: - {{#each tags}} -
    - {{value_or_none this}} -
       - {{else}} -
    None
    - {{/each}} -
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    Auditing retention period: {{ auditing.retention_days }}
    @@ -51,6 +42,17 @@

    SQL Databases

    Threat detection retention period: {{ threat_detection.retention_days }}
    Transparent data encryption: {{ convert_bool_to_enabled transparent_data_encryption_enabled }}
    Geo-replication configured: {{ replication_configured }}
    +
    Tags: + {{#each tags}} +
    + {{value_or_none this}} +
       + {{else}} +
    None
    + {{/each}} +
    +
    Resource group: {{value_or_none resource_group_name}}
    {{/each}} diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html index 4fcb49635..f55f937c1 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html +++ b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html @@ -28,6 +28,7 @@

    Information

    None
    {{/each}}
    +
    Resource group: {{value_or_none resource_group_name}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html index 9d7865b67..55eda81a0 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html +++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html @@ -15,18 +15,19 @@

    Information

    Zones: {{value_or_none zones}}
    Instance View: {{value_or_none instance_view}}
    Proximity Placement Group: {{value_or_none proximity_placement_group}}
    -
    Tags: +
    Availability Set: {{value_or_none availability_set}}
    +
    Additional Capabilities: {{value_or_none additional_capabilities}}
    +
    Tags: {{#each tags}}
    {{value_or_none this}}
       {{else}} -
    None
    +
    None
    {{/each}}
    -
    Availability Set: {{value_or_none availability_set}}
    -
    Additional Capabilities: {{value_or_none additional_capabilities}}
    +
    Resource group: {{value_or_none resource_group_name}}

    Network Interfaces

    diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py index c560dfc58..56c3ca88d 100755 --- a/ScoutSuite/providers/azure/resources/appservice/web_apps.py +++ b/ScoutSuite/providers/azure/resources/appservice/web_apps.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class WebApplication(AzureResources): @@ -26,6 +27,7 @@ def _parse_web_app(self, raw_web_app): web_app_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_web_app.tags.items()] else: web_app_dict['tags'] = [] + web_app_dict['resource_group_name'] = get_resource_group_name(raw_web_app.id) web_app_dict['state'] = raw_web_app.state web_app_dict['host_names'] = raw_web_app.host_names web_app_dict['repository_site_name'] = raw_web_app.repository_site_name diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py index b978f4187..7102f522e 100755 --- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py +++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class Vaults(AzureResources): @@ -25,6 +26,7 @@ def _parse_key_vault(self, raw_vault): vault['tags'] = ["{}:{}".format(key, value) for key, value in raw_vault.tags.items()] else: vault['tags'] = [] + vault['resource_group_name'] = get_resource_group_name(raw_vault.id) vault['properties'] = raw_vault.properties vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault) return vault['id'], vault diff --git a/ScoutSuite/providers/azure/resources/network/application_security_groups.py b/ScoutSuite/providers/azure/resources/network/application_security_groups.py index dbbfcb5bb..90cd25acd 100755 --- a/ScoutSuite/providers/azure/resources/network/application_security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/application_security_groups.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class ApplicationSecurityGroups(AzureResources): @@ -24,6 +25,7 @@ def _parse_application_security_group(self, raw_application_security_group): application_security_group_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_application_security_group.tags.items()] else: application_security_group_dict['tags'] = [] + application_security_group_dict['resource_group_name'] = get_resource_group_name(raw_application_security_group.id) application_security_group_dict['resource_guid'] = raw_application_security_group.resource_guid application_security_group_dict['provisioning_state'] = raw_application_security_group.provisioning_state application_security_group_dict['etag'] = raw_application_security_group.etag diff --git a/ScoutSuite/providers/azure/resources/network/network_interfaces.py b/ScoutSuite/providers/azure/resources/network/network_interfaces.py index 562ad0b98..f79f698d4 100755 --- a/ScoutSuite/providers/azure/resources/network/network_interfaces.py +++ b/ScoutSuite/providers/azure/resources/network/network_interfaces.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class NetworkInterfaces(AzureResources): @@ -26,6 +27,7 @@ def _parse_network_interface(self, raw_network_interface): network_interface_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_network_interface.tags.items()] else: network_interface_dict['tags'] = [] + network_interface_dict['resource_group_name'] = get_resource_group_name(raw_network_interface.id) network_interface_dict['interface_endpoint'] = raw_network_interface.interface_endpoint if \ hasattr(raw_network_interface, 'interface_endpoint') else None network_interface_dict['primary'] = raw_network_interface.primary diff --git a/ScoutSuite/providers/azure/resources/network/security_groups.py b/ScoutSuite/providers/azure/resources/network/security_groups.py index da868f1dd..75222a9f3 100755 --- a/ScoutSuite/providers/azure/resources/network/security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/security_groups.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class SecurityGroups(AzureResources): @@ -27,6 +28,7 @@ def _parse_network_security_group(self, network_security_group): network_security_group_dict['tags'] = ["{}:{}".format(key, value) for key, value in network_security_group.tags.items()] else: network_security_group_dict['tags'] = [] + network_security_group_dict['resource_group_name'] = get_resource_group_name(network_security_group.id) network_security_group_dict['additional_properties'] = network_security_group.additional_properties network_security_group_dict['security_rules'] = self._parse_security_rules(network_security_group) diff --git a/ScoutSuite/providers/azure/resources/network/virtual_networks.py b/ScoutSuite/providers/azure/resources/network/virtual_networks.py index 2b58c2eee..57e10fd94 100755 --- a/ScoutSuite/providers/azure/resources/network/virtual_networks.py +++ b/ScoutSuite/providers/azure/resources/network/virtual_networks.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class VirtualNetworks(AzureResources): @@ -25,6 +26,7 @@ def _parse_virtual_network(self, raw_virtual_network): virtual_network_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_virtual_network.tags.items()] else: virtual_network_dict['tags'] = [] + virtual_network_dict['resource_group_name'] = get_resource_group_name(raw_virtual_network.id) virtual_network_dict['virtual_network_peerings'] = raw_virtual_network.virtual_network_peerings virtual_network_dict['enable_ddos_protection'] = raw_virtual_network.enable_ddos_protection virtual_network_dict['resource_guid'] = raw_virtual_network.resource_guid diff --git a/ScoutSuite/providers/azure/resources/network/watchers.py b/ScoutSuite/providers/azure/resources/network/watchers.py index cde095a73..b43cac14f 100755 --- a/ScoutSuite/providers/azure/resources/network/watchers.py +++ b/ScoutSuite/providers/azure/resources/network/watchers.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class Watchers(AzureResources): @@ -24,6 +25,7 @@ def _parse_network_watcher(self, raw_watcher): watcher_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_watcher.tags.items()] else: watcher_dict['tags'] = [] + watcher_dict['resource_group_name'] = get_resource_group_name(raw_watcher.id) watcher_dict['etag'] = raw_watcher.etag watcher_dict['additional_properties'] = raw_watcher.additional_properties watcher_dict['provisioning_state'] = raw_watcher.provisioning_state diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/databases.py b/ScoutSuite/providers/azure/resources/sqldatabase/databases.py index ea29d33cc..95f3269a6 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/databases.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/databases.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureCompositeResources +from ScoutSuite.providers.azure.utils import get_resource_group_name from .database_blob_auditing_policies import DatabaseBlobAuditingPolicies from .database_threat_detection_policies import DatabaseThreatDetectionPolicies @@ -31,7 +32,8 @@ async def fetch_all(self): self[db.name] = { 'id': db.name, 'name': db.name, - 'tags': ["{}:{}".format(key, value) for key, value in db.tags.items()] + 'tags': ["{}:{}".format(key, value) for key, value in db.tags.items()] if db.tags is not None else [], + 'resource_group_name': get_resource_group_name(db.id) } await self._fetch_children_of_all_resources( diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py index f6399cc3c..712161829 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py @@ -39,5 +39,8 @@ def _parse_server(self, raw_server): server['id'] = get_non_provider_id(raw_server.id) server['name'] = raw_server.name server['resource_group_name'] = get_resource_group_name(raw_server.id) - server['tags'] = ["{}:{}".format(key, value) for key, value in raw_server.tags.items()] + if raw_server.tags is not None: + server['tags'] = ["{}:{}".format(key, value) for key, value in raw_server.tags.items()] + else: + server['tags'] = [] return server['id'], server diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py index a919ee2b3..06fac0024 100755 --- a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py @@ -41,7 +41,10 @@ def _parse_storage_account(self, raw_storage_account): storage_account['bypass'] = raw_storage_account.network_rule_set.bypass storage_account['access_keys_last_rotation_date'] = \ self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs) - storage_account['tags'] = ["{}:{}".format(key, value) for key, value in raw_storage_account.tags.items()] + if raw_storage_account.tags is not None: + storage_account['tags'] = ["{}:{}".format(key, value) for key, value in raw_storage_account.tags.items()] + else: + storage_account['tags'] = [] return storage_account['id'], storage_account diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index 2e1759f35..3c699bd69 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.azure.facade.base import AzureFacade from ScoutSuite.providers.azure.resources.base import AzureResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.azure.utils import get_resource_group_name class Instances(AzureResources): @@ -26,7 +27,11 @@ def _parse_instance(self, raw_instance): instance_dict['location'] = raw_instance.location instance_dict['type'] = raw_instance.type instance_dict['resources'] = raw_instance.resources - instance_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_instance.tags.items()] + if raw_instance.tags is not None: + instance_dict['tags'] = ["{}:{}".format(key, value) for key, value in raw_instance.tags.items()] + else: + instance_dict['tags'] = [] + instance_dict['resource_group_name'] = get_resource_group_name(raw_instance.id) instance_dict['provisioning_state'] = raw_instance.provisioning_state instance_dict['plan'] = raw_instance.plan instance_dict['identity'] = raw_instance.identity From 157b2f8031eb51f9a2c2e1e328a556fb46f01ef3 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 12 Jun 2020 14:06:10 +0200 Subject: [PATCH 107/979] Resolve conflicts --- ...c2.regions.id.vpcs.id.security_groups.html | 6 ----- ...ices.rds.regions.id.vpcs.id.instances.html | 22 ------------------- 2 files changed, 28 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html index 722824fd9..903ca2f17 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html @@ -6,14 +6,8 @@

    {{name}}

    Information

    -<<<<<<< HEAD -
    ID: {{id}}
    -
    ARN: {{arn}}
    -
    Region: {{region}}
    -=======
    ID: {{id}}
    Region: {{region}}
    ->>>>>>> develop
    VPC: {{getValueAt 'services.vpc.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
    Description: {{description}}
    diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html index dfb7651cc..b94d5945d 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html +++ b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html @@ -5,27 +5,6 @@

    {{name}}

    -<<<<<<< HEAD -

    Information

    -
      -
    • ARN: {{arn}}
      • -
    • Region: {{region}}
      • -
    • Engine: {{Engine}}
      • -
    • Status: {{makeTitle DBInstanceStatus}}
      • -
    • Is read replica: {{is_read_replica}}
      • -
    • Auto Minor Version Upgrade: {{#if AutoMinorVersionUpgrade}} Enabled {{else}} Disabled {{/if}}
      • -
    • Multi Availability Zones: {{#if MultiAZ}} Enabled {{else}} Disabled {{/if}}
      • -
    • Instance Class: {{DBInstanceClass}}
      • -
    • Created on: {{InstanceCreateTime}}
      • -
    • Backup retention period in days: {{BackupRetentionPeriod}} -
    • Publicly accessible: {{PubliclyAccessible}} -
    • Enhanced Monitoring: - {{#if EnhancedMonitoringResourceArn}} Enabled {{else}} Disabled {{/if}} -
      • -
    • Encrypted Storage: {{StorageEncrypted}}
      • -
    • CA Certificate: {{CACertificateIdentifier}}
      • -
    -=======

    Information

    • Region: {{region}}
      • @@ -43,7 +22,6 @@

      Information

    • Encrypted Storage: {{convert_bool_to_enabled StorageEncrypted}}
    • CA Certificate: {{CACertificateIdentifier}}
    ->>>>>>> develop

    Network

    From 13a393a70532d0e8a60c4b0fa6244bf271520969 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:14:22 +0200 Subject: [PATCH 108/979] Added samp tags --- .../services.ec2.regions.id.vpcs.id.security_groups.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html index 4bde9e2b1..96671b80d 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html @@ -6,9 +6,9 @@

    {{name}}

    Information

    -
    ID: {{id}}
    -
    ARN: {{arn}}
    -
    Region: {{region}}
    +
    ID: {{id}}
    +
    ARN: {{arn}}
    +
    Region: {{region}}
    VPC: {{getValueAt 'services.vpc.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
    Description: {{description}}
    @@ -46,4 +46,4 @@

    Usage

    \ No newline at end of file + From e9264e0e66cedf4a9bb345017c0fda8bd993982f Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:15:25 +0200 Subject: [PATCH 109/979] Add samp tags --- .../aws/services.ec2.regions.id.vpcs.id.images.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html index 7e90fc2f2..a57eadb16 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.images.html @@ -7,8 +7,8 @@

    {{name}}

    Information

      -
    • ARN: {{arn}}
      • -
    • ID: {{id}}
      • +
    • ARN: {{arn}}
      • +
    • ID: {{id}}
    • Architecture: {{getValueAt 'services.ec2.regions' region 'images' id 'Architecture'}}
    • Public: {{getValueAt 'services.ec2.regions' region 'images' id 'Public'}}
    @@ -25,4 +25,4 @@

    Information

    \ No newline at end of file + From cfbb198a990e22e97577e9caf14118abebbffd72 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:17:32 +0200 Subject: [PATCH 110/979] Add samp tags --- .../partials/aws/services.vpc.regions.id.vpcs.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html index f92d2eb0f..76525fd97 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html @@ -6,12 +6,12 @@

    {{name}}

    Information

    -
    ID: {{@key}}
    -
    ARN: {{arn}}
    -
    Region: {{region}}
    -
    State: {{state}}
    -
    CIDR Block: {{cidr_block}}
    -
    Default: {{default}}
    +
    ID: {{@key}}
    +
    ARN: {{arn}}
    +
    Region: {{region}}
    +
    State: {{state}}
    +
    CIDR Block: {{cidr_block}}
    +
    Default: {{default}}
    From 7deab1d3ea18255dbbef57411af37f2ef7c9cb31 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:18:03 +0200 Subject: [PATCH 111/979] Add samp tags --- .../html/partials/aws/services.ses.regions.id.identities.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html b/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html index f712f6fd2..293843d81 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ses.regions.id.identities.html @@ -6,7 +6,7 @@

    {{name}}

    Information

    -
    ARN: {{arn}}
    +
    ARN: {{arn}}

    DKIM Configuration

    From 9b7a1fa5aac26c71b29fd268a4de03390df3f39e Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:19:01 +0200 Subject: [PATCH 112/979] Add samp tags --- .../output/data/html/partials/aws/services.s3.buckets.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html index e583c1237..56537fa1d 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html @@ -6,7 +6,7 @@

    {{name}}

    Information

    -
    ARN: {{arn}}
    +
    ARN: {{arn}}
    Region: {{region}}
    Creation date: {{CreationDate}}
    Logging: {{has_logging? logging}}
    From 5d3d34960c023270a50ef2594d2eb8d90226fb9b Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:19:32 +0200 Subject: [PATCH 113/979] Add samp tags --- .../aws/services.redshift.regions.id.vpcs.id.clusters.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html index 4e378753c..8a5d63bb7 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html +++ b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.vpcs.id.clusters.html @@ -7,7 +7,7 @@

    {{name}}

    Information

      -
    • ARN: {{arn}}
      • +
    • ARN: {{arn}}
    • Node Type: {{NodeType}}
    • Allow Version Upgrade: {{AllowVersionUpgrade}}
    • Automated Snapshot Retention Period: {{AutomatedSnapshotRetentionPeriod}}
      • From 38fd26eb691bb9b509f6f0bd93fddd0bf4b42563 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:19:58 +0200 Subject: [PATCH 114/979] Add samp tags --- .../aws/services.redshift.regions.id.parameter_groups.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html index 4e8d9bf19..7877e2455 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html @@ -6,7 +6,7 @@

      {{name}}

    Information

    -
    ARN: {{arn}}
    +
    ARN: {{arn}}
    Description: {{description}}
    Group Family: {{family}}
    Default Parameter Group: {{is_default}}
    From 1ae5abe67b767ada9ec825bb40054b2667294ae3 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:20:33 +0200 Subject: [PATCH 115/979] Add samp tags --- .../partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html index 4b8e07f46..cb977dfac 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html @@ -7,7 +7,7 @@

    {{name}}

    Information

      -
    • ARN: {{arn}}
      • +
    • ARN: {{arn}}
    • VPC: {{getValueAt 'services.elbv2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
    • DNS: {{DNSName}}
    • Scheme: {{Scheme}}
      • From f8f05293ebc18881bee3a28f3c14c9e6a421d06f Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:20:58 +0200 Subject: [PATCH 116/979] Add samp tags --- .../html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html index 8d336311a..872c854d6 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html @@ -7,7 +7,7 @@

      {{name}}

      Information

        -
      • ARN: {{arn}}
        • +
      • ARN: {{arn}}
      • VPC: {{getValueAt 'services.elb.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
      • DNS: {{DNSName}}
      • Scheme: {{Scheme}}
        • From c8a3ddab776623dae9031ea950c3e3753e358f79 Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:21:45 +0200 Subject: [PATCH 117/979] Add samp tags --- .../aws/services.cloudformation.regions.id.stacks.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html b/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html index 3c80d85a9..62571b6f0 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html @@ -9,7 +9,7 @@

        Description

      Information

      -
      ARN: {{arn}}
      +
      ARN: {{arn}}
      Region: {{region}}
      Created on: {{CreationTime}}
      Role: @@ -52,4 +52,4 @@

      Capabilities {{> count_badge count=Capabilit \ No newline at end of file + From f7e8c6dc273b99402b9329eee147430763fec1ee Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Fri, 12 Jun 2020 14:25:49 +0200 Subject: [PATCH 118/979] Add samp tags --- ...ervices.rds.regions.id.vpcs.id.instances.html | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html index 5155e3d94..6f77152aa 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html +++ b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html @@ -7,22 +7,22 @@

      {{name}}

      Information

        -
      • ARN: {{arn}}
        • -
      • Region: {{region}}
        • -
      • Engine: {{Engine}}
        • -
      • Status: {{makeTitle DBInstanceStatus}}
        • -
      • Is read replica: {{is_read_replica}}
        • +
      • ARN: {{arn}}
        • +
      • Region: {{region}}
        • +
      • Engine: {{Engine}}
        • +
      • Created: {{format_date InstanceCreateTime}}
        • +
      • Status: {{makeTitle DBInstanceStatus}}
        • +
      • Is read replica: {{is_read_replica}}
      • Auto Minor Version Upgrade: {{#if AutoMinorVersionUpgrade}} Enabled {{else}} Disabled {{/if}}
      • Multi Availability Zones: {{#if MultiAZ}} Enabled {{else}} Disabled {{/if}}
        • -
      • Instance Class: {{DBInstanceClass}}
        • -
      • Created on: {{InstanceCreateTime}}
        • +
      • Instance Class: {{DBInstanceClass}}
      • Backup retention period in days: {{BackupRetentionPeriod}}
      • Publicly accessible: {{PubliclyAccessible}}
      • Enhanced Monitoring: {{#if EnhancedMonitoringResourceArn}} Enabled {{else}} Disabled {{/if}}
      • Encrypted Storage: {{StorageEncrypted}}
        • -
      • CA Certificate: {{CACertificateIdentifier}}
        • +
      • CA Certificate: {{CACertificateIdentifier}}
      From 32aa6ae00b37265c0b0bd56284d6c8941337bf21 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 12 Jun 2020 16:17:25 +0200 Subject: [PATCH 119/979] Fixed other references after renaming file from commit 03b62cec7682c4067977c123d362b49debaa8f95 --- .../aws/services.elbv2.regions.id.vpcs.id.elbs.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html index 4b8e07f46..ab883e2cc 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.elbs.html @@ -1,6 +1,6 @@ - - From 4059b5828d0d06749eb727ddff4eb2f2f1869d48 Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Sun, 21 Jun 2020 16:31:47 -0400 Subject: [PATCH 122/979] fix paths instance, subnets --- .../partials/aws/services.elb.regions.id.vpcs.id.elbs.html | 4 ++-- ...rvices.elb.regions.id.vpcs.id.elbs.linked_resources.html | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html index 3a368de35..20448e762 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.html @@ -57,8 +57,8 @@

      Security Groups

      Destination

        - {{> services.elb.regions.vpcs.elbs.linked_resources region = region vpc = vpc resources = instances resource_type = 'instances'}} - {{> services.elb.regions.vpcs.elbs.linked_resources region = region vpc = vpc resources = Subnets resource_type = 'subnets'}} + {{> services.elb.regions.vpcs.elbs.linked_resources service='ec2' region = region vpc = vpc resources = instances resource_type = 'instances'}} + {{> services.elb.regions.vpcs.elbs.linked_resources service='vpc' region = region vpc = vpc resources = Subnets resource_type = 'subnets'}}
      {{#if tags}} diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html index fb0d63843..af60d8ace 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.vpcs.id.elbs.linked_resources.html @@ -4,13 +4,13 @@
      {{#if resources.length}}
      {{makeTitle resource_type}}: - {{> count_badge count=resources.length target=(concat '#services.elb.regions' region 'vpcs' vpc 'elbs' @key resource_type)}} + {{> count_badge count=resources.length target=(concat '#services' service 'regions' region 'vpcs' vpc 'elbs' @key resource_type)}}
      -
      +
      From b46666fea3e98f14ec1f93ba526b1349ca5b8d9a Mon Sep 17 00:00:00 2001 From: Todd Keech Date: Mon, 22 Jun 2020 19:27:44 -0400 Subject: [PATCH 123/979] Added unit tests for get_report_name and authenticate --- .travis.yml | 1 + tests/test-aws-provider.py | 103 +++++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100755 tests/test-aws-provider.py diff --git a/.travis.yml b/.travis.yml index 1e72ec433..7ce1b8e94 100755 --- a/.travis.yml +++ b/.travis.yml @@ -45,6 +45,7 @@ script: - nosetests --with-coverage tests/test-resources.py - nosetests --with-coverage tests/test-rules-ruleset.py - nosetests --with-coverage tests/test-rules-processingengine.py + - nosetests --with-coverage tests/test-aws-provider.py - nosetests --with-coverage --nocapture tests/test-scoutsuite.py -a "!credential" # Update test coverage diff --git a/tests/test-aws-provider.py b/tests/test-aws-provider.py new file mode 100755 index 000000000..6513a8028 --- /dev/null +++ b/tests/test-aws-provider.py @@ -0,0 +1,103 @@ +from ScoutSuite.providers.aws.authentication_strategy import AWSCredentials +from ScoutSuite.providers.base.authentication_strategy import AuthenticationException +from ScoutSuite.providers.base.authentication_strategy_factory import ( + get_authentication_strategy, +) +from ScoutSuite.providers import get_provider +from ScoutSuite.providers.aws.provider import AWSProvider +import mock +import pytest + +# Test methods for AWS Provider +class TestAWSProviderClass: + @mock.patch("ScoutSuite.providers.aws.authentication_strategy.boto3") + @mock.patch("ScoutSuite.providers.aws.authentication_strategy.get_caller_identity") + def test_authenticate(self, mock_get_caller_identity, mock_Session): + auth_strat = get_authentication_strategy("aws") + + boto3_session = "_boto3_session_" + mock_Session.Session.return_value = boto3_session + + test_cases = [ + # no params + { + "profile": None, + "aws_access_key_id": None, + "aws_secret_access_key": None, + "aws_session_token": None, + "call_dict": {}, + }, + # profile + { + "profile": "123", + "aws_access_key_id": None, + "aws_secret_access_key": None, + "aws_session_token": None, + "call_dict": {"profile_name": "123"}, + }, + # access and secret key + { + "profile": None, + "aws_access_key_id": "456", + "aws_secret_access_key": "789", + "aws_session_token": None, + "call_dict": { + "aws_access_key_id": "456", + "aws_secret_access_key": "789", + }, + }, + # access, secret key and token + { + "profile": None, + "aws_access_key_id": "456", + "aws_secret_access_key": "789", + "aws_session_token": "101112", + "call_dict": { + "aws_access_key_id": "456", + "aws_secret_access_key": "789", + "aws_session_token": "101112", + }, + }, + ] + + for test_case in test_cases: + result = auth_strat.authenticate( + test_case["profile"], + test_case["aws_access_key_id"], + test_case["aws_secret_access_key"], + test_case["aws_session_token"], + ) + mock_Session.Session.assert_called_with(**test_case["call_dict"]) + mock_get_caller_identity.assert_called_with(boto3_session) + assert isinstance(result, AWSCredentials) + assert result.session == boto3_session + + # exception test + mock_Session.Session.side_effect = Exception("an exception") + with pytest.raises(AuthenticationException): + result = auth_strat.authenticate(None, None, None, None) + + # mock two separate places from which get_aws_account_id is called + @mock.patch("ScoutSuite.providers.aws.facade.base.get_aws_account_id") + @mock.patch("ScoutSuite.providers.aws.provider.get_aws_account_id") + def test_get_report_name(self, mock_get_aws_account_id, mock_facade_aws_account_id): + + # no account_id, no profile + mock_get_aws_account_id.return_value = None + aws_provider = get_provider( + provider="aws", credentials=mock.MagicMock(session="123"), + ) + assert aws_provider.get_report_name() == "aws" + + # profile and account_id + mock_get_aws_account_id.return_value = "12345" + aws_provider = get_provider( + provider="aws", profile="9999", credentials=mock.MagicMock(session="123"), + ) + assert aws_provider.get_report_name() == "aws-9999" + + # account_id + aws_provider = get_provider( + provider="aws", credentials=mock.MagicMock(session="123"), + ) + assert aws_provider.get_report_name() == "aws-12345" From 4b7c1d1b8fa4a5b79f339a1f1b3338e2495d5729 Mon Sep 17 00:00:00 2001 From: Todd Keech Date: Mon, 22 Jun 2020 20:25:10 -0400 Subject: [PATCH 124/979] Updated based on latest in develop branch --- tests/test-aws-provider.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/test-aws-provider.py b/tests/test-aws-provider.py index 6513a8028..fcac98e8b 100755 --- a/tests/test-aws-provider.py +++ b/tests/test-aws-provider.py @@ -80,10 +80,17 @@ def test_authenticate(self, mock_get_caller_identity, mock_Session): # mock two separate places from which get_aws_account_id is called @mock.patch("ScoutSuite.providers.aws.facade.base.get_aws_account_id") @mock.patch("ScoutSuite.providers.aws.provider.get_aws_account_id") - def test_get_report_name(self, mock_get_aws_account_id, mock_facade_aws_account_id): + @mock.patch("ScoutSuite.providers.aws.provider.get_partition_name") + def test_get_report_name( + self, + mock_get_partiton_name, + mock_get_aws_account_id, + mock_facade_aws_account_id, + ): # no account_id, no profile mock_get_aws_account_id.return_value = None + mock_get_partiton_name.return_value = None aws_provider = get_provider( provider="aws", credentials=mock.MagicMock(session="123"), ) From 5c581e9ba7971ab53a37210c0f75e98ec8201248 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 27 Jun 2020 12:55:20 +0200 Subject: [PATCH 125/979] Update version --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 1044e6bd0..049f660e4 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.9.0' +__version__ = '5.10.0' ERRORS_LIST = [] From abe329449d62193230a824b6e8b7b47d6b97a3e9 Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Sun, 28 Jun 2020 17:23:26 -0400 Subject: [PATCH 126/979] conditional SG inclusion --- .../aws/services.ec2.regions.id.vpcs.id.security_groups.html | 2 +- .../partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html | 2 ++ ScoutSuite/providers/aws/resources/elbv2/load_balancers.py | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html index 903ca2f17..3b023e723 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.security_groups.html @@ -45,4 +45,4 @@

      Usage

      \ No newline at end of file + diff --git a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html index c13169c71..70af73a07 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elbv2.regions.id.vpcs.id.lbs.html @@ -37,6 +37,7 @@

      Attributes

      {{/each}}

    + {{#unless isNetwork}}

    Security Groups @@ -53,6 +54,7 @@

    Security Groups

    + {{/unless}} {{#if tags}}

    Tags

    diff --git a/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py b/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py index f8cd80da7..adb140f5d 100755 --- a/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elbv2/load_balancers.py @@ -37,6 +37,7 @@ def _parse_load_balancer(self, load_balancer): load_balancer['name'] = load_balancer.pop('LoadBalancerName') load_balancer['security_groups'] = [] load_balancer['listener_protocols'] = [] + load_balancer['isNetwork'] = load_balancer["Type"] == "network" if 'SecurityGroups' in load_balancer: for sg in load_balancer['SecurityGroups']: From b5064fb76db493c5ba57c3e535800aee51db4fdf Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Tue, 30 Jun 2020 11:07:59 +0200 Subject: [PATCH 127/979] Removed IAM test class (now we use Boto3) --- tests/test-services-iam.py | 232 ------------------------------------- 1 file changed, 232 deletions(-) delete mode 100644 tests/test-services-iam.py diff --git a/tests/test-services-iam.py b/tests/test-services-iam.py deleted file mode 100644 index 9c0cc302c..000000000 --- a/tests/test-services-iam.py +++ /dev/null @@ -1,232 +0,0 @@ -import binascii -import copy -import os -import sys -import time -import unittest -import ScoutSuite.providers.aws.authentication_strategy - -#from opinel.services.iam import * -#from opinel.utils.aws import connect_service -#from opinel.utils.console import configPrintException, printDebug -#from opinel.utils.credentials import read_creds, read_creds_from_environment_variables - - -class TestOpinelServicesIAM(unittest.TestCase): - - def setup(self): - creds = {'AccessKeyId': None, 'SecretAccessKey': None, 'SessionToken': None, - 'Expiration': None, 'SerialNumber': None, 'TokenCode': None}; - # Check environment variables - if 'AWS_ACCESS_KEY_ID' in os.environ and 'AWS_SECRET_ACCESS_KEY' in os.environ: - creds['AccessKeyId'] = os.environ['AWS_ACCESS_KEY_ID'] - creds['SecretAccessKey'] = os.environ['AWS_SECRET_ACCESS_KEY'] - if 'AWS_SESSION_TOKEN' in os.environ: - creds['SessionToken'] = os.environ['AWS_SESSION_TOKEN'] - - #if self.creds['AccessKeyId'] == None: - #self.creds = read_creds('travislike') - #self.api_client = connect_service('iam', self.creds) - #self.python = re.sub(r'\W+', '', sys.version) - self.cleanup = {'groups': [], 'users': []} - - - def make_travisname(self, testname): - return '%s-%s-%s' % (testname, binascii.b2a_hex(os.urandom(4)).decode('utf-8'), self.python) - - - def assert_group_create(self, groups_data, error_count, force_add = False): - for group_data in groups_data: - self.assert_create('groups', group_data, error_count, force_add) - - - def assert_user_create(self, user_data, error_count, force_add = False): - self.assert_create('users', user_data, error_count, force_add) - - - def assert_create(self, resource_type, resource_data, error_count, force_add = False): - assert len(resource_data['errors']) == error_count - nameattr = '%sname' % resource_type[:-1] - if force_add or error_count == 0: - #printDebug('Successfully created %s %s' % (resource_type[:-1], resource_data[nameattr])) - self.cleanup[resource_type].append(resource_data[nameattr]) - - - def test_create_user(self): - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest001')) - self.assert_user_create(user_data, 0) - user_data = create_user(self.api_client, self.cleanup['users'][0]) - self.assert_user_create(user_data, 1) - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest002'), 'BlockedUsers') - self.assert_user_create(user_data, 0) - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest003'), ['BlockedUsers', 'AllUsers']) - self.assert_user_create(user_data, 1, True) - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest004'), with_password = True) - self.assert_user_create(user_data, 0) - assert 'password' in user_data - assert len(user_data['password']) == 16 - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest005'), with_password=True ,require_password_reset = True) - self.assert_user_create(user_data, 0) - assert 'password' in user_data - assert len(user_data['password']) == 16 - user_data = create_user(self.api_client, self.make_travisname('OpinelUnitTest006'), with_access_key = True) - self.assert_user_create(user_data, 0) - assert 'AccessKeyId' in user_data - assert user_data['AccessKeyId'].startswith('AKIA') - assert 'SecretAccessKey' in user_data - - - def test_delete_user(self): - # Mostly tested as part of teardown - try: - delete_user(self.api_client, 'PhonyUserWithMFA') - except Exception as e: - pass - pass - - - def test_add_user_to_group(self): - user010 = create_user(self.api_client, self.make_travisname('OpinelUnitTest010')) - self.assert_user_create(user010, 0) - user011 = create_user(self.api_client, self.make_travisname('OpinelUnitTest011')) - self.assert_user_create(user011, 0) - add_user_to_group(self.api_client, user010['username'], 'BlockedUsers', True) - add_user_to_group(self.api_client, user011['username'], 'BlockedUsers', False) - - - def test_delete_virtual_mfa_device(self): - try: - delete_virtual_mfa_device(self.api_client, 'arn:aws:iam::179374595322:mfa/PhonyUserWithMFA') - except Exception as e: - assert (e.response['Error']['Code'] == 'AccessDenied') - - - def test_get_access_keys(self): - user020 = create_user(self.api_client, self.make_travisname('OpinelUnitTest020'), with_access_key = True) - self.assert_user_create(user020, 0) - access_keys = get_access_keys(self.api_client, self.cleanup['users'][0]) - assert len(access_keys) == 1 - - - def test_show_access_keys(self): - user021 = create_user(self.api_client, self.make_travisname('OpinelUnitTest021'), with_access_key = True) - self.assert_user_create(user021, 0) - show_access_keys(self.api_client, self.cleanup['users'][0]) - - - def test_init_group_category_regex(self): - result = init_group_category_regex(['a', 'b'], ['', '.*hello.*']) - assert (type(result) == list) - result = init_group_category_regex(['a', 'b'], ['', '']) - assert (result == None) - result = init_group_category_regex(['a', 'b', 'c'], ['.*hello.*']) - assert (result == None) - - - def test_create_groups(self): - group001 = self.make_travisname('OpinelUnitTest001') - groups = create_groups(self.api_client, group001) - self.assert_group_create(groups, 0) - group002 = self.make_travisname('OpinelUnitTest002') - group003 = self.make_travisname('OpinelUnitTest003') - groups = create_groups(self.api_client, [ group002, group003 ]) - self.assert_group_create(groups, 0) - group004 = self.make_travisname('HelloWorld') - groups = create_groups(self.api_client, group004) - self.assert_group_create(groups, 1) - - - def teardown(self): - if len(self.cleanup['users']): - self.delete_resources('users') - if len(self.cleanup['groups']): - self.delete_resources('groups') - - - def delete_resources(self, resource_type): - resources = copy.deepcopy(self.cleanup[resource_type]) - while True: - unmodifiable_resource = False - remaining_resources = [] - printDebug('Deleting the following %s: %s' % (resource_type, str(resources)) ) - time.sleep(5) - for resource in resources: - if resource_type == 'groups': - errors = [] - try: - self.api_client.delete_group(GroupName = resource) - except: - errors = [ 'EntityTemporarilyUnmodifiable' ] - else: - method = globals()['delete_%s' % resource_type[:-1]] - errors = method(self.api_client, resource) - if len(errors): - printDebug('Errors when deleting %s' % resource) - remaining_resources.append(resource) - for handled_code in ['EntityTemporarilyUnmodifiable', 'DeleteConflict']: - if handled_code in errors: - unmodifiable_resource = True - else: - printError('Failed to delete %s %s' % (resource_type[:-1], resource)) - assert (False) - resources = copy.deepcopy(remaining_resources) - if not unmodifiable_resource: - break -def create_user(iam_client, user, groups = [], with_password= False, with_mfa = False, with_access_key = False, require_password_reset = True): - """ - :param iam_client: AWS API client for IAM - :param user: Name of the user to create - :param groups: Name of the IAM groups to add the user to - :param with_password: Boolean indicating whether creation of a password should be done - :param with_mfa: Boolean indicating whether creation of an MFA device should be done - :param with_access_key: Boolean indicating whether creation of an API access key should be done - :param require_password_reset: Boolean indicating whether users should reset their password after first login - :return: - """ - user_data = {'username': user, 'errors': []} - printInfo('Creating user %s...' % user) - try: - iam_client.create_user(UserName = user) - except Exception as e: - user_data['errors'].append('iam:createuser') - return user_data - # Add user to groups - if type(groups) != list: - groups = [ groups ] - for group in groups: - try: - add_user_to_group(iam_client, user, group) - except Exception as e: - printException(e) - user_data['errors'].append('iam:addusertogroup - %s' % group) - # Generate password - if with_password: - try: - printInfo('Creating a login profile...') - user_data['password'] = generate_password() - iam_client.create_login_profile(UserName = user, Password = user_data['password'] , PasswordResetRequired = require_password_reset) - except Exception as e: - printException(e) - user_data['errors'].append('iam:createloginprofile') - # Enable MFA - if False and with_mfa: - printInfo('Enabling MFA...') - serial = '' - mfa_code1 = '' - mfa_code2 = '' - # Create an MFA device, Display the QR Code, and activate the MFA device - try: - mfa_serial = False # enable_mfa(iam_client, user, '%s/qrcode.png' % user) - except Exception as e: - return 42 - # Request access key - if with_access_key: - try: - printInfo('Creating an API access key...') - access_key = iam_client.create_access_key(UserName=user)['AccessKey'] - user_data['AccessKeyId'] = access_key['AccessKeyId'] - user_data['SecretAccessKey'] = access_key['SecretAccessKey'] - except Exception as e: - printException(e) - user_data['errors'].append('iam:createaccesskey') - return user_data \ No newline at end of file From 5a5d52d852753d59f9052fd645bc921ab73db2c9 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Tue, 30 Jun 2020 16:26:26 +0200 Subject: [PATCH 128/979] Added console tests --- tests/test_utils_console.py | 76 +++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100755 tests/test_utils_console.py diff --git a/tests/test_utils_console.py b/tests/test_utils_console.py new file mode 100755 index 000000000..a830f1c85 --- /dev/null +++ b/tests/test_utils_console.py @@ -0,0 +1,76 @@ +# -*- coding: utf-8 -*- + +import unittest +from ScoutSuite.core.console import * + +class TestOpinelUtilsConsoleClass(unittest.TestCase): + + def test_configPrintException(self): + set_logger_configuration(False) + set_logger_configuration(True) + + + def test_printDebug(self): + print_debug('hello') + + + def test_printError(self): + print_error('hello') + + + def test_printException(self): + set_logger_configuration(True) + try: + raise Exception('opinelunittest') + except Exception as e: + print_exception(e) + set_logger_configuration(False) + try: + raise Exception('opinelunittest') + except Exception as e: + print_exception(e) + try: + raise Exception('opinelunittest') + except Exception as e: + print_exception(e, True) + + + def test_printInfo(msg, newLine=True): + print_info('hello') + + + def test_printGeneric(self): + print_generic(sys.stderr, 'hello') + + + def test_prompt(self): + assert prompt('a') == 'a' + assert prompt('') == '' + test = ['a', 'b'] + assert prompt(test) == 'a' + assert prompt(test) == 'b' + assert prompt(test) == '' + + + def test_prompt_4_value(self): + assert prompt_value('prompt_4_value', no_confirm=True, test_input='inputvalue') == 'inputvalue' + assert prompt_value('prompt_4_value', no_confirm=True, is_question=True, test_input='inputvalue') == 'inputvalue' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='b') == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], display_choices=False, no_confirm=True, test_input='b') == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], display_indices=True, no_confirm=True, test_input='1') == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], default='b', no_confirm=True, test_input='') == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, authorize_list=True, test_input='a,b') == 'a,b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], required=True, no_confirm=True, test_input=['', 'b']) == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], required=True, no_confirm=True, test_input=['invalid', 'b']) == 'b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,c') == None + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,b', authorize_list = True) == 'a,b' + assert prompt_value('prompt_4_value', choices=['a', 'b', 'c'], no_confirm=True, test_input='a,e', authorize_list = True) == None + + def test_prompt_4_yes_no(self): + assert prompt_yes_no('hello', 'N') == False + assert prompt_yes_no('hello', 'no') == False + assert prompt_yes_no('hello', 'Y') == True + assert prompt_yes_no('hello', 'yes') == True + assert prompt_yes_no('hello', ['foo', 'bar', 'no']) == False + assert prompt_yes_no('hello', 'Ye') == None + assert prompt_yes_no('hello', 'Non') == None \ No newline at end of file From c29432109078ae884a7a3210e112ea781dcc9588 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Wed, 1 Jul 2020 11:44:49 +0200 Subject: [PATCH 129/979] Added fs tests --- tests/data/ip-ranges-1.json | 1 + tests/data/ip-ranges-3.json | 7 ++ tests/data/protocols.json | 5 + .../results/read_ip_ranges/ip-ranges-1a.json | 1 + .../results/read_ip_ranges/ip-ranges-1b.json | 1 + .../results/read_ip_ranges/ip-ranges-1c.json | 1 + tests/results/read_ip_ranges/ip-ranges-3.json | 1 + tests/results/read_ip_ranges/ip-ranges-a.json | 1 + tests/test_utils_console.py | 2 +- tests/test_utils_fs.py | 98 +++++++++++++++++++ 10 files changed, 117 insertions(+), 1 deletion(-) create mode 100755 tests/data/ip-ranges-1.json create mode 100755 tests/data/ip-ranges-3.json create mode 100755 tests/data/protocols.json create mode 100755 tests/results/read_ip_ranges/ip-ranges-1a.json create mode 100755 tests/results/read_ip_ranges/ip-ranges-1b.json create mode 100755 tests/results/read_ip_ranges/ip-ranges-1c.json create mode 100755 tests/results/read_ip_ranges/ip-ranges-3.json create mode 100755 tests/results/read_ip_ranges/ip-ranges-a.json create mode 100755 tests/test_utils_fs.py diff --git a/tests/data/ip-ranges-1.json b/tests/data/ip-ranges-1.json new file mode 100755 index 000000000..effcd842b --- /dev/null +++ b/tests/data/ip-ranges-1.json @@ -0,0 +1 @@ +{"createDate": "2015-10-01-19-05-51","prefixes": [{"field_a": "a1","field_b": "b1","ip_prefix": "1.2.3.4"},{"field_a": "a2","field_b": "b2","ip_prefix": "5.6.7.8"}]} diff --git a/tests/data/ip-ranges-3.json b/tests/data/ip-ranges-3.json new file mode 100755 index 000000000..0739cbde7 --- /dev/null +++ b/tests/data/ip-ranges-3.json @@ -0,0 +1,7 @@ +{ + "source": "tests/data/ip-ranges-2.json", + "local_file": "True", + "conditions": [ "and", + [ "region", "match", [ "us-.*" ] ] + ] +} diff --git a/tests/data/protocols.json b/tests/data/protocols.json new file mode 100755 index 000000000..b4a1761f4 --- /dev/null +++ b/tests/data/protocols.json @@ -0,0 +1,5 @@ +{ + "protocols": { + "-2": "TEST" + } +} \ No newline at end of file diff --git a/tests/results/read_ip_ranges/ip-ranges-1a.json b/tests/results/read_ip_ranges/ip-ranges-1a.json new file mode 100755 index 000000000..f487890d9 --- /dev/null +++ b/tests/results/read_ip_ranges/ip-ranges-1a.json @@ -0,0 +1 @@ +[{"ip_prefix": "1.2.3.4", "field_b": "b1", "field_a": "a1"}, {"ip_prefix": "5.6.7.8", "field_b": "b2", "field_a": "a2"}] diff --git a/tests/results/read_ip_ranges/ip-ranges-1b.json b/tests/results/read_ip_ranges/ip-ranges-1b.json new file mode 100755 index 000000000..0e7bc9c2e --- /dev/null +++ b/tests/results/read_ip_ranges/ip-ranges-1b.json @@ -0,0 +1 @@ +["1.2.3.4", "5.6.7.8"] \ No newline at end of file diff --git a/tests/results/read_ip_ranges/ip-ranges-1c.json b/tests/results/read_ip_ranges/ip-ranges-1c.json new file mode 100755 index 000000000..c4f841a76 --- /dev/null +++ b/tests/results/read_ip_ranges/ip-ranges-1c.json @@ -0,0 +1 @@ +["1.2.3.4"] \ No newline at end of file diff --git a/tests/results/read_ip_ranges/ip-ranges-3.json b/tests/results/read_ip_ranges/ip-ranges-3.json new file mode 100755 index 000000000..ae86932a6 --- /dev/null +++ b/tests/results/read_ip_ranges/ip-ranges-3.json @@ -0,0 +1 @@ +["52.92.252.0/22", "52.92.48.0/22", "13.56.0.0/16", "13.57.0.0/16", "13.58.0.0/15"] diff --git a/tests/results/read_ip_ranges/ip-ranges-a.json b/tests/results/read_ip_ranges/ip-ranges-a.json new file mode 100755 index 000000000..efc8cc9dc --- /dev/null +++ b/tests/results/read_ip_ranges/ip-ranges-a.json @@ -0,0 +1 @@ +[{"region": "us-east-1", "ip_prefix": "23.20.0.0/14", "service": "AMAZON"}, {"region": "us-east-1", "ip_prefix": "23.20.0.0/14", "service": "EC2"}] \ No newline at end of file diff --git a/tests/test_utils_console.py b/tests/test_utils_console.py index a830f1c85..3c2130733 100755 --- a/tests/test_utils_console.py +++ b/tests/test_utils_console.py @@ -40,7 +40,7 @@ def test_printInfo(msg, newLine=True): def test_printGeneric(self): - print_generic(sys.stderr, 'hello') + print_generic('hello') def test_prompt(self): diff --git a/tests/test_utils_fs.py b/tests/test_utils_fs.py new file mode 100755 index 000000000..0b4e5227c --- /dev/null +++ b/tests/test_utils_fs.py @@ -0,0 +1,98 @@ +# -*- coding: utf-8 -*- + +import unittest +from ScoutSuite.core.fs import * +from ScoutSuite.core.console import * + +class TestOpinelFsClass(unittest.TestCase): + """ + Test opinel.fs + """ + + def cmp(self, a, b): + """ + Implement cmp() for Python3 tests + """ + return (a > b) - (a < b) + + def test_CustomJSONEncoder(self): + date = datetime.datetime(2017, 6, 12) + blob1 = {'foo': 'bar', 'date': date} + print('%s' % json.dumps(blob1, cls=CustomJSONEncoder)) + blob2 = {'foo': 'bar', 'baz': {'foo': 'bar'}} + print('%s' % json.dumps(blob2, cls=CustomJSONEncoder)) + + def test_load_data(self): + test = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'data/protocols.json') + load_data(test, local_file=True) + load_data(test, 'protocols', local_file=True) + load_data('protocols.json', 'protocols') + load_data('aws/ip-ranges/aws.json', 'prefixes') + load_data('data/protocols.json', 'protocols', local_file=True) + test = load_data('protocols.json', 'protocols') + assert type(test) == dict + assert test['1'] == 'ICMP' + test = load_data('data/protocols.json', 'protocols', True) + assert type(test) == dict + assert test['-2'] == 'TEST' + + + def test_read_ip_ranges(self): + read_ip_ranges('aws/ip-ranges/aws.json', local_file=False) + read_ip_ranges('data/ip-ranges-1.json', local_file=True) + read_ip_ranges('data/ip-ranges-1.json', local_file=True, ip_only=True) + successful_read_ip_ranges_runs = True + test_cases = [ + { + 'filename': 'data/ip-ranges-1.json', + 'local_file': True, + 'conditions': [],'ip_only': False, + 'results': 'results/read_ip_ranges/ip-ranges-1a.json' + }, + { + 'filename': 'data/ip-ranges-1.json', + 'local_file': True, + 'conditions': [],'ip_only': True, + 'results': 'results/read_ip_ranges/ip-ranges-1b.json' + }, + { + 'filename': 'data/ip-ranges-1.json', + 'local_file': True, + 'conditions': [ + [ + 'field_a', 'equal', 'a1']], + 'ip_only': True, + 'results': 'results/read_ip_ranges/ip-ranges-1c.json' + }, + { + 'filename': 'aws/ip-ranges/aws.json', + 'local_file': False, + 'conditions': [ + [ 'ip_prefix', 'equal', '23.20.0.0/14' ] + ], + 'ip_only': False, + 'results': 'results/read_ip_ranges/ip-ranges-a.json' + }, + { + "filename": 'data/ip-ranges-3.json', + "local_file": True, + 'results': None, + "ip_only": True, + "results": "results/read_ip_ranges/ip-ranges-3.json" + }, + { + "filename": 'data/ip-ranges-3.json', + "local_file": True, + 'results': None, + "ip_only": True, + "results": "results/read_ip_ranges/ip-ranges-3.json" + } + ] + + assert successful_read_ip_ranges_runs + + def test_save_blob_as_json(self): + date = datetime.datetime.now() + save_blob_as_json('tmp1.json', {'foo': 'bar','date': date}, True) + save_blob_as_json('tmp1.json', {'foo': 'bar'}, True) + save_blob_as_json('/root/tmp1.json', {'foo': 'bar'}, True) From 4918020d77be0f886a7abe71c544ee4730a3fcee Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 1 Jul 2020 18:12:39 +0200 Subject: [PATCH 130/979] Get owner ID from raw resource --- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 591f00daa..3544bda17 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -19,8 +19,8 @@ def _parse_snapshot(self, raw_snapshot): raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') raw_snapshot['public'] = self._is_public(raw_snapshot) raw_snapshot['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), - self.facade.owner_id, - raw_snapshot.get('name')) + raw_snapshot.get('OwnerId'), + raw_snapshot.get('name')) return raw_snapshot['id'], raw_snapshot @staticmethod From 6da5365b9a1a1b4e86f4b59dcb709a14fdbbf909 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 1 Jul 2020 18:22:10 +0200 Subject: [PATCH 131/979] Tweak partial --- ....sqldatabase.subscriptions.id.servers.html | 46 +++++++++---------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html index e06b2d54a..28afeee76 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html @@ -26,39 +26,35 @@

    Information

    Resource group: {{value_or_none resource_group_name}}
    -

    SQL Databases

    - {{#each databases}} -
    -
    Database name: {{@key}}
    -
    -
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    -
    Auditing retention period: {{ auditing.retention_days }}
    -
    Threat detection: {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    -
    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    -
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    -
    Threat detection retention period: {{ threat_detection.retention_days }}
    -
    Transparent data encryption: {{ convert_bool_to_enabled transparent_data_encryption_enabled }}
    -
    Geo-replication configured: {{ replication_configured }}
    -
    Tags: - {{#each tags}} -
    Database name: {{@key}}
    +
    +
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    +
    Auditing retention period: {{ auditing.retention_days }}
    +
    Threat detection: {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    +
    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    +
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    +
    Threat detection retention period: {{ threat_detection.retention_days }}
    +
    Transparent data encryption: {{ convert_bool_to_enabled transparent_data_encryption_enabled }}
    +
    Geo-replication configured: {{ replication_configured }}
    +
    Tags: + {{#each tags}} +
    - {{value_or_none this}} -
       - {{else}} -
    None
    - {{/each}} -
    -
    Resource group: {{value_or_none resource_group_name}}
    + {{value_or_none this}} +
       + {{else}} +
    None
    + {{/each}}
    +
    Resource group: {{value_or_none resource_group_name}}
    - {{/each}} + {{/each}}
    - From a8362f0d49564000528383063f58df7f93612613 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 19 Jul 2020 10:24:19 +0200 Subject: [PATCH 158/979] Cosmetic changes --- ScoutSuite/output/data/html/summaries/attack_surface.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/summaries/attack_surface.html b/ScoutSuite/output/data/html/summaries/attack_surface.html index 2908c5d07..25b7c9516 100755 --- a/ScoutSuite/output/data/html/summaries/attack_surface.html +++ b/ScoutSuite/output/data/html/summaries/attack_surface.html @@ -9,12 +9,12 @@
    {{#each items}}
    -
    Public Address: {{@key}}
    +
    Public Address: {{@key}}
    {{#if this.InstanceName}} -
    Instance Name: {{this.InstanceName}}
    +
    Instance Name: {{this.InstanceName}}
    {{/if}} {{#if this.PublicDnsName}} -
    Public DNS Name: {{this.PublicDnsName}}
    +
    Public DNS Name: {{this.PublicDnsName}}
    {{/if}}
      From b8df7da2772eb65d2d85fdeb09f9dc89afdc38e9 Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 19 Jul 2020 10:46:40 +0200 Subject: [PATCH 159/979] Add dynamodb support --- .../services.dynamodb.regions.id.tables.html | 28 ++++++++ ScoutSuite/providers/aws/facade/dynamodb.py | 72 +++++++++---------- .../aws/resources/dynamodb/backups.py | 26 ------- .../providers/aws/resources/dynamodb/base.py | 7 +- .../aws/resources/dynamodb/tables.py | 42 ++++++----- 5 files changed, 89 insertions(+), 86 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html delete mode 100644 ScoutSuite/providers/aws/resources/dynamodb/backups.py diff --git a/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html new file mode 100644 index 000000000..9bf89b617 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html @@ -0,0 +1,28 @@ + + + + + + + + + diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py index cc4b7c6f7..8c2b3ee56 100644 --- a/ScoutSuite/providers/aws/facade/dynamodb.py +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -1,56 +1,50 @@ -from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.aws.facade.base import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils -from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade +from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently, map_concurrently class DynamoDBFacade(AWSBaseFacade): - async def get_backups(self, region, table_name): + _GET_TABLES_BATCH_SIZE = 100 + + async def get_tables(self, region): try: - return await AWSFacadeUtils.get_all_pages( - "dynamodb", - region, - self.session, - "list_backups", - "BackupSummaries", - TableName=table_name, - ) + tables_names = await AWSFacadeUtils.get_all_pages('dynamodb', region, self.session, 'list_tables', + 'TableNames') + return await map_concurrently(self._get_table, tables_names, region=region) except Exception as e: - print_exception("Failed to get DynamoDB Backups for {}".format(table_name)) + print_exception('Failed to get DynamoDB tables: {}'.format(e)) return [] - async def get_tables(self, region): + async def _get_table(self, table_name: str, region: str): + client = AWSFacadeUtils.get_client('dynamodb', self.session, region) + try: - return await AWSFacadeUtils.get_all_pages( - "dynamodb", region, self.session, "list_tables", "TableNames" - ) + table = await run_concurrently(lambda: client.describe_table(TableName=table_name)['Table']) except Exception as e: - print_exception("Failed to get DynamoDB tables") - return [] + print_exception('Failed to get DynamoDB table: {}'.format(e)) + raise + else: + await get_and_set_concurrently( + [self._get_and_set_backup, self._get_and_set_continuous_backups], [table], region=region) + + return table + + async def _get_and_set_backup(self, table: {}, region: str): + client = AWSFacadeUtils.get_client('dynamodb', self.session, region) - async def get_tags_for_resource(self, region, resource_arn): try: - return await AWSFacadeUtils.get_all_pages( - "dynamodb", - region, - self.session, - "list_tags_of_resource", - "Tags", - ResourceArn=resource_arn, - ) + summaries = await run_concurrently(lambda: client.list_backups(TableName=table['TableName'])) + table['BackupSummaries'] = summaries.get('BackupSummaries') except Exception as e: - print_exception( - "Failed to get DynamoDB tags for resource {}".format(resource_arn) - ) - return [] + print_exception('Failed to list DynamoDB table backups: {}'.format(e)) + + async def _get_and_set_continuous_backups(self, table: {}, region: str): + client = AWSFacadeUtils.get_client('dynamodb', self.session, region) - async def get_table(self, region, table_name): - client = AWSFacadeUtils.get_client("dynamodb", self.session, region) try: - raw_table = await run_concurrently( - lambda: client.describe_table(TableName=table_name) - ) + description = await run_concurrently( + lambda: client.describe_continuous_backups(TableName=table['TableName'])) + table['ContinuousBackups'] = description.get('ContinuousBackupsDescription') except Exception as e: - print_exception("Failed to get table {}: {}".format(table_name, e)) - raw_table = None - return raw_table + print_exception('Failed to describe DynamoDB table continuous backups: {}'.format(e)) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/backups.py b/ScoutSuite/providers/aws/resources/dynamodb/backups.py deleted file mode 100644 index 7e25b78ac..000000000 --- a/ScoutSuite/providers/aws/resources/dynamodb/backups.py +++ /dev/null @@ -1,26 +0,0 @@ - -from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.resources.base import AWSResources - - -class Backups(AWSResources): - - def __init__(self, facade: AWSFacade, region: str) -> None: - super(Backups, self).__init__(facade) - self.region = region - - - async def fetch_all(self): - raw_backups = await self.facade.dynamodb.get_backups(self.region) - for raw_backup in raw_backups: - name, resource = await self._parse_backup(raw_backup) - self[name] = resource - - - async def _parse_backup(self, raw_backup): - backup = { - 'table_name': raw_backup.get('TableName'), - 'id': raw_backup.get('TableId'), - 'arn': raw_backup.get('TableArn'), - } - return backup['table_name'], backup diff --git a/ScoutSuite/providers/aws/resources/dynamodb/base.py b/ScoutSuite/providers/aws/resources/dynamodb/base.py index 479c04499..09f6c0155 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/base.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/base.py @@ -1,11 +1,12 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.regions import Regions - from .tables import Tables class DynamoDB(Regions): - _children = [(Tables, "tables")] + _children = [ + (Tables, 'tables') + ] def __init__(self, facade: AWSFacade): - super(DynamoDB, self).__init__("dynamodb", facade) + super(DynamoDB, self).__init__('dynamodb', facade) diff --git a/ScoutSuite/providers/aws/resources/dynamodb/tables.py b/ScoutSuite/providers/aws/resources/dynamodb/tables.py index e44530bd9..be6aa7673 100644 --- a/ScoutSuite/providers/aws/resources/dynamodb/tables.py +++ b/ScoutSuite/providers/aws/resources/dynamodb/tables.py @@ -1,29 +1,35 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import snake_keys class Tables(AWSResources): - def __init__(self, facade: AWSFacade, region: str) -> None: + def __init__(self, facade: AWSFacade, region: str): super(Tables, self).__init__(facade) self.region = region async def fetch_all(self): - tables = await self.facade.dynamodb.get_tables(self.region) - for table_name in tables: - raw_table = await self.facade.dynamodb.get_table(self.region, table_name) - table = await self._parse_table(raw_table) - self[table_name] = table + raw_tables = await self.facade.dynamodb.get_tables(self.region) + for raw_table in raw_tables: + name, resource = self._parse_table(raw_table) + self[name] = resource - async def _parse_table(self, raw_table): - table = {} - if raw_table["Table"]: - raw = raw_table["Table"] - if "SSEDescription" in raw: - table["sse_enabled"] = True - else: - table["sse_enabled"] = False - new_dict = snake_keys(raw) - table.update(new_dict) + def _parse_table(self, raw_table): + table_dict = {} + table_dict['name'] = raw_table.get('TableName') + table_dict['id'] = raw_table.get('TableId') + table_dict['arn'] = raw_table.get('TableArn') + table_dict['attribute_definitions'] = raw_table.get('AttributeDefinitions') + table_dict['key_schema'] = raw_table.get('KeySchema') + table_dict['table_status'] = raw_table.get('TableStatus') + table_dict['creation_date_time'] = raw_table.get('CreationDateTime') + table_dict['provisioned_throughput'] = raw_table.get('ProvisionedThroughput') + table_dict['table_size_bytes'] = raw_table.get('TableSizeBytes') + table_dict['item_count'] = raw_table.get('ItemCount') + table_dict['backup_summaries'] = raw_table.get('BackupSummaries') + table_dict['continuous_backups'] = raw_table.get('ContinuousBackups') - return table + table_dict['automatic_backups_enabled'] = \ + raw_table['ContinuousBackups']['PointInTimeRecoveryDescription']['PointInTimeRecoveryStatus'] == 'ENABLED' \ + if 'ContinuousBackups' in raw_table else None + + return table_dict['id'], table_dict From 3f42c408aa10012a1ba877972435e809e156cb7c Mon Sep 17 00:00:00 2001 From: xga Date: Sun, 19 Jul 2020 11:24:09 +0200 Subject: [PATCH 160/979] Add tags --- .../aws/services.dynamodb.regions.id.tables.html | 12 +++++++++++- ScoutSuite/providers/aws/facade/dynamodb.py | 15 ++++++++++++++- .../providers/aws/resources/dynamodb/tables.py | 1 + 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html index 9bf89b617..d72f7efdb 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html +++ b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html @@ -7,12 +7,22 @@

      {{name}}

      Information

      ID: {{value_or_none id}}
      -
      Arn: {{value_or_none arn}}
      +
      ARN: {{value_or_none arn}}
      Status: {{value_or_none table_status}}
      Creation Date: {{format_date creation_date_time}}
      Automatic Backups: {{convert_bool_to_enabled automatic_backups_enabled}}
      Item Count: {{value_or_none item_count}}
      + {{#if tags}} +
      +

      Tags

      +
        + {{#each tags}} +
      • {{Key}}: {{Value}}
        • + {{/each}} +
      +
      + {{/if}} + + + + + + diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html deleted file mode 100755 index 12cabd25f..000000000 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.flow_logs.html +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - diff --git a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py index a6a137565..807ebc221 100755 --- a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py +++ b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py @@ -5,17 +5,30 @@ class FlowLogs(AWSResources): def __init__(self, facade: AWSFacade, region: str): - self.region = region - super().__init__(facade) + self.facade = facade + self.region = region async def fetch_all(self): raw_logs = await self.facade.ec2.get_flow_logs(self.region) + for raw_log in raw_logs: id, log = self._parse_log(raw_log) self[id] = log - def _parse_log(self, raw_log): - get_name(raw_log, raw_log, 'FlowLogId') - log_id = raw_log.pop('FlowLogId') - return log_id, raw_log + def _parse_log(self, raw_flow_log): + flow_log_dict = {} + flow_log_dict['name'] = flow_log_dict['id'] = raw_flow_log.get('ResourceId') + flow_log_dict['creation_time'] = raw_flow_log.get('CreationTime') + flow_log_dict['deliver_logs_error_message'] = raw_flow_log.get('DeliverLogsErrorMessage') + flow_log_dict['deliver_logs_status'] = raw_flow_log.get('DeliverLogsStatus') + flow_log_dict['flow_log_status'] = raw_flow_log.get('FlowLogStatus') + flow_log_dict['resource_id'] = raw_flow_log.get('ResourceId') + flow_log_dict['traffic_type'] = raw_flow_log.get('TrafficType') + flow_log_dict['log_destination_type'] = raw_flow_log.get('LogDestinationType') + flow_log_dict['log_destination'] = raw_flow_log.get('LogDestination') + flow_log_dict['log_format'] = raw_flow_log.get('LogFormat') + flow_log_dict['tags'] = raw_flow_log.get('Tags') + flow_log_dict['max_aggregation_interval'] = raw_flow_log.get('MaxAggregationInterval') + return flow_log_dict['id'], flow_log_dict + From 9b5f1bcab589630f3c1552567b85ba87d60cdfbc Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 3 Aug 2020 11:12:27 +0200 Subject: [PATCH 181/979] Improve support for flow logs --- .../partials/aws/services.vpc.regions.id.vpcs.id.subnets.html | 2 +- ScoutSuite/providers/aws/resources/vpc/flow_logs.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html index 7cecbe4e5..1e661f7c9 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.id.subnets.html @@ -36,7 +36,7 @@

      {{this.name}} +
    • {{this.FlowLogId}}
      • {{/each}}

    diff --git a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py index 807ebc221..63051c69e 100755 --- a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py +++ b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py @@ -18,7 +18,7 @@ async def fetch_all(self): def _parse_log(self, raw_flow_log): flow_log_dict = {} - flow_log_dict['name'] = flow_log_dict['id'] = raw_flow_log.get('ResourceId') + flow_log_dict['name'] = flow_log_dict['id'] = raw_flow_log.get('FlowLogId') flow_log_dict['creation_time'] = raw_flow_log.get('CreationTime') flow_log_dict['deliver_logs_error_message'] = raw_flow_log.get('DeliverLogsErrorMessage') flow_log_dict['deliver_logs_status'] = raw_flow_log.get('DeliverLogsStatus') From 043d1ac537d04429888b7738f271317c90115639 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 3 Aug 2020 11:19:27 +0200 Subject: [PATCH 182/979] Restore VPC flow logs in report and callback --- .../aws/services.vpc.regions.id.vpcs.html | 10 +++ ScoutSuite/providers/aws/provider.py | 65 +++++++++---------- 2 files changed, 41 insertions(+), 34 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html index 76525fd97..35144b617 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html @@ -52,6 +52,16 @@

    Instances accordion_id = (concat 'services.vpc.regions' region 'vpcs' @key 'peering_connections') }}

    +
    +

    Flow logs + {{> count_badge count=flow_logs.length}} +

    +
      + {{#each flow_logs}} +
    • {{this}}
      • + {{/each}} +
    +
    diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json index 0732cf3d7..74211e0df 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-default-rule-in-use.json @@ -15,5 +15,6 @@ "default-allow-ssh" ] ] - ] + ], + "id_suffix": "name" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json index 40f8d11fd..11db83563 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json @@ -26,5 +26,6 @@ "equal", "0-65535" ] - ] + ], + "id_suffix": "permissive_ports" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json index 42c7ff669..dafd43870 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json @@ -31,5 +31,6 @@ "containAtLeastOneOf", "10.128.0.0/9" ] - ] + ], + "id_suffix": "permissive_ports" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json index dff3be0c1..bfccf44c2 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json @@ -31,5 +31,6 @@ "notEqual", "0-65535" ] - ] + ], + "id_suffix": "permissive_ports" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json index dbdc67133..f099de81d 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-public-access.json @@ -25,5 +25,6 @@ "containAtLeastOneOf", "0.0.0.0/0" ] - ] + ], + "id_suffix": "source_ranges" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json index ec5c96e5d..f6ae3dd11 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json @@ -31,5 +31,6 @@ "containAtLeastOneOf", "0.0.0.0/0" ] - ] + ], + "id_suffix": "permissive_ports" } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json index 5969de7c4..0d96cefc0 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-sensitive-port-to-all.json @@ -42,5 +42,6 @@ "54322" ] ] - ] + ], + "id_suffix": "permissive_ports" } \ No newline at end of file From ca015705d70bf264d2ad4479041eddba98e42b7c Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 22 Aug 2020 14:20:18 +0200 Subject: [PATCH 211/979] Fix for https://github.com/nccgroup/ScoutSuite/issues/801 --- ...virtualmachines.subscriptions.id.disks.html | 9 ++++----- ...ualmachines.subscriptions.id.snapshots.html | 2 +- .../azure/resources/virtualmachines/disks.py | 18 ++++++++++++------ .../resources/virtualmachines/snapshots.py | 16 +++++++++++----- .../virtual-machines-disk-encryption.json | 6 +++--- 5 files changed, 31 insertions(+), 20 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html index 96d60ad33..8df5c0503 100644 --- a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html +++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.disks.html @@ -6,15 +6,14 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    -
    Unique Id: {{value_or_none unique_id}}
    +
    Unique ID: {{value_or_none unique_id}}
    +
    Location: {{value_or_none location}}
    +
    Time Created: {{format_date time_created}}
    Provisioning State: {{value_or_none provisioning_state}}
    Disk State: {{value_or_none disk_state}}
    -
    Time Created: {{format_date time_created}}
    -
    Location: {{value_or_none location}}
    Zones: {{value_or_none zones}}
    -
    Encryption: {{convert_bool_to_enabled encryption_enabled}}
    +
    Encryption Type: {{value_or_none encryption_type}}
    OS Type: {{value_or_none os_type}}
    -
    Managed By: {{value_or_none managed_by}}
    Hyper V Generation: {{value_or_none hyper_vgeneration}}
    Disk Size GB: {{value_or_none disk_size_gb}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html index eb69d2cf6..53378eb73 100644 --- a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html +++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.snapshots.html @@ -10,7 +10,7 @@

    Information

    Provisioning State: {{value_or_none provisioning_state}}
    Time Created: {{format_date time_created}}
    Location: {{value_or_none location}}
    -
    Encryption: {{convert_bool_to_enabled encryption_enabled}}
    +
    Encryption Type: {{value_or_none encryption_type}}
    OS Type: {{value_or_none os_type}}
    Managed By: {{value_or_none managed_by}}
    Hyper V Generation: {{value_or_none hyper_vgeneration}}
    diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index 05d3c5302..d0692d0e8 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -17,6 +17,7 @@ async def fetch_all(self): def _parse_disk(self, raw_disk): disk_dict = {} disk_dict['id'] = get_non_provider_id(raw_disk.id) + disk_dict['unique_id'] = raw_disk.unique_id disk_dict['name'] = raw_disk.name disk_dict['type'] = raw_disk.type disk_dict['location'] = raw_disk.location @@ -30,19 +31,24 @@ def _parse_disk(self, raw_disk): disk_dict['creation_data'] = raw_disk.creation_data disk_dict['disk_size_gb'] = raw_disk.disk_size_gb disk_dict['disk_size_bytes'] = raw_disk.disk_size_bytes - disk_dict['unique_id'] = raw_disk.unique_id disk_dict['provisioning_state'] = raw_disk.provisioning_state disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write disk_dict['disk_mbps_read_write'] = raw_disk.disk_mbps_read_write disk_dict['disk_state'] = raw_disk.disk_state disk_dict['additional_properties'] = raw_disk.additional_properties - disk_dict['encryption'] = raw_disk.encryption - disk_dict['encryption_settings_collection'] = raw_disk.encryption_settings_collection - if raw_disk.encryption_settings_collection and raw_disk.encryption_settings_collection.enabled: - disk_dict['encryption_enabled'] = True + # TODO this can be removed + # disk_dict['encryption'] = raw_disk.encryption + # disk_dict['encryption_settings_collection'] = raw_disk.encryption_settings_collection + # if raw_disk.encryption_settings_collection and raw_disk.encryption_settings_collection.enabled: + # disk_dict['encryption_enabled'] = True + # else: + # disk_dict['encryption_enabled'] = False + + if raw_disk.encryption and raw_disk.encryption.type: + disk_dict['encryption_type'] = raw_disk.encryption.type else: - disk_dict['encryption_enabled'] = False + disk_dict['encryption_type'] = None return disk_dict['id'], disk_dict diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py index 2ff5219ad..208f9ae12 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py @@ -35,12 +35,18 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['incremental'] = raw_snapshot.incremental snapshot_dict['additional_properties'] = raw_snapshot.additional_properties - snapshot_dict['encryption'] = raw_snapshot.encryption - snapshot_dict['encryption_settings_collection'] = raw_snapshot.encryption_settings_collection - if raw_snapshot.encryption_settings_collection and raw_snapshot.encryption_settings_collection.enabled: - snapshot_dict['encryption_enabled'] = True + # TODO this can be removed + # snapshot_dict['encryption'] = raw_snapshot.encryption + # snapshot_dict['encryption_settings_collection'] = raw_snapshot.encryption_settings_collection + # if raw_snapshot.encryption_settings_collection and raw_snapshot.encryption_settings_collection.enabled: + # snapshot_dict['encryption_enabled'] = True + # else: + # snapshot_dict['encryption_enabled'] = False + + if raw_snapshot.encryption and raw_snapshot.encryption.type: + snapshot_dict['encryption_type'] = raw_snapshot.encryption.type else: - snapshot_dict['encryption_enabled'] = False + snapshot_dict['encryption_type'] = None return snapshot_dict['id'], snapshot_dict diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json index a80b8fd64..2feb4a840 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json @@ -38,10 +38,10 @@ "conditions": [ "and", [ - "virtualmachines.subscriptions.id.disks.id.encryption_enabled", - "false", + "virtualmachines.subscriptions.id.disks.id.encryption_type", + "null", "" ] ], - "id_suffix": "encryption_enabled" + "id_suffix": "encryption_type" } \ No newline at end of file From 785e9e0dbca3e52b581ff96ec51394814af86fe6 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 22 Aug 2020 14:23:20 +0200 Subject: [PATCH 212/979] Remove redundant output --- ScoutSuite/providers/azure/facade/base.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index 3f4cc3fe5..48d282b1c 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -102,7 +102,6 @@ def _set_subscriptions(self): print_exception('Unable to infer a Subscription ID') # raise finally: - print_info(f'Running against the "{s.subscription_id}" subscription') subscriptions_list.append(s) # All subscriptions From 72ccd7c818c1b1d94f3b032a4e310d8021884993 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 22 Aug 2020 14:31:14 +0200 Subject: [PATCH 213/979] Set debug level --- ScoutSuite/providers/azure/authentication_strategy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 312b5acb0..59c67b0a8 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -92,6 +92,7 @@ def authenticate(self, # Set logging level to error for libraries as otherwise generates a lot of warnings logging.getLogger('adal-python').setLevel(logging.ERROR) logging.getLogger('msrest').setLevel(logging.ERROR) + logging.getLogger('msrestazure.azure_active_directory').setLevel(logging.ERROR) logging.getLogger('urllib3').setLevel(logging.ERROR) logging.getLogger('cli.azure.cli.core').setLevel(logging.ERROR) From 6375ed9ca876308e8a594775401de0c797c20e49 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 22 Aug 2020 14:33:13 +0200 Subject: [PATCH 214/979] Debug --- ScoutSuite/providers/azure/provider.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index 4da8d9ed8..19f5be98a 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -39,6 +39,8 @@ def __init__(self, try: self.account_id = self.credentials.get_tenant_id() except Exception as e: + print_exception('CANT FIND TENANT ID') + print(self.credentials) self.account_id = 'undefined' self.services = AzureServicesConfig(self.credentials, From 3d2481d78a80162339e886e3bd07b7cb201cdeb3 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 22 Aug 2020 21:20:44 +0200 Subject: [PATCH 215/979] Fix tenant ID pulling --- .../providers/azure/authentication_strategy.py | 15 +++++++++++++-- ScoutSuite/providers/azure/provider.py | 2 -- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 59c67b0a8..33e7933c2 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,11 +1,12 @@ import json import logging +import requests from getpass import getpass from datetime import datetime, timedelta from azure.common.credentials import ServicePrincipalCredentials, UserPassCredentials, get_azure_cli_credentials from msrestazure.azure_active_directory import MSIAuthentication -from ScoutSuite.core.console import print_info, print_debug +from ScoutSuite.core.console import print_info, print_debug, print_exception from msrestazure.azure_active_directory import AADTokenCredentials import adal @@ -32,8 +33,18 @@ def __init__(self, def get_tenant_id(self): if self.tenant_id: return self.tenant_id - else: + elif 'tenant_id' in self.aad_graph_credentials.token: return self.aad_graph_credentials.token['tenant_id'] + else: + # This is a last resort, e.g. for MSI authentication + try: + h = {'Authorization': 'Bearer {}'.format(self.arm_credentials.token['access_token'])} + r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) + r2 = r.json() + return r2.get('value')[0].get('tenantId') + except Exception as e: + print_exception('Unable to infer tenant ID: {}'.format(e)) + return None def get_credentials(self, resource): if resource == 'arm': diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index 19f5be98a..4da8d9ed8 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -39,8 +39,6 @@ def __init__(self, try: self.account_id = self.credentials.get_tenant_id() except Exception as e: - print_exception('CANT FIND TENANT ID') - print(self.credentials) self.account_id = 'undefined' self.services = AzureServicesConfig(self.credentials, From d566a64f7278e1b42d1d84cc5f702006937eea6e Mon Sep 17 00:00:00 2001 From: Thomas Morledge Date: Wed, 26 Aug 2020 10:03:08 +0100 Subject: [PATCH 216/979] Fixed Azure CLI not installing. Install vim and nano to make the docker image more usable --- container/docker/src/Dockerfile | 10 ++++- .../src/bin/container-install-additional.sh | 5 +++ .../docker/src/bin/container-install-azure.sh | 38 +++++++++---------- 3 files changed, 32 insertions(+), 21 deletions(-) create mode 100755 container/docker/src/bin/container-install-additional.sh diff --git a/container/docker/src/Dockerfile b/container/docker/src/Dockerfile index 01aa9ed29..6f15525d1 100644 --- a/container/docker/src/Dockerfile +++ b/container/docker/src/Dockerfile @@ -1,4 +1,4 @@ -FROM python:latest +FROM python:3.8 LABEL maintainer="Jason Ross " @@ -24,6 +24,9 @@ LABEL \ # Copy helper scripts to container COPY ./bin /root/bin +# Install any additional software +RUN ["/bin/bash", "-c", "/root/bin/container-install-additional.sh"] + # Set a nice message RUN ["/bin/bash", "-c", "/root/bin/container-set-motd.sh"] @@ -39,5 +42,8 @@ RUN ["/bin/bash", "-c", "/root/bin/container-install-gcp.sh"] # Install ScoutSuite RUN ["/bin/bash", "-c", "/root/bin/container-install-scoutsuite.sh"] -# Entrypoint +# Remove scripts +RUN ["rm", "-rf", "/root/bin"] + +# Command CMD ["/bin/bash"] \ No newline at end of file diff --git a/container/docker/src/bin/container-install-additional.sh b/container/docker/src/bin/container-install-additional.sh new file mode 100755 index 000000000..da24cd350 --- /dev/null +++ b/container/docker/src/bin/container-install-additional.sh @@ -0,0 +1,5 @@ +#!/bin/bash +apt-get update +apt-get install -y vim nano + +echo -e "Additional Software Installation Complete!\n\n" \ No newline at end of file diff --git a/container/docker/src/bin/container-install-azure.sh b/container/docker/src/bin/container-install-azure.sh index 1255b6de3..8e9024072 100755 --- a/container/docker/src/bin/container-install-azure.sh +++ b/container/docker/src/bin/container-install-azure.sh @@ -20,25 +20,25 @@ echo -e "\n\nAzure CLI Installation Starting...\n\n" # manual process -# add msft gpg key to apt -curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft.asc.gpg - -# set the right repo name -CLI_REPO=$(lsb_release -cs) - -# MSFT has no repo for focal yet, force the system to use eoan instead -if [[ ${CLI_REPO} -eq "focal" ]]; then - CLI_REPO="eoan" -fi - -# add the msft repo to apt -echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ - > /etc/apt/sources.list.d/azure-cli.list - -# install the software -apt-get update && apt-get install -y azure-cli - -# curl -sL https://aka.ms/InstallAzureCLIDeb | bash +# # add msft gpg key to apt +# curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft.asc.gpg +# +# # set the right repo name +# CLI_REPO=$(lsb_release -cs) +# +# # MSFT has no repo for focal yet, force the system to use eoan instead +# if [[ ${CLI_REPO} -eq "focal" ]]; then +# CLI_REPO="eoan" +# fi +# +# # add the msft repo to apt +# echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ +# > /etc/apt/sources.list.d/azure-cli.list +# +# # install the software +# apt-get update && apt-get install -y azure-cli + +curl -sL https://aka.ms/InstallAzureCLIDeb | bash echo -e "\n" az --version From 4dca0e4f7d4f8691bf1c05e6ea9bf11a4f971f27 Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Fri, 28 Aug 2020 10:38:57 -0400 Subject: [PATCH 217/979] added less to install-additional --- container/docker/src/bin/container-install-additional.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/container/docker/src/bin/container-install-additional.sh b/container/docker/src/bin/container-install-additional.sh index da24cd350..3502d7fb1 100755 --- a/container/docker/src/bin/container-install-additional.sh +++ b/container/docker/src/bin/container-install-additional.sh @@ -1,5 +1,5 @@ #!/bin/bash apt-get update -apt-get install -y vim nano +apt-get install -y vim nano less -echo -e "Additional Software Installation Complete!\n\n" \ No newline at end of file +echo -e "Additional Software Installation Complete!\n\n" From 6fc0dae9177b012dd7c9cf826c15052be1ec95d9 Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Sat, 29 Aug 2020 16:39:35 -0400 Subject: [PATCH 218/979] Scaffhold for GuardDuty --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 2 ++ ScoutSuite/providers/aws/facade/base.py | 8 ++++++++ ScoutSuite/providers/aws/metadata.json | 7 +++++++ ScoutSuite/providers/aws/services.py | 9 +++++++++ ScoutSuite/utils.py | 1 + 5 files changed, 27 insertions(+) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index 09134ece1..c9c5ea5bd 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1208,6 +1208,8 @@ function makeTitle(title) { return 'DocumentDB' } else if (title === 'dynamodb') { return 'DynamoDB' + } else if (title === 'guardduty') { + return 'GuardDuty' } else if (title === 'secretsmanager') { return 'Secrets Manager' } else if (title === 'elasticache') { diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index 74dcbe818..f74c01637 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -51,6 +51,10 @@ from ScoutSuite.providers.aws.facade.eks_private import EKSFacade except ImportError: pass +try: + from ScoutSuite.providers.aws.facade.guardduty_private import GuardDutyFacade +except ImportError: + pass class AWSFacade(AWSBaseFacade): @@ -281,3 +285,7 @@ def _instantiate_facades(self): self.eks = EKSFacade(self.session) except NameError: pass + try: + self.guardduty = GuardDuty(self.session) + except NameError: + pass diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 131db99cb..b5aba6320 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -399,6 +399,13 @@ } } }, + "guardduty": { + "resources": { + "detectors": { + "path": "services.guardduty.regions.id.detectors" + } + } + }, "kms": { "resources": { "keys": { diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index c5ef852f9..70f9d27ac 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -47,6 +47,10 @@ from ScoutSuite.providers.aws.resources.private_eks.base import EKS except ImportError: pass +try: + from ScoutSuite.providers.aws.resources.private_guardduty.base import GuardDuty +except ImportError: + pass class AWSServicesConfig(BaseServicesConfig): @@ -61,6 +65,7 @@ class AWSServicesConfig(BaseServicesConfig): :ivar ecs: ECS configuration :ivar ecr: ECR configuration :ivar eks: EKS configuration + :ivar guarduty: GuardDuty configuration :ivar iam: IAM configuration :ivar kms: KMS configuration :ivar rds: RDS configuration @@ -124,6 +129,10 @@ def __init__(self, credentials=None, **kwargs): self.eks = EKS(facade) except NameError as _: pass + try: + self.guardduty = GuardDuty(facade) + except NameError as _: + pass def _is_provider(self, provider_name): return provider_name == 'aws' diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 0c72b57da..c2cde17c7 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -24,6 +24,7 @@ 'elbv2': 'ELBv2', 'eks': 'EKS', 'elasticache': 'ElastiCache', + 'guardduty': 'GuardDuty', 'lambda': 'Lambda', 'awslambda': 'Lambda', 'redshift': 'RedShift', From 3d6303b016c6954b1e073ea6e7c442d3891d0d80 Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Sat, 29 Aug 2020 17:31:16 -0400 Subject: [PATCH 219/979] fix facade ref --- ScoutSuite/providers/aws/facade/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index f74c01637..bf7ff8029 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -286,6 +286,6 @@ def _instantiate_facades(self): except NameError: pass try: - self.guardduty = GuardDuty(self.session) + self.guardduty = GuardDutyFacade(self.session) except NameError: pass From c28bfc8507746e042964b9cc97ce3fa85f9d96cd Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Sat, 29 Aug 2020 20:15:25 -0400 Subject: [PATCH 220/979] Gather addtional context for Cloudformation Stacks --- .../services.cloudformation.regions.id.stacks.html | 11 +++++++++++ ScoutSuite/providers/aws/facade/cloudformation.py | 13 ++++++++++++- .../aws/resources/cloudformation/stacks.py | 2 +- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html b/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html index 62571b6f0..8bc5e1aa7 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudformation.regions.id.stacks.html @@ -23,6 +23,17 @@

    Information

    Termination protection enabled: {{EnableTerminationProtection}}
    Configuration has drifted: {{drifted}}
    Deletion policy: {{deletion_policy}}
    +
    Notification ARNs: + +
      + {{#each notificationARNs}} +
    • {{this}}
      • + {{else}} +
    • None
      • + {{/each}} +
    +     +

    Capabilities {{> count_badge count=Capabilities.length}}

    diff --git a/ScoutSuite/providers/aws/facade/cloudformation.py b/ScoutSuite/providers/aws/facade/cloudformation.py index 2593eadf7..4b5365d52 100755 --- a/ScoutSuite/providers/aws/facade/cloudformation.py +++ b/ScoutSuite/providers/aws/facade/cloudformation.py @@ -19,7 +19,7 @@ async def get_stacks(self, region: str): else: stacks = [stack for stack in stacks if not CloudFormation._is_stack_deleted(stack)] await get_and_set_concurrently( - [self._get_and_set_description, self._get_and_set_template, self._get_and_set_policy], + [self._get_and_set_description, self._get_and_set_template, self._get_and_set_policy, self._get_stack_notifications], stacks, region=region) finally: return stacks @@ -54,6 +54,17 @@ async def _get_and_set_policy(self, stack: {}, region: str): if 'StackPolicyBody' in stack_policy: stack['policy'] = json.loads(stack_policy['StackPolicyBody']) + async def _get_stack_notifications(self, stack: {}, region: str): + client = AWSFacadeUtils.get_client('cloudformation', self.session, region) + try: + stack_notifications = await run_concurrently( + lambda: client.describe_stacks(StackName=stack['StackName'])['Stacks']) + except Exception as e: + print_exception(f'Failed to describe CloudFormation stack: {e}') + else: + if 'NotificationARNs' in stack_notifications: + stack['NotificationARNs'] = stack_notifications['NotificationARNs'] + @staticmethod def _is_stack_deleted(stack): return stack.get('StackStatus', None) == 'DELETE_COMPLETE' diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index 7909ba24a..18db43e9d 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -22,7 +22,7 @@ def _parse_stack(self, raw_stack): 'StackDriftStatus'] == 'DRIFTED' raw_stack['termination_protection'] = raw_stack['EnableTerminationProtection'] raw_stack['arn'] = raw_stack['id'] - + raw_stack['notificationARNs'] = raw_stack['NotificationARNs'] template = raw_stack.pop('template') raw_stack['deletion_policy'] = self.has_deletion_policy(template) From 49d013586f92f7539e7b9f4def00c8fb42970e54 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Tue, 1 Sep 2020 12:00:58 +0200 Subject: [PATCH 221/979] Added tags to users --- ScoutSuite/providers/aws/facade/iam.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/facade/iam.py b/ScoutSuite/providers/aws/facade/iam.py index 4bdf5fbde..af9f44a3e 100755 --- a/ScoutSuite/providers/aws/facade/iam.py +++ b/ScoutSuite/providers/aws/facade/iam.py @@ -99,6 +99,7 @@ async def get_users(self): await get_and_set_concurrently( [functools.partial(self._get_and_set_inline_policies, iam_resource_type='user'), self._get_and_set_user_groups, + self._get_and_set_user_tags, self._get_and_set_user_login_profile, self._get_and_set_user_access_keys, self._get_and_set_user_mfa_devices], @@ -124,6 +125,10 @@ async def _get_and_set_user_groups(self, user: {}): 'iam', None, self.session, 'list_groups_for_user', 'Groups', UserName=user['UserName']) user['groups'] = [group['GroupName'] for group in groups] + async def _get_and_set_user_tags(self, user: {}): + client = AWSFacadeUtils.get_client('iam', self.session) + user['tags'] = client.list_user_tags(UserName=user['UserName']) + async def get_roles(self): roles = await AWSFacadeUtils.get_all_pages('iam', None, self.session, 'list_roles', 'Roles') for role in roles: From f1c5c71d5466086338e202b2e907e6fb8fd40488 Mon Sep 17 00:00:00 2001 From: Rami McCarthy Date: Tue, 1 Sep 2020 10:55:49 -0400 Subject: [PATCH 222/979] improve rationale, id_suffix, fix #823 --- .../findings/iam-inline-policy-allows-non-sts-action.json | 7 ++++--- .../findings/iam-managed-policy-allows-non-sts-action.json | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json index 7e02c749d..5aacfc5c2 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json @@ -1,6 +1,6 @@ { "description": "Inline _ARG_0_ Policy Allows Non STS Action", - "rationale": "This configuration goes against organizational policies.", + "rationale": "When the principle of least privilege is implemented by exclusively using roles for privilege management, users should only be granted permissions to assume roles. This policy may violate that organizational standard.", "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" ], @@ -33,5 +33,6 @@ "IAM entity type", "Service", "Action" - ] -} \ No newline at end of file + ], + "id_suffix": "inline_non_sts" +} diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json index 5109cfc69..49b54d579 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json @@ -1,6 +1,6 @@ { "description": "Managed Policy Allows Non STS Action", - "rationale": "This configuration goes against organizational policies.", + "rationale": "When the principle of least privilege is implemented by exclusively using roles for privilege management, users should only be granted permissions to assume roles. This policy may violate that organizational standard.", "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" ], @@ -31,5 +31,6 @@ "arg_names": [ "Service", "Action" - ] -} \ No newline at end of file + ], + "id_suffix": "managed_non_sts" +} From c11989cae0d3283bcc7c2345749b1d8683f39171 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Wed, 2 Sep 2020 15:04:58 +0200 Subject: [PATCH 223/979] Show user tags on HTML --- .../output/data/html/partials/aws/services.iam.users.html | 6 ++++++ ScoutSuite/providers/aws/resources/iam/users.py | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html index f92b7450b..c70558327 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html @@ -7,6 +7,12 @@

    {{name}}

    Information

    Creation date: {{CreateDate}}
    +

    Tags:

    +
      + {{#each Tags}} +
    • {{Key}} - {{Value}}
      • + {{/each}} +

    Authentication methods

    diff --git a/ScoutSuite/providers/aws/resources/iam/users.py b/ScoutSuite/providers/aws/resources/iam/users.py index 1474256a9..ace1dcb7a 100755 --- a/ScoutSuite/providers/aws/resources/iam/users.py +++ b/ScoutSuite/providers/aws/resources/iam/users.py @@ -16,5 +16,6 @@ def _parse_user(self, raw_user): raw_user['id'] = raw_user.pop('UserId') raw_user['name'] = raw_user.pop('UserName') raw_user['arn'] = raw_user.pop('Arn') - + if (len(raw_user['tags']['Tags']) > 0): + raw_user['Tags'] = raw_user['tags']['Tags'] return raw_user['id'], raw_user From 375e7876e360b211473b277dc66f35debc892019 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 5 Sep 2020 12:52:32 +0200 Subject: [PATCH 224/979] Add badges --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 854457468..024c9db1b 100755 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ [![CodeCov](https://codecov.io/gh/nccgroup/ScoutSuite/branch/master/graph/badge.svg)](https://codecov.io/gh/nccgroup/ScoutSuite) [![PyPI version](https://badge.fury.io/py/ScoutSuite.svg)](https://badge.fury.io/py/ScoutSuite) [![PyPI downloads](https://img.shields.io/pypi/dm/scoutsuite)](https://img.shields.io/pypi/dm/scoutsuite) +[![Docker Hub](https://img.shields.io/badge/Docker%20Hub-rossja%2Fncc--scoutsuite-blue)](https://hub.docker.com/r/rossja/ncc-scoutsuite/) +[![Docker Pulls](https://img.shields.io/docker/pulls/rossja/ncc-scoutsuite.svg?style=flat-square)](https://hub.docker.com/r/rossja/ncc-scoutsuite/) ## Description From 198e9e8934ca89f171df109b13875665d30d4443 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 5 Sep 2020 12:52:42 +0200 Subject: [PATCH 225/979] Prepare for wiki move --- container/docker/README.md | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/container/docker/README.md b/container/docker/README.md index 43bdf8992..e8cb9446d 100644 --- a/container/docker/README.md +++ b/container/docker/README.md @@ -1,11 +1,4 @@ -# NCC-ScoutSuite - -[![Docker build status](https://img.shields.io/docker/cloud/build/rossja/ncc-scoutsuite)]( https://img.shields.io/docker/cloud/build/rossja/ncc-scoutsuite) -[![](https://images.microbadger.com/badges/image/rossja/ncc-scoutsuite.svg)](https://microbadger.com/images/rossja/ncc-scoutsuite) -[![](https://images.microbadger.com/badges/version/rossja/ncc-scoutsuite.svg)](https://microbadger.com/images/rossja/ncc-scoutsuite) -[![Docker Pulls](https://img.shields.io/docker/pulls/rossja/ncc-scoutsuite.svg?style=flat-square)](https://hub.docker.com/r/rossja/ncc-scoutsuite/) -[![Docker Hub](https://img.shields.io/badge/Docker%20Hub-rossja%2Fncc--scoutsuite-blue)](https://hub.docker.com/r/rossja/ncc-scoutsuite/) - +# Docker Image ## Quick Links @@ -20,7 +13,7 @@ ## Overview -This image is an Ubuntu based container that comes with all pre-requisite software required to run ScoutSuite. It's based on the Ubuntu 20.04 docker base. The current version of ScoutSuite installed in the [DockerHub image](https://hub.docker.com/r/rossja/ncc-scoutsuite) is: `Scout Suite 5.8.1` +This image is an Ubuntu based container that comes with all pre-requisite software required to run ScoutSuite. It's based on the Ubuntu 20.04 docker base. The following CLI tools are also installed: @@ -61,7 +54,6 @@ gsutil 4.50 kubectl 2020.05.01 ~~~ - ---- @@ -72,10 +64,10 @@ There are two ways to run the ScoutSuite Docker image: 1. Grab the image from DockerHub and run it: `docker run -it rossja/ncc-scoutsuite bash` 1. Build the container from this source: - 1. Clone the [ScoutSuite GitHub Repo](https://github.com/nccgroup/ScoutSuite) - 1. Change to the `ScoutSuite/container/docker` directory - 1. Run `docker-compose up --build` to create the container - 1. Run ScoutSuite in the container using `docker run -it scoutsuite bash`. + 1. Clone the [ScoutSuite GitHub Repo](https://github.com/nccgroup/ScoutSuite) + 1. Change to the `ScoutSuite/container/docker` directory + 1. Run `docker-compose up --build` to create the container + 1. Run ScoutSuite in the container using `docker run -it scoutsuite bash`. ---- @@ -99,7 +91,6 @@ root@1350ede02c47:~# source scoutsuite/bin/activate * Since this is a container, there's no GUI, and no browser, so passing the `--no-browser` probably makes sense. * Likewise, setting a specific report directory using something like `--report-dir /root/scout-report` is a good idea. *(The default location is `$HOME/scoutsuite-report`)* - ---- @@ -141,7 +132,6 @@ scout aws --profile scout-user01 --no-browser --report-dir /root/scout-report 2020-01-03 17:46:16 460837197ae9 scout[7087] INFO Creating /root/scout-report/aws-scout-user01.html ~~~ - ---- @@ -188,16 +178,17 @@ You can shortcut this process by simply combining the `docker ps` command with t docker cp $(docker ps -f ancestor=rossja/ncc-scoutsuite --format "{{.ID}}"):/root/scout-report ./ ~~~ - ---- ## Viewing the Output File The report itself can be viewed using a web browser, by opening the file `./scout-report/aws-.html`. + For example, if you ran the scout tool against AWS using the profile `scout-user01`, the report HTML file is at `./scout-report/aws-scout-01.html`. **NOTES**: **AWS**: If you used the default AWS profile credentials, the profile name is the numerical ID portion of the ARN for the user, rather than a specific profile or user name. + **GCP**: The scout report will be named using the project ID that was passed in. From e9351b2109144a2881ef2d63cf1774d39bb6f279 Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 5 Sep 2020 12:58:50 +0200 Subject: [PATCH 226/979] Remove useless suffixes --- .../findings/iam-inline-policy-allows-non-sts-action.json | 3 +-- .../findings/iam-managed-policy-allows-non-sts-action.json | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json index 5aacfc5c2..ce7b88bd5 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json @@ -33,6 +33,5 @@ "IAM entity type", "Service", "Action" - ], - "id_suffix": "inline_non_sts" + ] } diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json index 49b54d579..bb1f2ef82 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json @@ -31,6 +31,5 @@ "arg_names": [ "Service", "Action" - ], - "id_suffix": "managed_non_sts" + ] } From 04a334158ab5cca4b38f99c4fd79339040408bdd Mon Sep 17 00:00:00 2001 From: xga Date: Sat, 5 Sep 2020 16:24:12 +0200 Subject: [PATCH 227/979] Normalize implementation --- .../html/partials/aws/services.iam.users.html | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html index c70558327..5a4ccffd9 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html @@ -6,13 +6,7 @@

    {{name}}

    Information

    -
    Creation date: {{CreateDate}}
    -

    Tags:

    -
      - {{#each Tags}} -
    • {{Key}} - {{Value}}
      • - {{/each}} -
    +
    Creation date: {{format_date CreateDate}}

    Authentication methods

    @@ -59,6 +53,16 @@

    Groups

    {{> services.iam.inline_policies resource_type = 'users' resource_id = id}} {{> services.iam.policies_list resource_type = 'users' resource_id = id}} + {{#if Tags}} +
    +

    Tags

    +
      + {{#each Tags}} +
    • {{Key}}: {{Value}}
      • + {{/each}} +
    +
    + {{/if}} diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 7a6b1780c..d5f40d22f 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -79,6 +79,9 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): if 'ec2' in self.service_list and 'iam' in self.service_list: self._match_instances_and_roles() + + if 'awslambda' in self.service_list and 'iam' in self.service_list: + self._match_lambdas_and_roles() if 'elbv2' in self.service_list and 'ec2' in self.service_list: self._add_security_group_data_to_elbv2() @@ -412,6 +415,25 @@ def _match_instances_and_roles(self): iam_config['roles'][role_id]['instances_count'] += len( role_instances[instance_profile_id]) + def _match_lambdas_and_roles(self): + if self.services.get('awslambda') and self.services.get('iam'): + awslambda_config = self.services['awslambda'] + iam_config = self.services['iam'] + awslambda_funtions = {} + for r in awslambda_config['regions']: + for lambda_function in awslambda_config['regions'][r]['functions']: + awslambda_function = awslambda_config['regions'][r]['functions'][lambda_function] + awslambda_function['region'] = r + if awslambda_function['role_arn'] in awslambda_funtions: + awslambda_funtions[awslambda_function['role_arn']][awslambda_function['name']] = awslambda_function + else: + awslambda_funtions[awslambda_function['role_arn']] = {awslambda_function['name']: awslambda_function} + for role_id in iam_config['roles']: + iam_config['roles'][role_id]['awslambdas_count'] = 0 + if iam_config['roles'][role_id]['arn'] in awslambda_funtions: + iam_config['roles'][role_id]['awslambdas'] = awslambda_funtions[iam_config['roles'][role_id]['arn']] + iam_config['roles'][role_id]['awslambdas_count'] = len(awslambda_funtions[iam_config['roles'][role_id]['arn']]) + def process_vpc_peering_connections_callback(self, current_config, path, current_path, pc_id, callback_args): # Create a list of peering connection IDs in each VPC From 7ed1f0ce56222a44ed222171d9211a408c70552a Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 8 Sep 2020 17:21:25 +0200 Subject: [PATCH 237/979] Improved NSG port/s management --- ScoutSuite/core/conditions.py | 21 +++++ .../resources/network/security_groups.py | 78 ++----------------- ...-security-groups-rule-inbound-service.json | 2 +- 3 files changed, 27 insertions(+), 74 deletions(-) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 83d4b424a..7e602a802 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -210,6 +210,27 @@ def pass_condition(b, test, a): elif test == 'notInSubnets': result = (not pass_condition(b, 'inSubnets', a)) + # Port/port ranges tests + elif test == 'portsInPortList': + if not type(b) == list: + b = [b] + if not type(a) == list: + a = [a] + for port_range in b: + if '-' in port_range: + bottom_limit_port = int(port_range.split('-')[0]) + upper_limit_port = int(port_range.split('-')[1]) + for port in a: + if type(port) != int: + port = int(port) + if bottom_limit_port <= port <= upper_limit_port: + return True + else: #A single port + for port in a: + if port == port_range: + return True + return False + # Policy statement tests elif test == 'containAction': result = False diff --git a/ScoutSuite/providers/azure/resources/network/security_groups.py b/ScoutSuite/providers/azure/resources/network/security_groups.py index c91b799a8..c7c234fad 100755 --- a/ScoutSuite/providers/azure/resources/network/security_groups.py +++ b/ScoutSuite/providers/azure/resources/network/security_groups.py @@ -45,11 +45,6 @@ def _parse_network_security_group(self, network_security_group): identifier = get_non_provider_id(network_interface.id) network_security_group_dict['network_interfaces'][identifier] = {'id': identifier} - # FIXME this is broken and badly implemented (not efficient at all) - # exposed_ports = self._parse_exposed_ports(network_security_group) - # network_security_group_dict['exposed_ports'] = exposed_ports - # network_security_group_dict['exposed_port_ranges'] = self._format_ports(exposed_ports) - return network_security_group_dict['id'], network_security_group_dict def _parse_security_rules(self, network_security_group): @@ -88,18 +83,13 @@ def _parse_security_rule(self, rule, default=False): else: security_rule_dict['source_address_prefixes_is_asg'] = False - source_port_ranges = self._merge_prefixes_or_ports(rule.source_port_range, rule.source_port_ranges) - security_rule_dict['source_port_ranges'] = source_port_ranges - security_rule_dict['source_ports'] = self._parse_ports(source_port_ranges) + security_rule_dict['source_port_ranges'] = self._merge_prefixes_or_ports(rule.source_port_range, rule.source_port_ranges) + security_rule_dict['source_ports'] = ['0-65535'] if '*' in security_rule_dict['source_port_ranges'] else security_rule_dict['source_port_ranges'] - destination_address_prefixes = self._merge_prefixes_or_ports(rule.destination_address_prefix, - rule.destination_address_prefixes) - security_rule_dict['destination_address_prefixes'] = destination_address_prefixes + security_rule_dict['destination_address_prefixes'] = self._merge_prefixes_or_ports(rule.destination_address_prefix, rule.destination_address_prefixes) - destination_port_ranges = self._merge_prefixes_or_ports(rule.destination_port_range, - rule.destination_port_ranges) - security_rule_dict['destination_port_ranges'] = destination_port_ranges - security_rule_dict['destination_ports'] = self._parse_ports(destination_port_ranges) + security_rule_dict['destination_port_ranges'] = self._merge_prefixes_or_ports(rule.destination_port_range, rule.destination_port_ranges) + security_rule_dict['destination_ports'] = ['0-65535'] if '*' in security_rule_dict['destination_port_ranges'] else security_rule_dict['destination_port_ranges'] security_rule_dict['etag'] = rule.etag @@ -107,66 +97,8 @@ def _parse_security_rule(self, rule, default=False): return security_rule_dict['id'], security_rule_dict - def _parse_ports(self, port_ranges): - # FIXME this is inefficient - ports = set() - for pr in port_ranges: - if pr == "*": - for p in range(0, 65535 + 1): - ports.add(p) - break - elif "-" in pr: - lower, upper = pr.split("-") - for p in range(int(lower), int(upper) + 1): - ports.add(p) - else: - ports.add(int(pr)) - ports = list(ports) - ports.sort() - return ports - - def _parse_exposed_ports(self, network_security_group): - exposed_ports = set() - - # Sort by priority. - rules = network_security_group.default_security_rules + network_security_group.security_rules - rules.sort(key=lambda x: x.priority, reverse=True) - - for sr in rules: - if sr.direction == "Inbound" and (sr.source_address_prefix == "*" - or sr.source_address_prefix == "Internet"): - port_ranges = self._merge_prefixes_or_ports(sr.destination_port_range, - sr.destination_port_ranges) - ports = self._parse_ports(port_ranges) - if sr.access == "Allow": - for p in ports: - exposed_ports.add(p) - else: - for p in ports: - exposed_ports.discard(p) - exposed_ports = list(exposed_ports) - exposed_ports.sort() - return exposed_ports - def _merge_prefixes_or_ports(self, port_range, port_ranges): port_ranges = port_ranges if port_ranges else [] if port_range: port_ranges.append(port_range) return port_ranges - - def _format_ports(self, ports): - # FIXME this is inefficient - port_ranges = [] - start = None - for i in range(0, 65535 + 1): - if i in ports: - if not start: - start = i - else: - if start: - if i - 1 == start: - port_ranges.append(str(start)) - else: - port_ranges.append(str(start) + "-" + str(i - 1)) - start = None - return port_ranges diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json index 12f3fec83..d44c3802a 100755 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json @@ -15,7 +15,7 @@ "and", [ "network.subscriptions.id.security_groups.id.security_rules.id.destination_ports", - "containAtLeastOneOf", + "portsInPortList", "_ARG_1_" ], [ From 3fde85ee3c36067ec8f35e84eecc83d2cb8df19e Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 8 Sep 2020 17:48:36 +0200 Subject: [PATCH 238/979] Normalize implementation --- ScoutSuite/core/conditions.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 7e602a802..c20f920e5 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -212,6 +212,7 @@ def pass_condition(b, test, a): # Port/port ranges tests elif test == 'portsInPortList': + result = False if not type(b) == list: b = [b] if not type(a) == list: @@ -224,12 +225,13 @@ def pass_condition(b, test, a): if type(port) != int: port = int(port) if bottom_limit_port <= port <= upper_limit_port: - return True + result = True + break else: #A single port for port in a: if port == port_range: - return True - return False + result = True + break # Policy statement tests elif test == 'containAction': From 76eed3954b8e22216eafeaef0e27b75c74c619f1 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 9 Sep 2020 12:40:05 +0200 Subject: [PATCH 239/979] Added: parameter to check if a security group has default rules --- .../aws/resources/ec2/securitygroups.py | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index 083edcd8b..b3ca38071 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -41,8 +41,30 @@ def _parse_security_group(self, raw_security_group): raw_security_group['IpPermissionsEgress']) security_group['rules']['egress']['protocols'] = egress_protocols security_group['rules']['egress']['count'] = egress_rules_count + + if self._has_default_egress_rule(raw_security_group['IpPermissionsEgress']) and self._has_default_ingress_rule(raw_security_group['IpPermissions'], raw_security_group['GroupId']): + security_group['is_default_configuration'] = True + else: + security_group['is_default_configuration'] = False + return security_group['id'], security_group + def _has_default_egress_rule(self, rule_list): + for rule in rule_list: + if rule['IpProtocol'] == '-1': + for ip_range in rule['IpRanges']: + if ip_range['CidrIp'] == '0.0.0.0/0': + return True + return False + + def _has_default_ingress_rule(self, rule_list, group_id): + for rule in rule_list: + if rule['IpProtocol'] == '-1': + for source_group in rule['UserIdGroupPairs']: + if source_group['GroupId'] == group_id: + return True + return False + def _parse_security_group_rules(self, rules): protocols = {} rules_count = 0 From 59dab9c4708040ceef5a849c47741f0514e753f1 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 9 Sep 2020 13:04:04 +0200 Subject: [PATCH 240/979] Added: a check if SG rules have default rules --- .../rules/findings/ec2-default-security-group-in-use.json | 5 +++++ .../findings/ec2-default-security-group-with-rules.json | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json index 1d705cfbe..05716660b 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-in-use.json @@ -35,6 +35,11 @@ "ec2.regions.id.vpcs.id.security_groups.id.", "withKey", "used_by" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.is_default_configuration", + "true", + "" ] ], "id_suffix": "default_in_use" diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json index 172524721..df5a48cac 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-default-security-group-with-rules.json @@ -36,6 +36,11 @@ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols", "notEmpty", "" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.is_default_configuration", + "true", + "" ] ], "id_suffix": "default_with_rules" From c7f9f136f07cf7da9497f5bfcdff7c809613636a Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 9 Sep 2020 16:20:29 +0200 Subject: [PATCH 241/979] Minor change --- ScoutSuite/providers/aws/resources/ec2/instances.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 4ada60bb9..284572d99 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -38,7 +38,11 @@ async def _parse_instance(self, raw_instance): instance['metadata_options'] = raw_instance['MetadataOptions'] - instance['iam_role'] = raw_instance['IamInstanceProfile']['Arn'].split('/')[-1] if 'IamInstanceProfile' in raw_instance else '' + + if 'IamInstanceProfile' in raw_instance: + instance['iam_role'] = raw_instance['IamInstanceProfile']['Arn'].split('/')[-1] + else: + instance['iam_role'] = None return id, instance From 70a6064db8ed96e2395d985d7fa39cf73ed3ee3a Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 9 Sep 2020 16:38:26 +0200 Subject: [PATCH 242/979] Improve error handling --- ScoutSuite/providers/aws/facade/awslambda.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/awslambda.py b/ScoutSuite/providers/aws/facade/awslambda.py index c4ef157be..3710f2907 100755 --- a/ScoutSuite/providers/aws/facade/awslambda.py +++ b/ScoutSuite/providers/aws/facade/awslambda.py @@ -19,8 +19,10 @@ async def get_access_policy(self, function_name, region): policy = client.get_policy(FunctionName=function_name) if policy is not None and 'Policy' in policy: return json.loads(policy['Policy']) - except Exception: - # Policy not found for this function + except Exception as e: + # If there's no policy, it will return this exception. Hence why we ignore. + if "ResourceNotFoundException" not in str(e): + print_exception('Failed to get Lambda access policy: {}'.format(e)) return None async def get_role_with_managed_policies(self, role_name): @@ -37,7 +39,8 @@ async def get_role_with_managed_policies(self, role_name): policy['Document'] = document['PolicyVersion']['Document'] role['policies'] = managed_policies return role - except Exception: + except Exception as e: + print_exception('Failed to get role from managed policies: {}'.format(e)) return None From 5c535d10f66474cdf8e99ddf73eb5c20f7ba7a0a Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 15 Sep 2020 14:13:16 +0200 Subject: [PATCH 243/979] Set correct dashboard name --- .../aws/rules/findings/s3-bucket-world-policy-arg.json | 2 +- .../aws/rules/findings/s3-bucket-world-policy-star.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json index bccc9288d..6264cc36a 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json @@ -1,7 +1,7 @@ { "description": "_ARG_0_ Actions Authorized to All Principals", "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", - "dashboard_name": "Buckets", + "dashboard_name": "Bucket Policy Statements", "display_path": "s3.buckets.id", "path": "s3.buckets.id.policy.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json index 3a276cacd..34babf80e 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json @@ -19,7 +19,7 @@ "reference": "2.3" } ], - "dashboard_name": "Buckets", + "dashboard_name": "Bucket Policy Statements", "display_path": "s3.buckets.id", "path": "s3.buckets.id.policy.Statement.id", "conditions": [ From 6b4592ff71c70480872b122e794b8ad2a055cc94 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 17 Sep 2020 10:00:18 +0200 Subject: [PATCH 244/979] Remove reference to Scout Suite --- ScoutSuite/output/data/html/partials/last_run_details.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/last_run_details.html b/ScoutSuite/output/data/html/partials/last_run_details.html index 30e44e0f2..b6f1b5a84 100755 --- a/ScoutSuite/output/data/html/partials/last_run_details.html +++ b/ScoutSuite/output/data/html/partials/last_run_details.html @@ -20,7 +20,7 @@
    Execution Details
    {{#if last_run.run_parameters.regions}}

    Regions: {{last_run.run_parameters.regions}}

    {{/if}} -

    Report generated with Scout Suite version {{last_run.version}}

    +

    Version: {{last_run.version}}

    Using ruleset {{last_run.ruleset_name}}:

    {{last_run.ruleset_about}}

    From 0ad01e7e37c6e5aa9fb94384879b0f495ae2797c Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 17 Sep 2020 10:30:29 +0200 Subject: [PATCH 245/979] Use generic "Scout" term --- ScoutSuite/output/data/html/partials/last_run_details.html | 2 +- ScoutSuite/output/data/html/partials/metadata.html | 4 ++-- ScoutSuite/output/data/html/report.html | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/last_run_details.html b/ScoutSuite/output/data/html/partials/last_run_details.html index b6f1b5a84..1c41b2c37 100755 --- a/ScoutSuite/output/data/html/partials/last_run_details.html +++ b/ScoutSuite/output/data/html/partials/last_run_details.html @@ -20,7 +20,7 @@
    Execution Details
    {{#if last_run.run_parameters.regions}}

    Regions: {{last_run.run_parameters.regions}}

    {{/if}} -

    Version: {{last_run.version}}

    +

    Scout version: {{last_run.version}}

    Using ruleset {{last_run.ruleset_name}}:

    {{last_run.ruleset_about}}

    diff --git a/ScoutSuite/output/data/html/partials/metadata.html b/ScoutSuite/output/data/html/partials/metadata.html index aea9cf889..2921317c4 100755 --- a/ScoutSuite/output/data/html/partials/metadata.html +++ b/ScoutSuite/output/data/html/partials/metadata.html @@ -2,7 +2,7 @@ + + + + + + diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index b94a87058..d2b26fdf8 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -8,15 +8,10 @@ from ScoutSuite.providers.gcp.facade.kms import KMSFacade from ScoutSuite.providers.gcp.facade.stackdriverlogging import StackdriverLoggingFacade from ScoutSuite.providers.gcp.facade.stackdrivermonitoring import StackdriverMonitoringFacade +from ScoutSuite.providers.gcp.facade.gke import GKEFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.utils import format_service_name -# Try to import proprietary facades -try: - from ScoutSuite.providers.gcp.facade.gke_private import GKEFacade -except ImportError: - pass - class GCPFacade(GCPBaseFacade): def __init__(self, diff --git a/ScoutSuite/providers/gcp/facade/gke.py b/ScoutSuite/providers/gcp/facade/gke.py new file mode 100644 index 000000000..40b8aa9ef --- /dev/null +++ b/ScoutSuite/providers/gcp/facade/gke.py @@ -0,0 +1,41 @@ +import re + +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.base import GCPBaseFacade +from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently + + +class GKEFacade(GCPBaseFacade): + def __init__(self, gce_facade): + super(GKEFacade, self).__init__('container', 'v1') + self._gce_facade = gce_facade + + async def get_clusters(self, project_id, zone): + try: + gke_client = self._get_client() + response = await run_concurrently( + lambda: gke_client.projects().zones().clusters().list(projectId=project_id, zone=zone).execute() + ) + clusters = response.get('clusters', []) + await get_and_set_concurrently([self._get_and_set_private_google_access_enabled], + clusters, project_id=project_id) + return clusters + except Exception as e: + print_exception('Failed to retrieve clusters: {}'.format(e)) + return [] + + async def _get_and_set_private_google_access_enabled(self, cluster, project_id): + try: + region = self._get_cluster_region(cluster) + subnetwork = await self._gce_facade.get_subnetwork(project_id, region, cluster['subnetwork']) + cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess') + except Exception as e: + print_exception('Failed to retrieve cluster private IP Google access config: {}'.format(e)) + cluster['privateIpGoogleAccess'] = None + + # The cluster location is given as -. See the the following link for more info: + # https://cloud.google.com/compute/docs/regions-zones/#identifying_a_region_or_zone + def _get_cluster_region(self, cluster): + region_regex = re.compile("(.+)-[^-]+") + result = region_regex.search(cluster['location']) + return result.group(1) diff --git a/ScoutSuite/providers/gcp/resources/gke/__init__.py b/ScoutSuite/providers/gcp/resources/gke/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/gcp/resources/gke/base.py b/ScoutSuite/providers/gcp/resources/gke/base.py new file mode 100644 index 000000000..418e90281 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gke/base.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.gcp.resources.private_gke.zones import GKEZones +from ScoutSuite.providers.gcp.resources.projects import Projects + + +class KubernetesEngine(Projects): + _children = [ + (GKEZones, 'zones'), + ] + + async def fetch_all(self): + await Projects.fetch_all(self) + # Clusters are resources with 2 levels of filtering + # (project and zone), so we need to propagate their count up. + # Normally this would be done by setting the resource counts in the + # Zone class, but having a "zones_count" field in its + # dictionary causes errors in the rule engine. + self['clusters_count'] = sum(sum( + zone['clusters_count'] for zone in project['zones'].values()) for project in self['projects'].values()) + del self['zones_count'] diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py new file mode 100644 index 000000000..bb3ac579d --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -0,0 +1,72 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.gcp.resources.private_gke.node_pools import NodePools +from ScoutSuite.providers.utils import get_non_provider_id + + +class Clusters(Resources): + def __init__(self, facade: GCPFacade, project_id, zone): + super(Clusters, self).__init__(facade) + self.project_id = project_id + self.zone = zone + + async def fetch_all(self): + raw_clusters = await self.facade.gke.get_clusters(self.project_id, self.zone) + for raw_cluster in raw_clusters: + cluster_id, cluster = await self._parse_cluster(raw_cluster) + self[cluster_id] = cluster + self[cluster_id]['node_pools'].fetch_all() + + async def _parse_cluster(self, raw_cluster): + cluster_dict = {} + cluster_dict['id'] = get_non_provider_id(raw_cluster['name']) + cluster_dict['name'] = raw_cluster['name'] + cluster_dict['alias_ip_enabled'] = raw_cluster.get('ipAllocationPolicy', {}).get('useIpAliases', False) + cluster_dict['basic_authentication_enabled'] = self._is_basic_authentication_enabled(raw_cluster) + cluster_dict['client_certificate_enabled'] = self._is_client_certificate_enabled(raw_cluster) + cluster_dict['dashboard_status'] = self._get_dashboard_status(raw_cluster) + cluster_dict['has_limited_scopes'] = self._has_limited_scopes(raw_cluster) + cluster_dict['image_type'] = raw_cluster.get('nodeConfig', {}).get('imageType', None) + cluster_dict['labels'] = raw_cluster.get('resourceLabels', []) + cluster_dict['has_labels'] = len(cluster_dict['labels']) > 0 + cluster_dict['legacy_abac_enabled'] = raw_cluster.get('legacyAbac', {}).get('enabled', False) + cluster_dict['logging_enabled'] = self._is_logging_enabled(raw_cluster) + cluster_dict['master_authorized_networks_enabled'] = raw_cluster.get( + 'masterAuthorizedNetworksConfig', {}).get('enabled', False) + cluster_dict['monitoring_enabled'] = self._is_monitoring_enabled(raw_cluster) + cluster_dict['network_policy_enabled'] = raw_cluster.get('networkPolicy', {}).get('enabled', False) + cluster_dict['node_pools'] = NodePools(raw_cluster) + cluster_dict['private_cluster_enabled'] = raw_cluster.get( + 'privateClusterConfig', {}).get('enablePrivateNodes', False) + cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) + cluster_dict['scopes'] = self._get_scopes(raw_cluster) + cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) + return cluster_dict['id'], cluster_dict + + def _is_basic_authentication_enabled(self, raw_cluster): + return raw_cluster['masterAuth'].get('username', None) != '' + + def _is_client_certificate_enabled(self, raw_cluster): + return raw_cluster['masterAuth'].get('clientCertificate', None) != '' + + def _is_logging_enabled(self, raw_cluster): + return raw_cluster['loggingService'] != 'none' + + def _is_monitoring_enabled(self, raw_cluster): + return raw_cluster['monitoringService'] != 'none' + + def _parse_scope(self, scope_url): + return scope_url.split('/')[-1] + + def _get_scopes(self, raw_cluster): + return [self._parse_scope(scope_url) for scope_url in raw_cluster['nodeConfig'].get('oauthScopes', [])] + + def _has_limited_scopes(self, raw_cluster): + minimum_scopes = {'devstorage.read_only', 'logging.write', 'monitoring'} + cluster_scopes = self._get_scopes(raw_cluster) + return all(scope in minimum_scopes for scope in cluster_scopes) + + def _get_dashboard_status(self, raw_cluster): + is_disabled = 'kubernetesDashboard' not in raw_cluster['addonsConfig'] or \ + raw_cluster['addonsConfig']['kubernetesDashboard'].get('disabled') + return 'Disabled' if is_disabled else 'Enabled' diff --git a/ScoutSuite/providers/gcp/resources/gke/node_pools.py b/ScoutSuite/providers/gcp/resources/gke/node_pools.py new file mode 100644 index 000000000..e39b70873 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gke/node_pools.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.base.resources.base import Resources + + +class NodePools(Resources): + def __init__(self, cluster): + super(NodePools, self).__init__(service_facade=None) + self.cluster = cluster + + def fetch_all(self): + raw_node_pools = self.cluster['nodePools'] + for raw_node_pool in raw_node_pools: + node_pool_id, node_pool = self._parse_node_pool(raw_node_pool) + self[node_pool_id] = node_pool + # We need self.cluster to get the node pools, but we do + # not want to have it in the generated JSON. + del self.cluster + + def _parse_node_pool(self, raw_node_pool): + node_pool_dict = {} + node_pool_dict['id'] = raw_node_pool['name'] + node_pool_dict['auto_repair_enabled'] = raw_node_pool.get('management', {}).get('autoRepair', False) + node_pool_dict['auto_upgrade_enabled'] = raw_node_pool.get('management', {}).get('autoUpgrade', False) + node_pool_dict['legacy_metadata_endpoints_enabled'] = self._is_legacy_metadata_endpoints_enabled(raw_node_pool) + return node_pool_dict['id'], node_pool_dict + + def _is_legacy_metadata_endpoints_enabled(self, raw_node_pool): + return raw_node_pool['config'].get('metadata', {}).get('disable-legacy-endpoints') == 'false' diff --git a/ScoutSuite/providers/gcp/resources/gke/zones.py b/ScoutSuite/providers/gcp/resources/gke/zones.py new file mode 100644 index 000000000..7dc0a1fce --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gke/zones.py @@ -0,0 +1,8 @@ +from ScoutSuite.providers.gcp.resources.private_gke.clusters import Clusters +from ScoutSuite.providers.gcp.resources.zones import Zones + + +class GKEZones(Zones): + _children = [ + (Clusters, 'clusters'), + ] diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-basic-authentication-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-basic-authentication-enabled.json new file mode 100644 index 000000000..3d4318ebe --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-basic-authentication-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "Basic Authentication Enabled", + "rationale": "Basic authentication allows a user to authenticate to the cluster with a username and password and it is stored in plain text without any encryption. Disabling Basic authentication will prevent attacks like brute force. Its recommended to use either client certificate or IAM for authentication.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.10" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.basic_authentication_enabled", + "true", + "" + ] + ], + "id_suffix": "basic_authentication_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-certificate-authentication-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-certificate-authentication-enabled.json new file mode 100644 index 000000000..828fcff17 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-certificate-authentication-enabled.json @@ -0,0 +1,27 @@ +{ + "description": "Certificate Authentication Enabled", + "rationale": "Unless applications use the client certificate authentication method, it should be disabled.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.client_certificate_enabled", + "true", + "" + ] + ], + "id_suffix": "client_certificate_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json new file mode 100644 index 000000000..6f3b76dab --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json @@ -0,0 +1,32 @@ +{ + "description": "Alias IP Disabled", + "rationale": "With Alias IPs ranges enabled, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform. This makes your cluster more scalable and allows your cluster to better interact with other GCP products and entities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.13" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.alias_ip_enabled", + "false", + "" + ] + ], + "id_suffix": "alias_ip_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-has-no-labels.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-has-no-labels.json new file mode 100644 index 000000000..bc375ba29 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-has-no-labels.json @@ -0,0 +1,25 @@ +{ + "description": "Clusters Lacking Labels", + "rationale": "Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings. Labels can also be used to apply specific security settings and auto configure objects at creation.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.5" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_namespaces_and_rbac_to_restrict_access_to_cluster_resources" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.has_labels", + "false", + "" + ] + ], + "id_suffix": "has_no_labels" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-logging-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-logging-disabled.json new file mode 100644 index 000000000..c8fac4642 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-logging-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Cluster Logging Disabled", + "rationale": "You should enable cluster logging and use a logging service so your cluster can export logs about its activities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.1" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.7.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://kubernetes.io/docs/tasks/debug-application-cluster/audit/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.logging_enabled", + "false", + "" + ] + ], + "id_suffix": "logging_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json new file mode 100644 index 000000000..7f8faefc1 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Master Authorized Networks Disabled", + "rationale": "Master authorized networks blocks untrusted IP addresses from outside Google Cloud Platform. Addresses from inside GCP can still reach your master through HTTPS provided that they have the necessary Kubernetes credentials.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.4" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.master_authorized_networks_enabled", + "false", + "" + ] + ], + "id_suffix": "master_authorized_networks_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-monitoring-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-monitoring-disabled.json new file mode 100644 index 000000000..3728e7dc7 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-monitoring-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Cluster Monitoring Disabled", + "rationale": "You should enable cluster monitoring and use a monitoring service so your cluster can export metrics about its activities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.2" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.7.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging", + "https://cloud.google.com/monitoring/kubernetes-engine#about-skm", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.monitoring_enabled", + "false", + "" + ] + ], + "id_suffix": "monitoring_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-network-policy-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-network-policy-disabled.json new file mode 100644 index 000000000..7bfe05992 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-network-policy-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Network Policy Disabled", + "rationale": "By default, pods are non-isolated; they accept traffic from any source. Pods become isolated by having a NetworkPolicy that selects them. Once there is any NetworkPolicy in a namespace selecting a particular pod, that pod will reject any connections that are not allowed by any NetworkPolicy.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.11" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.7" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_with_network_policy", + "https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#network_security", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.network_policy_enabled", + "false", + "" + ] + ], + "id_suffix": "network_policy_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json new file mode 100644 index 000000000..5c1a05c5f --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json @@ -0,0 +1,25 @@ +{ + "description": "Private Google Access Disabled", + "rationale": "Enabling Private Google Access allows VMs on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.16" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.private_ip_google_access_enabled", + "false", + "" + ] + ], + "id_suffix": "private_ip_google_access_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json new file mode 100644 index 000000000..22e3ce32d --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "The GKE Dashboard Enabled", + "rationale": "You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.6" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.dashboard_status", + "equal", + "Enabled" + ] + ], + "id_suffix": "dashboard_status" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json new file mode 100644 index 000000000..1a0d60091 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json @@ -0,0 +1,32 @@ +{ + "description": "Default Service Account in Use", + "rationale": "You should create and use a minimally privileged service account to run your Kubernetes Engine cluster instead of using the Compute Engine default service account.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.17" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.2.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.service_account", + "equal", + "default" + ] + ], + "id_suffix": "default_service_account_used" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json new file mode 100644 index 000000000..3011785a2 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "Legacy Authorization (ABAC) Enabled", + "rationale": "The legacy authorizer in Kubernetes Engine grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.3" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled_default_for_110", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.legacy_abac_enabled", + "true", + "" + ] + ], + "id_suffix": "legacy_abac_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json new file mode 100644 index 000000000..47707db19 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json @@ -0,0 +1,28 @@ +{ + "description": "Legacy Metadata Endpoints Enabled", + "rationale": "Unless your app uses the legacy metadata endpoints, you should disable them.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.4.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#protect_node_metadata_default_for_112", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.zones.id.clusters.id", + "path": "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id.legacy_metadata_endpoints_enabled", + "true", + "" + ] + ], + "id_suffix": "legacy_metadata_endpoints_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json new file mode 100644 index 000000000..5d9def8a2 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Nodes Auto-Repair Disabled", + "rationale": "Auto-repair helps you keep the nodes in your cluster in a healthy, running state.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.7" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.zones.id.clusters.id", + "path": "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id.auto_repair_enabled", + "false", + "" + ] + ], + "id_suffix": "auto_repair_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json new file mode 100644 index 000000000..252ebf383 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Nodes Auto-Upgrade Disabled", + "rationale": "Auto-upgrades automatically ensures that security updates are applied and kept up to date.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.8" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.zones.id.clusters.id", + "path": "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.node_pools.id.auto_upgrade_enabled", + "false", + "" + ] + ], + "id_suffix": "auto_upgrade_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json new file mode 100644 index 000000000..ed544c3e9 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json @@ -0,0 +1,32 @@ +{ + "description": "Lack of Container-Optimized OS Node Images", + "rationale": "The Container-Optimized OS image provides better support, security, and stability than previous images.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.9" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.image_type", + "notEqual", + "COS" + ] + ], + "id_suffix": "container_optimized_os_not_used" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json new file mode 100644 index 000000000..9c075173d --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json @@ -0,0 +1,37 @@ +{ + "description": "Private Cluster Disabled", + "rationale": "A private cluster is a cluster that makes your master inaccessible from the public internet. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the internet. Nodes have addressed only in the private RFC 1918 address space. Nodes and masters communicate with each other privately using VPC peering.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.15" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.4" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.private_cluster_enabled", + "false", + "" + ] + ], + "id_suffix": "private_cluster_disabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json new file mode 100644 index 000000000..28c28bb06 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json @@ -0,0 +1,25 @@ +{ + "description": "Lack of Access Scope Limitation", + "rationale": "If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the possibility of a privilege escalation in an attack. This ensures that your default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required scopes needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.18" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.has_limited_scopes", + "false", + "" + ] + ], + "id_suffix": "scopes_not_limited" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json index 6fe570a0c..625711231 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json @@ -60,6 +60,114 @@ "enabled": true, "level": "warning" } + ], + "kubernetesengine-basic-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-certificate-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-alias-ip-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-has-no-labels.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-logging-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-master-authorized-networks-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-monitoring-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-network-policy-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-private-google-access-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-dashboard-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-default-service-account-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-abac-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-repair-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-upgrade-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-container-optimized-os-not-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-private-cluster-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-scopes-not-limited.json": [ + { + "enabled": true, + "level": "warning" + } ], "iam-service-account-with-user-managed-keys.json": [ { diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 93ba537b7..54d463042 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -193,6 +193,114 @@ "enabled": true, "level": "warning" } + ], + "kubernetesengine-basic-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-certificate-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-alias-ip-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-has-no-labels.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-logging-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-master-authorized-networks-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-monitoring-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-network-policy-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-private-google-access-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-dashboard-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-default-service-account-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-abac-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-repair-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-upgrade-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-container-optimized-os-not-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-private-cluster-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-scopes-not-limited.json": [ + { + "enabled": true, + "level": "warning" + } ], "stackdriverlogging-no-export-sinks.json": [ { diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py index 72ae52b95..f90fbdc80 100755 --- a/ScoutSuite/providers/gcp/services.py +++ b/ScoutSuite/providers/gcp/services.py @@ -7,12 +7,7 @@ from ScoutSuite.providers.gcp.resources.kms.base import KMS from ScoutSuite.providers.gcp.resources.stackdriverlogging.base import StackdriverLogging from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.base import StackdriverMonitoring - -# Try to import proprietary services -try: - from ScoutSuite.providers.gcp.resources.private_gke.base import KubernetesEngine -except ImportError: - pass +from ScoutSuite.providers.gcp.resources.gke.base import KubernetesEngine class GCPServicesConfig(BaseServicesConfig): @@ -32,12 +27,7 @@ def __init__(self, credentials=None, default_project_id=None, self.kms = KMS(facade) self.stackdriverlogging = StackdriverLogging(facade) self.stackdrivermonitoring = StackdriverMonitoring(facade) - - # Instantiate proprietary services - try: - self.kubernetesengine = KubernetesEngine(facade) - except NameError as _: - pass + self.kubernetesengine = KubernetesEngine(facade) def _is_provider(self, provider_name): return provider_name == 'gcp' From 8b5a5bb7b28e6c1ac05141db4ea6da08357bd8f7 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 10:30:56 +0200 Subject: [PATCH 258/979] Add support for GKE --- ScoutSuite/providers/gcp/resources/gke/base.py | 2 +- ScoutSuite/providers/gcp/resources/gke/clusters.py | 2 +- ScoutSuite/providers/gcp/resources/gke/zones.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gke/base.py b/ScoutSuite/providers/gcp/resources/gke/base.py index 418e90281..af59dd1bc 100644 --- a/ScoutSuite/providers/gcp/resources/gke/base.py +++ b/ScoutSuite/providers/gcp/resources/gke/base.py @@ -1,4 +1,4 @@ -from ScoutSuite.providers.gcp.resources.private_gke.zones import GKEZones +from ScoutSuite.providers.gcp.resources.gke.zones import GKEZones from ScoutSuite.providers.gcp.resources.projects import Projects diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index bb3ac579d..37019e074 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade -from ScoutSuite.providers.gcp.resources.private_gke.node_pools import NodePools +from ScoutSuite.providers.gcp.resources.gke.node_pools import NodePools from ScoutSuite.providers.utils import get_non_provider_id diff --git a/ScoutSuite/providers/gcp/resources/gke/zones.py b/ScoutSuite/providers/gcp/resources/gke/zones.py index 7dc0a1fce..efd420f81 100644 --- a/ScoutSuite/providers/gcp/resources/gke/zones.py +++ b/ScoutSuite/providers/gcp/resources/gke/zones.py @@ -1,4 +1,4 @@ -from ScoutSuite.providers.gcp.resources.private_gke.clusters import Clusters +from ScoutSuite.providers.gcp.resources.gke.clusters import Clusters from ScoutSuite.providers.gcp.resources.zones import Zones From f2a1188558c4817e16740fc08d0314da05ddb184 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 10:37:33 +0200 Subject: [PATCH 259/979] Fix for https://github.com/nccgroup/ScoutSuite-Proprietary/issues/221 --- ScoutSuite/providers/gcp/resources/gke/clusters.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 37019e074..d8164f1d2 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -44,10 +44,10 @@ async def _parse_cluster(self, raw_cluster): return cluster_dict['id'], cluster_dict def _is_basic_authentication_enabled(self, raw_cluster): - return raw_cluster['masterAuth'].get('username', None) != '' + return raw_cluster['masterAuth'].get('username', '') != '' def _is_client_certificate_enabled(self, raw_cluster): - return raw_cluster['masterAuth'].get('clientCertificate', None) != '' + return raw_cluster['masterAuth'].get('clientCertificate', '') != '' def _is_logging_enabled(self, raw_cluster): return raw_cluster['loggingService'] != 'none' From 73ca429df7114ed9c1d12e69f94143a8c696b42e Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 11:43:20 +0200 Subject: [PATCH 260/979] Use beta library --- ScoutSuite/providers/gcp/facade/gke.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/gke.py b/ScoutSuite/providers/gcp/facade/gke.py index 40b8aa9ef..7d2a0f8de 100644 --- a/ScoutSuite/providers/gcp/facade/gke.py +++ b/ScoutSuite/providers/gcp/facade/gke.py @@ -7,7 +7,7 @@ class GKEFacade(GCPBaseFacade): def __init__(self, gce_facade): - super(GKEFacade, self).__init__('container', 'v1') + super(GKEFacade, self).__init__('container', 'v1beta1') self._gce_facade = gce_facade async def get_clusters(self, project_id, zone): From b438362f07f27e63026fa24d3d7d9997dd29f4ed Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 11:43:36 +0200 Subject: [PATCH 261/979] Include pod security policy --- .../gcp/services.kubernetesengine.clusters.html | 3 ++- ScoutSuite/providers/gcp/resources/gke/clusters.py | 14 ++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 9e9ac740a..24dcf6e79 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -13,9 +13,9 @@

    Information

    Basic authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    Client certificate authentication: {{convert_bool_to_enabled client_certificate_enabled}}
    Image type: {{image_type}}
    -
    Labels: {{labels}}
    Legacy authorization: {{convert_bool_to_enabled legacy_abac_enabled}}
    Master authorized networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    +
    Pod Security Policy: {{convert_bool_to_enabled pod_security_policy_enabled}}
    Network policy: {{convert_bool_to_enabled network_policy_enabled}}
    Private cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    Private Google access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    @@ -33,6 +33,7 @@

    Information

    None {{/if}}
    +
    Labels: {{labels}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index d8164f1d2..2c7eaa100 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -24,6 +24,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['alias_ip_enabled'] = raw_cluster.get('ipAllocationPolicy', {}).get('useIpAliases', False) cluster_dict['basic_authentication_enabled'] = self._is_basic_authentication_enabled(raw_cluster) cluster_dict['client_certificate_enabled'] = self._is_client_certificate_enabled(raw_cluster) + cluster_dict['pod_security_policy_enabled'] = self._is_pod_security_policy_enabled(raw_cluster) cluster_dict['dashboard_status'] = self._get_dashboard_status(raw_cluster) cluster_dict['has_limited_scopes'] = self._has_limited_scopes(raw_cluster) cluster_dict['image_type'] = raw_cluster.get('nodeConfig', {}).get('imageType', None) @@ -31,18 +32,23 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['has_labels'] = len(cluster_dict['labels']) > 0 cluster_dict['legacy_abac_enabled'] = raw_cluster.get('legacyAbac', {}).get('enabled', False) cluster_dict['logging_enabled'] = self._is_logging_enabled(raw_cluster) - cluster_dict['master_authorized_networks_enabled'] = raw_cluster.get( - 'masterAuthorizedNetworksConfig', {}).get('enabled', False) + cluster_dict['master_authorized_networks_enabled'] = raw_cluster.get('masterAuthorizedNetworksConfig', {}).get('enabled', False) cluster_dict['monitoring_enabled'] = self._is_monitoring_enabled(raw_cluster) cluster_dict['network_policy_enabled'] = raw_cluster.get('networkPolicy', {}).get('enabled', False) cluster_dict['node_pools'] = NodePools(raw_cluster) - cluster_dict['private_cluster_enabled'] = raw_cluster.get( - 'privateClusterConfig', {}).get('enablePrivateNodes', False) + cluster_dict['private_cluster_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) return cluster_dict['id'], cluster_dict + def _is_pod_security_policy_enabled(self, raw_cluster): + if 'podSecurityPolicyConfig' in raw_cluster: + return raw_cluster['podSecurityPolicyConfig'].get('enabled', False) + return False + + return raw_cluster['masterAuth'].get('username', '') != '' + def _is_basic_authentication_enabled(self, raw_cluster): return raw_cluster['masterAuth'].get('username', '') != '' From 83be94cb714ed3588bad45c863f23a4ac31df959 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 12:07:37 +0200 Subject: [PATCH 262/979] Add rule --- ...r-pod-security-policy-config-disabled.json | 34 +++++++++++++++++++ .../gcp/rules/rulesets/cis-1.0.0.json | 6 ++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++ 3 files changed, 46 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json new file mode 100644 index 000000000..33b7d2670 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json @@ -0,0 +1,34 @@ +{ + "description": "Pod Security Policy Disabled", + "rationale": "A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.14" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "remediation": "Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.", + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.zones.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.zones.id.clusters.id.pod_security_policy_enabled", + "false", + "" + ] + ], + "id_suffix": "pod_security_policy_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json index 625711231..24a0e53db 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json @@ -145,6 +145,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-node-auto-upgrade-disabled.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 54d463042..a36aba77d 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -272,6 +272,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-node-auto-repair-disabled.json": [ { "enabled": true, From 8c501a97adc69a20d6c58297938f55923c3fab91 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 12:37:31 +0200 Subject: [PATCH 263/979] Add support for master authorized networks --- .../services.kubernetesengine.clusters.html | 54 ++++++++++++------- .../providers/gcp/resources/gke/clusters.py | 8 +++ 2 files changed, 43 insertions(+), 19 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 24dcf6e79..5691a11a9 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -10,47 +10,63 @@

    Information

    Project ID: {{project}}
    Dashboard: {{dashboard_status}}
    Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
    -
    Basic authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    -
    Client certificate authentication: {{convert_bool_to_enabled client_certificate_enabled}}
    -
    Image type: {{image_type}}
    -
    Legacy authorization: {{convert_bool_to_enabled legacy_abac_enabled}}
    -
    Master authorized networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    +
    Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    +
    Client Certificate Authentication: {{convert_bool_to_enabled client_certificate_enabled}}
    +
    Image Type: {{image_type}}
    +
    Legacy Authorization: {{convert_bool_to_enabled legacy_abac_enabled}}
    +
    Master Authorized Networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    Pod Security Policy: {{convert_bool_to_enabled pod_security_policy_enabled}}
    -
    Network policy: {{convert_bool_to_enabled network_policy_enabled}}
    -
    Private cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    -
    Private Google access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    -
    Service account: {{service_account}}
    +
    Network Policy: {{convert_bool_to_enabled network_policy_enabled}}
    +
    Private Cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    +
    Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    +
    Service Account: {{service_account}}
    Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
    Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
    -
    Scopes: +
    Scopes: {{#if scopes}} +
      + {{#each scopes}} +
    • {{this}}
      • + {{/each}} +
    + {{else}} + None + {{/if}} +
    +
    Labels: {{labels}}
    +
    + +
    +

    Master Authorized Networks

    +
    Status: {{convert_bool_to_enabled master_authorized_networks_config.enabled}}
    +
    CIDR Blocks: + {{#if master_authorized_networks_config.cidrBlocks}}
      - {{#each scopes}} -
    • {{this}}
      • + {{#each master_authorized_networks_config.cidrBlocks}} +
    • {{this.displayName}}: {{this.cidrBlock}}
      • {{/each}}
    {{else}} - None + None {{/if}}
    -
    Labels: {{labels}}

    Node pools

    - {{#each node_pools}} + {{#each node_pools}} {{@key}}
    - Automatic node upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}} + Automatic node upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}}
    - Automatic node repair: {{convert_bool_to_enabled auto_repair_enabled}} + Automatic node repair: {{convert_bool_to_enabled auto_repair_enabled}}
    - Legacy metadata endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}} + Legacy metadata endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}}
    - {{/each}} + {{/each}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 2c7eaa100..2880b6481 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -40,8 +40,16 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) + cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_netowrks_config(raw_cluster) return cluster_dict['id'], cluster_dict + + def _get_master_authorized_netowrks_config(self, raw_cluster): + if raw_cluster.get('masterAuthorizedNetworksConfig'): + return raw_cluster.get('masterAuthorizedNetworksConfig') + else: + return {'enabled': False, 'cidrBlocks': []} + def _is_pod_security_policy_enabled(self, raw_cluster): if 'podSecurityPolicyConfig' in raw_cluster: return raw_cluster['podSecurityPolicyConfig'].get('enabled', False) From 12daf05150003d6196306c0d94bdf56d23fad79a Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 12:46:56 +0200 Subject: [PATCH 264/979] Improve partial --- .../html/partials/gcp/services.kubernetesengine.clusters.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 5691a11a9..b8c31a83e 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -26,14 +26,16 @@

    Information

    {{#if scopes}}
      {{#each scopes}} -
    • {{this}}
      • +
    • {{this}}
      • {{/each}}
    {{else}} None {{/if}}
    + {{#if labels}}
    Labels: {{labels}}
    + {{/if}}
    From dd7a7caf84c3d2ea582cdc6c29e91f95701a87fe Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 13:15:14 +0200 Subject: [PATCH 265/979] Add support for master authorized networks --- .../gcp/services.kubernetesengine.clusters.html | 4 ++-- .../providers/gcp/resources/gke/clusters.py | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index b8c31a83e..0b426a6f8 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -17,7 +17,7 @@

    Information

    Master Authorized Networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    Pod Security Policy: {{convert_bool_to_enabled pod_security_policy_enabled}}
    Network Policy: {{convert_bool_to_enabled network_policy_enabled}}
    -
    Private Cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    +
    Private Cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    Service Account: {{service_account}}
    Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
    @@ -39,7 +39,7 @@

    Information

    -

    Master Authorized Networks

    +

    Master Authorized Networks

    Status: {{convert_bool_to_enabled master_authorized_networks_config.enabled}}
    CIDR Blocks: {{#if master_authorized_networks_config.cidrBlocks}} diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 2880b6481..82a8b2aff 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -40,15 +40,23 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) - cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_netowrks_config(raw_cluster) + cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster) return cluster_dict['id'], cluster_dict - def _get_master_authorized_netowrks_config(self, raw_cluster): + def _get_master_authorized_networks_config(self, raw_cluster): if raw_cluster.get('masterAuthorizedNetworksConfig'): - return raw_cluster.get('masterAuthorizedNetworksConfig') + config = raw_cluster.get('masterAuthorizedNetworksConfig') + config['includes_public_cidr'] = False + for block in config['cidrBlocks']: + if block['cidrBlock'] == '0.0.0.0/0': + config['includes_public_cidr'] = True + return config else: - return {'enabled': False, 'cidrBlocks': []} + return {'enabled': False, + 'cidrBlocks': [], + 'includes_public_cidr': False + } def _is_pod_security_policy_enabled(self, raw_cluster): if 'podSecurityPolicyConfig' in raw_cluster: From aec79bc8d4e995f21ee56e44b024dd66bd0d0e00 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 14:02:56 +0200 Subject: [PATCH 266/979] Update requirement --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index adfd8bc1e..d8399aa71 100755 --- a/requirements.txt +++ b/requirements.txt @@ -43,7 +43,7 @@ azure-mgmt-security==0.4.1 azure-mgmt-keyvault==1.1.0 azure-mgmt-network==2.5.1 azure-mgmt-redis==6.0.0 -azure-mgmt-web==0.41.0 +azure-mgmt-web==0.47.0 azure-mgmt-compute==5.0.0 azure-mgmt-authorization==0.60.0 From d1156930fcf012a551b85bccd70cfdbb8609ffa9 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 21 Sep 2020 14:30:27 +0200 Subject: [PATCH 267/979] Improve parsing and partial --- ....appservice.subscriptions.id.web_apps.html | 54 +++++++++++++------ .../azure/resources/appservice/web_apps.py | 5 +- 2 files changed, 40 insertions(+), 19 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html index a16ec749b..4b2f3a097 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html +++ b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html @@ -6,25 +6,14 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    +
    Repository Site Name: {{value_or_none repository_site_name}}
    +
    Resource Group: {{value_or_none resource_group}}
    Location: {{value_or_none location}}
    State: {{value_or_none state}}
    Usage State: {{value_or_none usage_state}}
    Availability State: {{value_or_none availability_state}}
    -
    Last Modified Time:{{format_date last_modified_time_utc}}
    -
    HTTPS-Only Traffic: {{convert_bool_to_enabled https_only}}
    -
    HTTPS 2.0 Support: {{convert_bool_to_enabled http_2_enabled}}
    -
    Minimum TLS Version Supported: {{value_or_none minimum_tls_version_supported}}
    -
    Authentication: {{convert_bool_to_enabled authentication_enabled}}
    -
    Resource Group: {{value_or_none resource_group}}
    Kind: {{value_or_none kind}}
    -
    Outbound IP Addresses: {{value_or_none outbound_ip_addresses}}
    -
    Possible Outbound IP Addresses: {{value_or_none possible_outbound_ip_addresses}}
    -
    Client Certificates: {{convert_bool_to_enabled client_cert_enabled}}
    -
    Default Host Name: {{value_or_none default_host_name}}
    -
    Host Names: {{value_or_none host_names}}
    -
    Host Names: {{convert_bool_to_enabled enabled_host_names}}
    -
    Repository Site Name: {{value_or_none repository_site_name}}
    -
    Traffic Manager Host Names: {{value_or_none traffic_manager_host_names}}
    +
    Last Modified Time:{{format_date last_modified_time_utc}}
    Programming Language: {{value_or_none programming_language}}
    Programming Language Version: {{value_or_none programming_language_version}}
    Tags: @@ -38,9 +27,18 @@

    Information

    {{/each}}
    Resource group: {{value_or_none resource_group_name}}
    -

    - Identities -

    +
    +
    +

    Configuration

    +
    Authentication: {{convert_bool_to_enabled authentication_enabled}}
    +
    HTTPS-Only Traffic: {{convert_bool_to_enabled https_only}}
    +
    HTTPS 2.0 Support: {{convert_bool_to_enabled http_2_enabled}}
    +
    Minimum TLS Version Supported: {{value_or_none minimum_tls_version_supported}}
    +
    Client Certificates: {{convert_bool_to_enabled client_cert_enabled}}
    +
    + {{#if identity}} +
    +

    Identities

    System Assigned Identity: {{value_or_none identity.principal_id}}
    {{#if identity.user_assigned_identities}}
    @@ -53,6 +51,28 @@

    {{/if}}
    + {{/if}} +
    +

    Networking

    +
    Host Names: {{convert_bool_to_enabled enabled_host_names}}
    +
    Default Host Name: {{value_or_none default_host_name}}
    +
    Host Names: {{value_or_none host_names}}
    +
    Traffic Manager Host Names: {{value_or_none traffic_manager_host_names}}
    +
    Outbound IP Addresses: +
      + {{#each outbound_ip_addresses}} +
    • {{this}}
      • + {{/each}} +
    +
    +
    Possible Outbound IP Addresses: +
      + {{#each possible_outbound_ip_addresses}} +
    • {{this}}
      • + {{/each}} +
    +
    +
    diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html index 7a81f1f87..3ca80ed68 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.zones.id.instances.html @@ -34,6 +34,23 @@

    Information

    {{/if}}
    +
    +
    Network Interfaces
    + {{#if network_interfaces}} + + {{/if}} +
    Identity & API Access
    Service Account: {{value_or_none service_account}}
    diff --git a/ScoutSuite/providers/gcp/provider.py b/ScoutSuite/providers/gcp/provider.py index 19db7487b..cc0b319cf 100755 --- a/ScoutSuite/providers/gcp/provider.py +++ b/ScoutSuite/providers/gcp/provider.py @@ -83,6 +83,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): self._match_instances_and_snapshots() self._match_networks_and_instances() + self._match_subnetworks_and_instances() super().preprocessing() @@ -128,8 +129,39 @@ def _match_networks_and_instances(self): if zone is int: continue for instance in zone['instances'].values(): + instance['network_id'] = None for network_interface in instance['network_interfaces']: if network_interface['network'] == network['network_url']: - network['instances'].append(instance['id']) + network['instances'].append({'instance_id': instance['id'], + 'instance_zone': instance['zone']}) + network_interface['network_id'] = network['id'] except Exception as e: print_exception('Unable to match instances and networks: {}'.format(e)) + + def _match_subnetworks_and_instances(self): + """ + For each subnetwork, math instances in that subnetwork + + :return: + """ + + try: + if 'computeengine' in self.service_list: + for project in self.services['computeengine']['projects'].values(): + for region in project['regions'].values(): + for subnetwork in region['subnetworks'].values(): + subnetwork['instances'] = [] + for zone in project['zones'].values(): + # Skip the counts contained in the zones dictionary + if zone is int: + continue + for instance in zone['instances'].values(): + instance['subnetwork_id'] = None + for network_interface in instance['network_interfaces']: + if network_interface['subnetwork'] == subnetwork['subnetwork_url']: + subnetwork['instances'].append({'instance_id': instance['id'], + 'instance_zone': instance['zone']}) + network_interface['subnetwork_id'] = subnetwork['id'] + network_interface['subnetwork_region'] = subnetwork['region'] + except Exception as e: + print_exception('Unable to match instances and subnetworks: {}'.format(e)) diff --git a/ScoutSuite/providers/gcp/resources/gce/networks.py b/ScoutSuite/providers/gcp/resources/gce/networks.py index 12e8c0f11..fbf120323 100755 --- a/ScoutSuite/providers/gcp/resources/gce/networks.py +++ b/ScoutSuite/providers/gcp/resources/gce/networks.py @@ -20,10 +20,12 @@ def _parse_network(self, raw_network): network_dict['name'] = raw_network['name'] network_dict['description'] = self._get_description(raw_network) network_dict['creation_timestamp'] = raw_network['creationTimestamp'] - network_dict['network_url'] = raw_network['selfLink'] - network_dict['subnetwork_urls'] = raw_network.get('subnetworks', None) network_dict['auto_subnet'] = raw_network.get('autoCreateSubnetworks', None) network_dict['routing_config'] = raw_network['routingConfig'] + + network_dict['network_url'] = raw_network['selfLink'] + network_dict['subnetwork_urls'] = raw_network.get('subnetworks', None) + return network_dict['id'], network_dict def _get_description(self, raw_network): diff --git a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py index 56aab2a34..c25332585 100755 --- a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py +++ b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py @@ -20,9 +20,12 @@ def _parse_subnetwork(self, raw_subnetwork): subnetwork_dict['project_id'] = raw_subnetwork['selfLink'].split('/')[-5] subnetwork_dict['region'] = raw_subnetwork['region'].split('/')[-1] subnetwork_dict['name'] = "{}-{}".format(raw_subnetwork['name'], subnetwork_dict['region']) - subnetwork_dict['subnetwork'] = raw_subnetwork['network'].split('/')[-1] subnetwork_dict['gateway_address'] = raw_subnetwork['gatewayAddress'] subnetwork_dict['ip_range'] = raw_subnetwork['ipCidrRange'] subnetwork_dict['creation_timestamp'] = raw_subnetwork['creationTimestamp'] subnetwork_dict['private_ip_google_access'] = raw_subnetwork['privateIpGoogleAccess'] + + subnetwork_dict['subnetwork_url'] = raw_subnetwork['selfLink'] + subnetwork_dict['network_url'] = raw_subnetwork['network'] + return subnetwork_dict['id'], subnetwork_dict From 75f9a0fdb786de8a2961f671e6bdba7a8b1fdd00 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 14:58:56 +0200 Subject: [PATCH 280/979] Match GCE networks and firewall rules --- ...s.computeengine.projects.id.firewalls.html | 2 +- ...es.computeengine.projects.id.networks.html | 16 +++++++++++++- ScoutSuite/providers/gcp/provider.py | 21 +++++++++++++++++++ 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html index 77f2fe3a8..863ead6d7 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html @@ -9,7 +9,7 @@

    Information

    Firewall name: {{name}}
    Project ID: {{project_id}}
    Description: {{description}}
    -
    VPC network: {{network}}
    +
    Network: {{getValueAt 'services.computeengine.projects' @../key 'networks' network_id 'name'}}
    Creation Date: {{format_date creation_timestamp}}
    Priority: {{priority}}
    Disabled: {{disabled}}
    diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html index 53a83264c..ccb8c486c 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html @@ -12,9 +12,23 @@

    Information

    Description: {{description}}
    Creation Date: {{format_date creation_timestamp}}
    +
    +

    Firewall Rules + {{> count_badge count=(count_vpc_instances firewalls) target=(concat '#services.computeengine.projects' project 'networks' @key 'firewalls')}} +

    +
    +
    + +
    +
    +

    Compute Engine Instances - {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.compouteengine.projects' project 'neworks' @key 'instances')}} + {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.computeengine.projects' project 'neworks' @key 'instances')}}

    diff --git a/ScoutSuite/providers/gcp/provider.py b/ScoutSuite/providers/gcp/provider.py index cc0b319cf..72a432765 100755 --- a/ScoutSuite/providers/gcp/provider.py +++ b/ScoutSuite/providers/gcp/provider.py @@ -83,6 +83,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): self._match_instances_and_snapshots() self._match_networks_and_instances() + self._match_networks_and_firewalls() self._match_subnetworks_and_instances() super().preprocessing() @@ -138,6 +139,26 @@ def _match_networks_and_instances(self): except Exception as e: print_exception('Unable to match instances and networks: {}'.format(e)) + def _match_networks_and_firewalls(self): + """ + For each network, math firewall rules in that network + + :return: + """ + + try: + if 'computeengine' in self.service_list: + for project in self.services['computeengine']['projects'].values(): + for network in project['networks'].values(): + network['firewalls'] = [] + for firewall in project['firewalls'].values(): + firewall['network_id'] = None + if firewall['network_url'] == network['network_url']: + network['firewalls'].append(firewall['id']) + firewall['network_id'] = network['id'] + except Exception as e: + print_exception('Unable to match firewalls and networks: {}'.format(e)) + def _match_subnetworks_and_instances(self): """ For each subnetwork, math instances in that subnetwork From 2794c3eecb0b6eba8823794312f875ead57fadeb Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 19:24:51 +0200 Subject: [PATCH 281/979] Add AWS user agent --- ScoutSuite/providers/aws/authentication_strategy.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 099af7698..806460e45 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -1,6 +1,8 @@ import boto3 +from botocore.config import Config import logging +from ScoutSuite import __version__ from ScoutSuite.providers.aws.utils import get_caller_identity from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException @@ -48,6 +50,11 @@ def authenticate(self, # Test querying for current user get_caller_identity(session) + # Set custom user agent + session._session.user_agent_name = 'Scout Suite' + session._session.user_agent_extra = 'Scout Suite/{} (https://github.com/nccgroup/ScoutSuite)'.format(__version__) + session._session.user_agent_version= __version__ + return AWSCredentials(session=session) except Exception as e: From d2a400c75c96f39dfd499d5e63bdc4cb1a7f3c79 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 19:26:57 +0200 Subject: [PATCH 282/979] Remove unused import --- ScoutSuite/providers/aws/authentication_strategy.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 806460e45..8d271839c 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -1,5 +1,4 @@ import boto3 -from botocore.config import Config import logging from ScoutSuite import __version__ From 1578a70a4005eda895191b55b3c7b1600203e57b Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 19:37:37 +0200 Subject: [PATCH 283/979] Add method --- ScoutSuite/utils.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index c2cde17c7..0fd1c41e6 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -1,4 +1,5 @@ from __future__ import print_function +from ScoutSuite import __version__ formatted_provider_name = { 'aliyun': 'Aliyun', @@ -94,3 +95,7 @@ def format_service_name(service): :return: """ return formatted_service_name[service] if service in formatted_service_name else service.upper() + + +def get_user_agent(): + return 'Scout Suite/{} (https://github.com/nccgroup/ScoutSuite)'.format(__version__) From 647bb844eaea6f96138ff71b33384be85028bd7e Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 19:37:54 +0200 Subject: [PATCH 284/979] Minor change --- ScoutSuite/providers/aws/authentication_strategy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 8d271839c..d8d2fe2b6 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -52,7 +52,7 @@ def authenticate(self, # Set custom user agent session._session.user_agent_name = 'Scout Suite' session._session.user_agent_extra = 'Scout Suite/{} (https://github.com/nccgroup/ScoutSuite)'.format(__version__) - session._session.user_agent_version= __version__ + session._session.user_agent_version = __version__ return AWSCredentials(session=session) From 7c537fd3418885a953162a1335fa0b9edd1fa65a Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 23 Sep 2020 21:22:07 +0200 Subject: [PATCH 285/979] Add user agent for Azure provider --- ScoutSuite/providers/azure/facade/aad.py | 6 +++++- ScoutSuite/providers/azure/facade/appservice.py | 5 ++++- ScoutSuite/providers/azure/facade/base.py | 2 ++ ScoutSuite/providers/azure/facade/keyvault.py | 5 ++++- ScoutSuite/providers/azure/facade/network.py | 5 ++++- ScoutSuite/providers/azure/facade/rbac.py | 5 ++++- ScoutSuite/providers/azure/facade/securitycenter.py | 5 ++++- ScoutSuite/providers/azure/facade/sqldatabase.py | 5 ++++- ScoutSuite/providers/azure/facade/storageaccounts.py | 6 +++++- ScoutSuite/providers/azure/facade/virtualmachines.py | 5 ++++- 10 files changed, 40 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 8a4b38d17..a26e1a17c 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -1,6 +1,8 @@ from azure.graphrbac import GraphRbacManagementClient + from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class AADFacade: @@ -9,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self): - return GraphRbacManagementClient(self.credentials.get_credentials('aad_graph'), + client = GraphRbacManagementClient(self.credentials.get_credentials('aad_graph'), tenant_id=self.credentials.get_tenant_id()) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_users(self): try: diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py index c345d81ad..d74ad690e 100755 --- a/ScoutSuite/providers/azure/facade/appservice.py +++ b/ScoutSuite/providers/azure/facade/appservice.py @@ -3,6 +3,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.azure.utils import get_resource_group_name from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently +from ScoutSuite.utils import get_user_agent class AppServiceFacade: @@ -11,8 +12,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return WebSiteManagementClient(self.credentials.get_credentials('arm'), + client = WebSiteManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_web_apps(self, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index 48d282b1c..f97bdbc70 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -11,6 +11,7 @@ from azure.mgmt.resource import SubscriptionClient from ScoutSuite.providers.base.authentication_strategy import AuthenticationException +from ScoutSuite.utils import get_user_agent from ScoutSuite.core.console import print_info, print_exception @@ -78,6 +79,7 @@ def _set_subscriptions(self): # Create the client subscription_client = SubscriptionClient(self.credentials.arm_credentials) + subscription_client._client.config.add_user_agent(get_user_agent()) # Get all the accessible subscriptions accessible_subscriptions_list = list(subscription_client.subscriptions.list()) diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py index add83ad59..301bc0920 100755 --- a/ScoutSuite/providers/azure/facade/keyvault.py +++ b/ScoutSuite/providers/azure/facade/keyvault.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class KeyVaultFacade: @@ -10,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return KeyVaultManagementClient(self.credentials.get_credentials('arm'), + client = KeyVaultManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_key_vaults(self, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py index 2ee494b8d..56d3a6666 100755 --- a/ScoutSuite/providers/azure/facade/network.py +++ b/ScoutSuite/providers/azure/facade/network.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class NetworkFacade: @@ -10,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return NetworkManagementClient(self.credentials.get_credentials('arm'), + client = NetworkManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_network_watchers(self, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index d61fb100c..bae28ae05 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class RBACFacade: @@ -10,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return AuthorizationManagementClient(self.credentials.get_credentials('arm'), + client = AuthorizationManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_roles(self, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index 998db0f1d..c49870816 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception, print_debug from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class SecurityCenterFacade: @@ -10,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return SecurityCenter(self.credentials.get_credentials('arm'), + client = SecurityCenter(self.credentials.get_credentials('arm'), subscription_id, '') + client._client.config.add_user_agent(get_user_agent()) + return client async def get_pricings(self, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 40d0f514f..9a9e580e5 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -3,6 +3,7 @@ from azure.mgmt.sql import SqlManagementClient from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.core.console import print_exception +from ScoutSuite.utils import get_user_agent class SQLDatabaseFacade: @@ -11,8 +12,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return SqlManagementClient(self.credentials.get_credentials('arm'), + client = SqlManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_database_blob_auditing_policies(self, resource_group_name, server_name, database_name, subscription_id: str): try: diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index e838ed78e..6e3a8ebc3 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -5,6 +5,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently +from ScoutSuite.utils import get_user_agent class StorageAccountsFacade: @@ -13,8 +14,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return StorageManagementClient(self.credentials.get_credentials('arm'), + client = StorageManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_storage_accounts(self, subscription_id: str): try: @@ -44,6 +47,7 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s async def _get_and_set_activity_logs(self, storage_account, subscription_id: str): client = MonitorManagementClient(self.credentials.arm_credentials, subscription_id) + client._client.config.add_user_agent(get_user_agent()) # Time format used by Azure API: time_format = "%Y-%m-%dT%H:%M:%S.%f" diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index f2602b4d1..217c67ba8 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class VirtualMachineFacade: @@ -10,8 +11,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - return ComputeManagementClient(self.credentials.get_credentials('arm'), + client = ComputeManagementClient(self.credentials.get_credentials('arm'), subscription_id=subscription_id) + client._client.config.add_user_agent(get_user_agent()) + return client async def get_instances(self, subscription_id: str): try: From 56ec49aeec3fd63c470c3f55acf99764258fe228 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 10:25:11 +0200 Subject: [PATCH 286/979] Fix list output --- ScoutSuite/providers/base/provider.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/providers/base/provider.py b/ScoutSuite/providers/base/provider.py index d27f34cea..a90c45671 100755 --- a/ScoutSuite/providers/base/provider.py +++ b/ScoutSuite/providers/base/provider.py @@ -41,6 +41,10 @@ def __init__(self, report_dir=None, timestamp=None, self.services = self.services_config(self.credentials) supported_services = vars(self.services).keys() + # Ensures "credentials" is not included + supported_services = list(supported_services) + supported_services.remove('credentials') + self.service_list = self._build_services_list(supported_services, services, skipped_services) def get_report_name(self): From f8e28a894c3a534fef249b9c918b6446eddbf5ec Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 11:09:39 +0200 Subject: [PATCH 287/979] Add user agent for client libraries --- ScoutSuite/providers/gcp/facade/cloudstorage.py | 11 ++++++++++- ScoutSuite/providers/gcp/facade/kms.py | 9 ++++++++- .../providers/gcp/facade/stackdriverlogging.py | 12 ++++++++++-- .../gcp/facade/stackdrivermonitoring.py | 16 ++++++++++++++-- 4 files changed, 42 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/cloudstorage.py b/ScoutSuite/providers/gcp/facade/cloudstorage.py index 7d2de630b..359d632a6 100755 --- a/ScoutSuite/providers/gcp/facade/cloudstorage.py +++ b/ScoutSuite/providers/gcp/facade/cloudstorage.py @@ -1,13 +1,22 @@ from google.cloud import storage +from google.api_core.gapic_v1.client_info import ClientInfo from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently +from ScoutSuite.utils import get_user_agent class CloudStorageFacade: + + def get_client(self, project_id: str): + client_info = ClientInfo(user_agent=get_user_agent()) + client = storage.Client(project=project_id, + client_info=client_info) + return client + async def get_buckets(self, project_id: str): try: - client = storage.Client(project=project_id) + client = self.get_client(project_id) buckets = await run_concurrently(lambda: list(client.list_buckets())) await get_and_set_concurrently([self._get_and_set_bucket_logging, self._get_and_set_bucket_iam_policy], buckets) diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py index 700716fd7..a83e84ad6 100755 --- a/ScoutSuite/providers/gcp/facade/kms.py +++ b/ScoutSuite/providers/gcp/facade/kms.py @@ -1,15 +1,22 @@ from google.cloud import kms +from google.api_core.gapic_v1.client_info import ClientInfo from ScoutSuite.core.console import print_exception from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class KMSFacade(GCPBaseFacade): def __init__(self): # This facade is currently using both libraries as the Cloud Client library doesn't support locations - self.cloud_client = kms.KeyManagementServiceClient() # Cloud Client + + # Cloud Client + client_info = ClientInfo(user_agent=get_user_agent()) + self.cloud_client = kms.KeyManagementServiceClient(client_info=client_info) + # self.cloud_client = kms.KeyManagementServiceClient() + super().__init__('cloudkms', 'v1') # API Client async def get_locations(self, project_id: str): diff --git a/ScoutSuite/providers/gcp/facade/stackdriverlogging.py b/ScoutSuite/providers/gcp/facade/stackdriverlogging.py index 7d96d4d62..2ecb76a6e 100755 --- a/ScoutSuite/providers/gcp/facade/stackdriverlogging.py +++ b/ScoutSuite/providers/gcp/facade/stackdriverlogging.py @@ -1,14 +1,22 @@ from google.cloud import logging as stackdriverlogging +from google.api_core.gapic_v1.client_info import ClientInfo from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class StackdriverLoggingFacade: + def get_client(self, project_id: str): + client_info = ClientInfo(user_agent=get_user_agent()) + client = stackdriverlogging.Client(project=project_id, + client_info=client_info) + return client + async def get_sinks(self, project_id: str): try: - client = stackdriverlogging.Client(project=project_id) + client = self.get_client(project_id) return await run_concurrently(lambda: [sink for sink in client.list_sinks()]) except Exception as e: print_exception(f'Failed to retrieve sinks: {e}') @@ -16,7 +24,7 @@ async def get_sinks(self, project_id: str): async def get_metrics(self, project_id: str): try: - client = stackdriverlogging.Client(project=project_id) + client = self.get_client(project_id) return await run_concurrently(lambda: [metric for metric in client.list_metrics()]) except Exception as e: print_exception(f'Failed to retrieve metrics: {e}') diff --git a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py index 91ff94678..20d85bca6 100644 --- a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py +++ b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py @@ -1,14 +1,26 @@ from google.cloud import monitoring as stackdrivermonitoring +from google.api_core.gapic_v1.client_info import ClientInfo from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class StackdriverMonitoringFacade: + def get_uptime_client(self): + client_info = ClientInfo(user_agent=get_user_agent()) + client = stackdrivermonitoring.UptimeCheckServiceClient(client_info=client_info) + return client + + def get_alerts_client(self): + client_info = ClientInfo(user_agent=get_user_agent()) + client = stackdrivermonitoring.AlertPolicyServiceClient(client_info=client_info) + return client + async def get_uptime_checks(self, project_id: str): try: - client = stackdrivermonitoring.UptimeCheckServiceClient() + client = self.get_uptime_client() name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_uptime_check_configs(name)]) except Exception as e: @@ -17,7 +29,7 @@ async def get_uptime_checks(self, project_id: str): async def get_alert_policies(self, project_id: str): try: - client = stackdrivermonitoring.AlertPolicyServiceClient() + client = self.get_alerts_client() name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_alert_policies(name)]) except Exception as e: From 67a79bc98dbd6b3a988c1e5e316f697450c8749f Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 11:09:51 +0200 Subject: [PATCH 288/979] Add user agent for native --- ScoutSuite/providers/gcp/facade/basefacade.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/basefacade.py b/ScoutSuite/providers/gcp/facade/basefacade.py index 24deaab91..31c7a2228 100755 --- a/ScoutSuite/providers/gcp/facade/basefacade.py +++ b/ScoutSuite/providers/gcp/facade/basefacade.py @@ -6,8 +6,12 @@ import httplib2shim httplib2shim.patch() +from googleapiclient import http from googleapiclient import discovery +from ScoutSuite.utils import get_user_agent + + class GCPBaseFacade: def __init__(self, client_name: str, client_version: str): self._client_name = client_name @@ -24,11 +28,16 @@ def _build_arbitrary_client(self, client_name, client_version, force_new=False): :param force_new: whether to create a new client - useful to create arbitrary clients from facades :return: """ + if force_new: - return discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache()) + client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache()) + http.set_user_agent(client._http, get_user_agent()) # force set custom user agent + return client else: if not self._client: - self._client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache()) + client = discovery.build(client_name, client_version, cache_discovery=False, cache=MemoryCache()) + http.set_user_agent(client._http, get_user_agent()) # force set custom user agent + self._client = client return self._client def _get_client(self) -> discovery.Resource: From 83a8214e60f5c8df993c4c0c85fc126754ef1c16 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 11:53:51 +0200 Subject: [PATCH 289/979] Fix test --- tests/test_aws_provider.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index b15524e6b..395c9df63 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -10,15 +10,20 @@ from unittest import mock +class Object(object): + pass + + # Test methods for AWS Provider class TestAWSProviderClass(unittest.TestCase): @mock.patch("ScoutSuite.providers.aws.authentication_strategy.boto3") @mock.patch("ScoutSuite.providers.aws.authentication_strategy.get_caller_identity") - def test_authenticate(self, mock_get_caller_identity, mock_Session): + def test_authenticate(self, mock_get_caller_identity, mock_session): auth_strat = get_authentication_strategy("aws") - boto3_session = "_boto3_session_" - mock_Session.Session.return_value = boto3_session + boto3_session = Object() + boto3_session._session = Object() + mock_session.Session.return_value = boto3_session test_cases = [ # no params @@ -69,13 +74,13 @@ def test_authenticate(self, mock_get_caller_identity, mock_Session): test_case["aws_secret_access_key"], test_case["aws_session_token"], ) - mock_Session.Session.assert_called_with(**test_case["call_dict"]) + mock_session.Session.assert_called_with(**test_case["call_dict"]) mock_get_caller_identity.assert_called_with(boto3_session) assert isinstance(result, AWSCredentials) assert result.session == boto3_session # exception test - mock_Session.Session.side_effect = Exception("an exception") + mock_session.Session.side_effect = Exception("an exception") with pytest.raises(AuthenticationException): result = auth_strat.authenticate(None, None, None, None) From 9ba42ee928276a04b092e04cc8c8c12581854949 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 12:46:25 +0200 Subject: [PATCH 290/979] Move concurrency to paginator --- ScoutSuite/providers/gcp/facade/utils.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/utils.py b/ScoutSuite/providers/gcp/facade/utils.py index 543eb5a6e..eb4c0ef55 100755 --- a/ScoutSuite/providers/gcp/facade/utils.py +++ b/ScoutSuite/providers/gcp/facade/utils.py @@ -1,17 +1,18 @@ from ScoutSuite.providers.utils import run_concurrently + class GCPFacadeUtils: @staticmethod - def _get_all(resources, resource_key: str, request, resources_group): + async def _get_all(resources, resource_key: str, request, resources_group): while request is not None: response = request.execute() resources.extend(response.get(resource_key, [])) - request = resources_group.list_next(previous_request=request, previous_response=response) + request = await run_concurrently( + lambda: resources_group.list_next(previous_request=request, previous_response=response) + ) @staticmethod async def get_all(resource_key: str, request, resources_group): resources = [] - await run_concurrently( - lambda: GCPFacadeUtils._get_all(resources, resource_key, request, resources_group) - ) + await GCPFacadeUtils._get_all(resources, resource_key, request, resources_group) return resources From 9b815c6babe135f443a79ae32df39e641dc2ea9a Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 13:43:01 +0200 Subject: [PATCH 291/979] Add throttling detection for GCP --- ScoutSuite/providers/gcp/utils.py | 17 +++++++++++++++++ ScoutSuite/providers/utils.py | 3 ++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/gcp/utils.py diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py new file mode 100644 index 000000000..16f1eae9b --- /dev/null +++ b/ScoutSuite/providers/gcp/utils.py @@ -0,0 +1,17 @@ +from ScoutSuite.core.console import print_exception + +def is_throttled(e): + """ + Determines whether the exception is due to API throttling. + + :param e: Exception raised + :return: True if it's a throttling exception else False + """ + try: + if 'Quota exceeded' in str(e): + return True + else: + return False + except Exception as e: + print_exception(f'Unable to validate exception for throttling: {e}') + return False diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index 26ae594d5..537fc1cc3 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -3,6 +3,7 @@ from ScoutSuite.core.console import print_info from ScoutSuite.providers.aws.utils import is_throttled as aws_is_throttled +from ScoutSuite.providers.gcp.utils import is_throttled as gcp_is_throttled def get_non_provider_id(name): @@ -118,4 +119,4 @@ def is_throttled(e): 'projects/' in e.message): return False else: - return aws_is_throttled(e) + return aws_is_throttled(e) or gcp_is_throttled(e) From b9a1d94fc68d923be23b40e3d2eceb83de81e17c Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 13:52:41 +0200 Subject: [PATCH 292/979] Add user agent setting into this method too --- ScoutSuite/providers/gcp/facade/utils.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/utils.py b/ScoutSuite/providers/gcp/facade/utils.py index 543eb5a6e..e6fce5eb5 100755 --- a/ScoutSuite/providers/gcp/facade/utils.py +++ b/ScoutSuite/providers/gcp/facade/utils.py @@ -1,4 +1,7 @@ from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent + +from googleapiclient import http class GCPFacadeUtils: @staticmethod @@ -10,6 +13,10 @@ def _get_all(resources, resource_key: str, request, resources_group): @staticmethod async def get_all(resource_key: str, request, resources_group): + # force set custom user agent + http.set_user_agent(request.http, get_user_agent()) + request.headers['user-agent'] = get_user_agent() + resources = [] await run_concurrently( lambda: GCPFacadeUtils._get_all(resources, resource_key, request, resources_group) From 6d58c9f532ca87ca0dd0623d51420935d7f715a8 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 24 Sep 2020 13:52:49 +0200 Subject: [PATCH 293/979] Reformat code --- ScoutSuite/providers/gcp/facade/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/gcp/facade/utils.py b/ScoutSuite/providers/gcp/facade/utils.py index e6fce5eb5..8ca4755af 100755 --- a/ScoutSuite/providers/gcp/facade/utils.py +++ b/ScoutSuite/providers/gcp/facade/utils.py @@ -3,6 +3,7 @@ from googleapiclient import http + class GCPFacadeUtils: @staticmethod def _get_all(resources, resource_key: str, request, resources_group): From b763d287bc52ccda24102047c5c2f778d5764725 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 25 Sep 2020 13:59:07 +0200 Subject: [PATCH 294/979] Fix button positioning --- ScoutSuite/output/data/html/partials/resources_details.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/resources_details.html b/ScoutSuite/output/data/html/partials/resources_details.html index 168155e2b..db8518e53 100755 --- a/ScoutSuite/output/data/html/partials/resources_details.html +++ b/ScoutSuite/output/data/html/partials/resources_details.html @@ -2,8 +2,9 @@
    -
    Resources Details
    - +
    Resources Details + +
    From 78ae4af709aefebf77b2bdf51d5098f3e965ac56 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 25 Sep 2020 14:21:08 +0200 Subject: [PATCH 295/979] Clean code --- .../output/data/inc-scoutsuite/scoutsuite.js | 24 +++---------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index baa749049..f5f02a583 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -926,42 +926,24 @@ function showResourcesDetails() { var anchor = window.location.hash.substr(1) var path = decodeURIComponent(anchor.replace('#', "")) var item_indexes = getValueAt(path) - var items = [] var index = 0 - //items[index] = ["Service", "Description", "Affected resources", "Risk level"] - //Object.entries(item_indexes.services).forEach((service) => { - // Object.entries(service[1].findings).forEach((finding) => { - // index++; - // items[index] = [finding[1].service, finding[1].description, finding[1].flagged_items, finding[1].level]; - // }) - //}) - items[index] = ["Service", "Resource", "#"] var serviceName = "" Object.entries(item_indexes.services).forEach((service) => { - // for (const [key, value] of Object.entries(service)) { - // // Este valor va a la primera columna - // console.log(`${value}`); - // } serviceName = service[0] Object.entries(service[1]).forEach((attr) => { - // Key a la tercera columna - // Value sin el _count del final a la segunda - // Solo cuando value acaba en _count y no es regions - - // if (attr[0].split("_")[1] == "count" && attr[1] != 0 && attr[0].split("_")[0] != "regions"){ if ((attr[0].split("_")[1] == "count" || attr[0].split("_")[2] == "count") && attr[1] != 0 && attr[0].split("_")[0] != "regions"){ index++; items[index] = [serviceName, attr[0].split("_")[0], attr[1].toString()]; } }) - }) - downloadAsCsv('findings_summary.csv', items) } - )} + ) +} + /** * Show main dashboard From fa9d98c0638122e5241896c3cc6a66c2438d0ddc Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 10:52:47 +0200 Subject: [PATCH 296/979] Upgrade CLI core version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d8399aa71..4ebe406d4 100755 --- a/requirements.txt +++ b/requirements.txt @@ -31,7 +31,7 @@ httplib2shim>=0.0.3 # Azure Provider ## core requirements -azure-cli-core==2.0.55 +azure-cli-core==2.12.0 ## for RBAC in AAD azure-graphrbac==0.61.1 adal==1.2.4 From c010622e7841f38ce083d1a5fbb78f07778317c8 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 17:35:06 +0200 Subject: [PATCH 297/979] Update AWS IPs --- ScoutSuite/data/aws/ip-ranges/aws.json | 6060 ++++++++++++++++++++---- 1 file changed, 5139 insertions(+), 921 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index e7451cfbf..91ed4648b 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,13 +1,25 @@ { - "syncToken": "1593564553", - "createDate": "2020-07-01-00-49-13", + "syncToken": "1601301076", + "createDate": "2020-09-28-13-51-16", "prefixes": [ + { + "ip_prefix": "3.5.140.0/22", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.93.178.234/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.76.0/22", "region": "us-west-2", @@ -32,6 +44,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.24.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.60/31", "region": "us-east-2", @@ -56,6 +74,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.240.164/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.150.0/24", "region": "eu-west-2", @@ -80,12 +104,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.221.34.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.126.135/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.178.219/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.186/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.24.0/23", "region": "eu-west-1", @@ -110,6 +152,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.27/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.144.227.192/26", "region": "ap-northeast-2", @@ -170,6 +218,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.153.148/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.244.0/22", "region": "us-east-1", @@ -200,6 +254,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.2/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.82.169.16/28", "region": "cn-northwest-1", @@ -230,6 +290,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.122.104/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.236.0.0/14", "region": "ap-southeast-2", @@ -248,6 +314,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.152/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.41.0/24", "region": "us-east-1", @@ -302,6 +374,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.221.35.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.28/31", "region": "us-east-2", @@ -314,6 +392,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.178.205/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.26.0/23", "region": "eu-west-1", @@ -416,12 +500,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.178.136/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.77.132.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.120.242/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.232.0.0/14", "region": "us-east-1", @@ -440,6 +536,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.138/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.0.224/28", "region": "us-east-2", @@ -470,6 +572,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.240.170/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.74.0.0/15", "region": "eu-west-1", @@ -488,6 +596,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.34.27.32/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.39.206/31", "region": "us-east-2", @@ -614,6 +728,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.66.155/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.96.0/24", "region": "eu-west-1", @@ -632,6 +752,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.136.0/22", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.29.0/24", "region": "ap-southeast-1", @@ -662,12 +788,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.83.97.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.177.82.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.178.134/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.160/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.211.196/31", "region": "eu-west-2", @@ -740,6 +884,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.178.183/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.215.192/31", "region": "eu-north-1", @@ -770,6 +920,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.230.130.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.5.0/24", "region": "ca-central-1", @@ -806,6 +962,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.160.0/22", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.40.0/24", "region": "us-east-1", @@ -818,6 +980,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.161/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.193.200/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.95.174.0/24", "region": "me-south-1", @@ -836,6 +1010,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.120.20/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.220.0/24", "region": "ap-south-1", @@ -848,6 +1028,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.132.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.46.208.0/21", "region": "eu-north-1", @@ -884,6 +1070,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.36.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.54/31", "region": "us-east-2", @@ -896,6 +1088,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.93.240.188/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "99.82.184.0/22", "region": "ap-southeast-2", @@ -914,6 +1112,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.66.0/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.131.32/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.46.252.0/22", "region": "us-east-1", @@ -938,6 +1148,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.192/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.249.80/28", "region": "us-west-1", @@ -1010,6 +1226,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.23.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.113.0/24", "region": "eu-west-1", @@ -1034,6 +1256,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.178.231/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.95.178.0/23", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "54.200.0.0/15", "region": "us-west-2", @@ -1082,6 +1316,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.187/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.176.0/21", "region": "us-west-1", @@ -1112,6 +1352,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.26.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.69/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.193.199/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.240.148/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.104.0/22", "region": "eu-west-1", @@ -1244,6 +1508,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "69.235.128.0/18", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "13.34.24.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.20.0/24", "region": "us-west-2", @@ -1328,6 +1604,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.120.230/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.23.64/27", "region": "us-east-2", @@ -1346,6 +1628,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.230.200.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "162.250.237.0/24", "region": "us-east-1", @@ -1358,6 +1646,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.178.166/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.244.0/24", "region": "eu-west-1", @@ -1418,6 +1712,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.229.149/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.240.178/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.216.0/21", "region": "eu-west-1", @@ -1461,17 +1767,35 @@ "network_border_group": "ap-east-1" }, { - "ip_prefix": "54.239.0.144/28", + "ip_prefix": "52.144.205.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.239.0.144/28", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.120.248/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.129.132/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.25.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.228.0.0/15", "region": "sa-east-1", @@ -1496,12 +1820,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.240.180/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.233.0.0/18", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "69.231.128.0/18", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "99.82.172.0/24", "region": "us-west-1", @@ -1538,12 +1874,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.28.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.176.0.0/15", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.193.195/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.239.112.0/24", "region": "us-east-1", @@ -1568,6 +1916,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.131.3/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.219.148.0/23", "region": "ap-northeast-2", @@ -1580,6 +1934,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.176/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.93.178.206/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.230/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.255.32/28", "region": "ap-southeast-1", @@ -1592,6 +1964,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "69.230.192.0/18", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "160.1.0.0/16", "region": "us-gov-west-1", @@ -1610,6 +1988,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.131.64/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -1628,12 +2012,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.178.220/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.64.0/22", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "99.83.100.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "3.104.0.0/14", "region": "ap-southeast-2", @@ -1718,6 +2114,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.215/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.108.0/22", "region": "us-east-1", @@ -1742,6 +2144,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.93.178.182/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.68.0/24", "region": "us-east-1", @@ -1772,12 +2180,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "54.230.192.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.77.191.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.72.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.26.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.250.0.0/15", "region": "ap-southeast-1", @@ -1814,6 +2240,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.26.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.136/31", "region": "us-east-2", @@ -1856,6 +2288,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "69.107.6.200/29", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "87.238.80.0/21", "region": "eu-west-1", @@ -1868,6 +2306,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.147/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.169.0/24", "region": "eu-north-1", @@ -1928,6 +2372,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.179/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.231.248.0/22", "region": "ap-southeast-2", @@ -1952,6 +2402,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.120.62/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "162.250.238.0/23", "region": "us-east-1", @@ -1964,6 +2420,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.152.0/21", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.230.39.72/31", "region": "us-east-2", @@ -1982,6 +2444,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.153.149/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.178.170/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.223/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.240.212.0/22", "region": "us-west-1", @@ -2000,6 +2480,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.27.0/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.105.0/24", "region": "ap-south-1", @@ -2018,6 +2504,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.127.25/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.218.0.0/17", "region": "eu-west-1", @@ -2054,6 +2546,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.144.228.0/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "99.77.152.0/24", "region": "us-west-2", @@ -2108,6 +2606,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.130/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.0.0/20", "region": "us-east-2", @@ -2126,6 +2630,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.178.157/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.168/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.32.0/20", "region": "eu-west-2", @@ -2138,6 +2654,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.122.106/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.5.252.0/22", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -2198,6 +2726,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.178.185/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.154/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.240.236.45/32", "region": "eu-south-1", @@ -2348,12 +2888,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.120.234/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.224.0.0/14", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.127.24/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.178.209/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.240.0/21", "region": "eu-west-1", @@ -2402,6 +2960,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.178.143/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.222.58.48/28", "region": "cn-north-1", @@ -2444,6 +3008,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.178.137/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.198.144/28", "region": "eu-west-2", @@ -2480,6 +3050,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.50.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.44.0.0/15", "region": "us-east-1", @@ -2516,12 +3092,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.3.177/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.69.0/24", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "3.5.228.0/22", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "15.230.133.16/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.8.0/22", "region": "ap-southeast-1", @@ -2540,6 +3134,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.240.150/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.194.192/26", "region": "us-west-1", @@ -2606,6 +3206,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.120.252/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "205.251.247.0/24", "region": "us-east-1", @@ -2642,6 +3248,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.122.102/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.240.135/32", "region": "eu-south-1", @@ -2678,6 +3290,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.213/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.157.0/24", "region": "ap-northeast-3", @@ -2714,6 +3332,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.193.198/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.93.250.0/23", "region": "ap-northeast-1", @@ -2888,6 +3512,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.126.244/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.133.129/32", "region": "eu-south-1", @@ -2984,6 +3614,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.120.228/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.177.79.0/24", "region": "ap-northeast-1", @@ -3014,12 +3650,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.122.92/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "176.34.0.0/19", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.25.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.152/31", "region": "us-east-2", @@ -3032,12 +3680,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.1/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.80.0.0/12", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.178.194/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.210/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.219.62.0/23", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "69.107.6.216/29", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.147.0/24", "region": "me-south-1", @@ -3050,6 +3728,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.28.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.118/31", "region": "us-east-2", @@ -3062,6 +3746,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.178.184/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.182/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.223.0.0/16", "region": "cn-north-1", @@ -3092,6 +3788,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "108.175.60.0/22", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "150.222.122.94/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.46/31", "region": "us-east-2", @@ -3140,6 +3848,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.131.5/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.144.224.64/26", "region": "ap-southeast-2", @@ -3158,18 +3872,54 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.164.0/22", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "15.221.33.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.230.39.92/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.51.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.64.0/26", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.159/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.189/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.166/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.151.0/24", "region": "eu-south-1", @@ -3194,18 +3944,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.3.178/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.112/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.240.0/22", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "15.230.39.134/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.49.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", @@ -3302,6 +4070,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.126.245/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.133.175/32", "region": "eu-south-1", @@ -3350,6 +4124,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.240.168/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.5.0/24", "region": "eu-west-1", @@ -3404,6 +4184,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.178.181/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.200.0.0/13", "region": "us-east-1", @@ -3530,6 +4316,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.5.76.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.197.4.0/22", "region": "GLOBAL", @@ -3680,6 +4472,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.192/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.10.0/24", "region": "us-west-2", @@ -3698,12 +4496,30 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "52.93.178.195/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.222/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.249.0/24", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "54.230.208.0/20", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.244.0.0/16", "region": "us-west-2", @@ -3746,12 +4562,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.178.133/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.224/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.122.96/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.240.152/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "99.79.0.0/16", "region": "ca-central-1", @@ -3770,6 +4610,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.131.0/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "44.224.0.0/11", "region": "us-west-2", @@ -3842,18 +4688,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.178.200/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.38.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.88/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.0/28", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.126.139/32", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.127.68/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.172.0/23", "region": "me-south-1", @@ -3872,12 +4742,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.28.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.134.181/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.178.211/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.255.80/28", "region": "us-east-1", @@ -3908,6 +4790,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.169/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.22.0/24", "region": "us-gov-east-1", @@ -3926,12 +4814,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.28.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.118.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.65.192/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.208.0.0/13", "region": "us-east-1", @@ -3986,6 +4886,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.120.226/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.129.116/31", "region": "eu-central-1", @@ -4004,6 +4910,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.64.0/21", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.0/31", "region": "us-east-2", @@ -4064,6 +4976,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.24.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.248.160/28", "region": "us-east-2", @@ -4089,7 +5007,13 @@ "network_border_group": "eu-south-1" }, { - "ip_prefix": "54.222.52.0/22", + "ip_prefix": "52.93.193.196/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "54.222.52.0/22", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" @@ -4124,6 +5048,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.165/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "64.252.107.0/24", "region": "ap-southeast-2", @@ -4148,12 +5078,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.14.72/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.108.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.120.246/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.72/31", "region": "af-south-1", @@ -4178,6 +5120,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.178.142/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.229.148/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.95.243.0/24", "region": "ap-northeast-1", @@ -4220,12 +5174,30 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.93.178.156/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.180/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.48.0/20", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "54.230.224.0/19", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.240.236.61/32", "region": "eu-south-1", @@ -4298,6 +5270,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.122.100/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "216.137.32.0/19", "region": "GLOBAL", @@ -4388,12 +5366,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "69.107.6.168/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.82.161.0/24", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "150.222.120.250/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "204.246.172.0/24", "region": "GLOBAL", @@ -4406,6 +5396,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.93.178.197/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.248.48/28", "region": "sa-east-1", @@ -4430,6 +5426,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.168.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "18.168.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "34.208.0.0/12", "region": "us-west-2", @@ -4442,6 +5450,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.226/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.209.128/26", "region": "eu-west-3", @@ -4514,12 +5528,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.66.154/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.178.204/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.174/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.52.0/22", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.95.177.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.208.94/31", "region": "af-south-1", @@ -4538,6 +5576,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.219.164.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.82.175.0/24", "region": "us-east-1", @@ -4562,6 +5606,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.191/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.214.0/23", "region": "us-east-1", @@ -4586,6 +5636,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.87.0.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "118.193.97.64/26", "region": "GLOBAL", @@ -4736,6 +5792,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "69.107.6.176/29", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.221.24.0/21", "region": "us-east-1", @@ -4754,6 +5816,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.4/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.220.0.0/14", "region": "us-east-2", @@ -4766,6 +5834,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.178.141/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.112.0/22", "region": "eu-west-2", @@ -4778,6 +5852,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "69.107.6.160/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.78.184.0/22", "region": "ap-northeast-2", @@ -4796,6 +5876,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.152.0.0/16", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "52.93.193.197/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.93.248.0/24", "region": "ap-northeast-2", @@ -4826,6 +5918,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.93.178.227/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.224.0/20", "region": "us-east-1", @@ -4856,6 +5954,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.5.248.0/22", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.18.179/32", "region": "eu-west-1", @@ -4880,12 +5984,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.226.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.182.0.0/16", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.178.175/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.152.0.0/16", "region": "us-east-1", @@ -4898,12 +6014,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.26.192/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.178.0.0/16", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.178.131/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.217/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.164.0/23", "region": "sa-east-1", @@ -4940,6 +6074,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.28.32/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.138/31", "region": "us-east-2", @@ -4964,6 +6104,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.214/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.248.0/28", "region": "us-east-1", @@ -5036,12 +6182,24 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.93.178.135/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.211.198/31", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.219.160.0/23", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "64.252.84.0/24", "region": "eu-west-2", @@ -5060,12 +6218,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "3.5.16.0/21", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "13.125.0.0/16", "region": "ap-northeast-2", @@ -5084,12 +6236,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "15.230.0.0/24", - "region": "ap-south-1", - "service": "AMAZON", - "network_border_group": "ap-south-1" - }, { "ip_prefix": "15.230.39.52/31", "region": "us-east-2", @@ -5204,6 +6350,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.240.156/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.208.2/31", "region": "eu-north-1", @@ -5240,6 +6392,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.5.0.0/18", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.216/31", "region": "us-east-2", @@ -5264,6 +6422,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.94.249.192/28", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.152.0/23", "region": "eu-south-1", @@ -5300,6 +6464,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.188/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.201/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "64.252.80.0/24", "region": "sa-east-1", @@ -5372,12 +6548,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.120.232/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "205.251.224.0/22", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.216.0/22", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "3.130.0.0/16", "region": "us-east-2", @@ -5396,6 +6584,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.240.172/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.239.4.0/22", "region": "eu-central-1", @@ -5474,6 +6668,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.178.167/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.172.0.0/15", "region": "us-east-1", @@ -5492,6 +6692,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.146.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", @@ -5552,6 +6758,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.196/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.9.0/24", "region": "us-gov-west-1", @@ -5564,6 +6776,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.95.180.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "54.88.0.0/14", "region": "us-east-1", @@ -5684,12 +6902,42 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.128/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.248.176/28", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "54.230.0.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.230.128.0/18", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.26.32/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.28.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.221.2.0/24", "region": "eu-west-1", @@ -5726,6 +6974,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.107.6.208/29", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "176.32.64.0/19", "region": "ap-northeast-1", @@ -5750,12 +7004,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.193.202/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.95.142.0/23", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.95.235.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.241.0/24", "region": "ap-southeast-2", @@ -5804,6 +7070,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.120.224/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.12.0.0/16", "region": "us-east-2", @@ -5882,6 +7154,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.178.162/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.13.0/24", "region": "ap-southeast-2", @@ -5918,18 +7196,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.240.158/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.239.106.0/23", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.120.240/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.5.220.0/22", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.177.72.0/24", "region": "eu-north-1", @@ -5942,6 +7238,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.42.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.2.0.0/15", "region": "us-east-1", @@ -5990,6 +7292,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.240.146/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.108.0/23", "region": "us-east-1", @@ -6032,6 +7340,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.178.144/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.154/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.162/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.23.0/24", "region": "eu-north-1", @@ -6206,6 +7532,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.93.178.146/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.240.236.41/32", "region": "eu-south-1", @@ -6231,10 +7563,10 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.240.130/31", - "region": "us-west-2", + "ip_prefix": "52.93.178.178/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-west-1" }, { "ip_prefix": "52.94.248.192/28", @@ -6266,18 +7598,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.65.128/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.239.115.0/25", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.179/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.243.11/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "3.5.144.0/23", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.94.248.112/28", "region": "eu-central-1", @@ -6302,6 +7652,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.178.176/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.198.32/28", "region": "us-gov-west-1", @@ -6356,6 +7712,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.240.184/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "54.239.0.64/28", "region": "sa-east-1", @@ -6410,6 +7772,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.93.178.129/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.145/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.193.192/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "72.44.32.0/19", "region": "us-east-1", @@ -6446,6 +7826,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.199/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.152.0/22", "region": "eu-south-1", @@ -6506,6 +7892,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "3.98.0.0/15", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.230.39.132/31", "region": "us-east-2", @@ -6602,12 +7994,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.93.178.151/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.210.192/26", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "54.239.1.144/28", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "120.232.236.0/25", "region": "GLOBAL", @@ -6662,6 +8066,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.178.140/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.174/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.17.0/24", "region": "eu-central-1", @@ -6734,6 +8150,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "69.107.6.224/29", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.8.0.0/14", "region": "eu-west-2", @@ -6764,6 +8186,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.232/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.198.0/28", "region": "us-west-1", @@ -6782,12 +8210,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "150.222.120.255/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.202/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.132/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.194.0.0/15", "region": "ap-northeast-1", @@ -6824,6 +8264,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.80.0/21", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.42/31", "region": "us-east-2", @@ -6854,6 +8300,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "52.219.156.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "54.222.57.0/24", "region": "cn-north-1", @@ -6926,6 +8378,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.25.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", @@ -6938,6 +8396,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.177/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.209.64/26", "region": "eu-west-2", @@ -7070,6 +8534,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.122.116/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "176.32.125.192/27", "region": "us-east-1", @@ -7136,6 +8606,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.248.125.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.234/31", "region": "us-east-2", @@ -7358,6 +8834,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.26.128/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.230.39.176/31", "region": "us-east-2", @@ -7371,26 +8853,50 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "52.144.228.64/26", - "region": "ap-southeast-2", + "ip_prefix": "52.93.178.150/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "us-west-1" }, { - "ip_prefix": "52.218.128.0/17", - "region": "us-west-2", + "ip_prefix": "52.93.178.164/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-west-1" }, { - "ip_prefix": "76.223.0.0/17", - "region": "GLOBAL", + "ip_prefix": "52.93.178.198/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "GLOBAL" + "network_border_group": "us-west-1" }, { - "ip_prefix": "99.84.0.0/16", - "region": "GLOBAL", + "ip_prefix": "52.93.178.203/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.144.228.64/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.218.128.0/17", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "76.223.0.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "99.84.0.0/16", + "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, @@ -7400,6 +8906,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.52.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.144.228.2/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "54.240.199.0/24", "region": "ap-southeast-1", @@ -7424,6 +8942,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.136.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.93.247.0/25", "region": "ap-northeast-2", @@ -7436,6 +8960,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.24.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.80/31", "region": "us-east-2", @@ -7448,6 +8978,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.193.194/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.5.244.0/22", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.39.144/31", "region": "us-east-2", @@ -7484,6 +9026,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.178.139/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.249.112/28", "region": "us-gov-east-1", @@ -7496,12 +9044,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "54.230.0.0/16", - "region": "GLOBAL", - "service": "AMAZON", - "network_border_group": "GLOBAL" - }, { "ip_prefix": "54.240.236.21/32", "region": "eu-south-1", @@ -7526,6 +9068,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.28.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.153.0.0/16", "region": "eu-central-1", @@ -7538,6 +9086,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.229/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.1.48/28", "region": "ap-northeast-3", @@ -7562,6 +9116,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.158/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.163.0/24", "region": "sa-east-1", @@ -7622,6 +9182,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.48/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.92.88.0/22", "region": "eu-west-2", @@ -7646,6 +9212,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "99.83.99.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.243.59/32", "region": "eu-south-1", @@ -7658,6 +9230,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.173/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.206.0/23", "region": "sa-east-1", @@ -7676,6 +9254,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.122.110/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "203.83.220.0/22", "region": "ap-southeast-1", @@ -7730,6 +9314,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.129.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.131.16/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.93.127.26/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.144.224.192/26", "region": "ap-east-1", @@ -7838,6 +9440,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.120.244/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.28.0/22", "region": "ap-northeast-3", @@ -7892,6 +9500,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.156.0.0/15", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.230.39.246/31", "region": "us-east-2", @@ -7952,12 +9566,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.240.132/31", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" - }, { "ip_prefix": "52.95.170.0/23", "region": "eu-north-1", @@ -8060,6 +9668,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.26.160/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.35.0.0/16", "region": "GLOBAL", @@ -8084,6 +9698,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.178.218/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.193.193/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.94.248.16/28", "region": "eu-west-1", @@ -8162,6 +9788,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.178.155/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.252.0/24", "region": "ap-northeast-2", @@ -8198,6 +9830,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.27.64/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.248.64/28", "region": "ap-southeast-2", @@ -8228,6 +9866,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.202/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.250.0/24", "region": "ca-central-1", @@ -8252,6 +9896,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.148.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.198.0.0/16", "region": "us-east-1", @@ -8264,6 +9914,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.122.108/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.164.0.0/15", "region": "ap-northeast-2", @@ -8282,6 +9938,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.228/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.0.128/28", "region": "us-gov-west-1", @@ -8307,10 +9969,10 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.93.240.134/31", - "region": "us-west-2", + "ip_prefix": "52.93.178.216/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-west-1" }, { "ip_prefix": "54.239.0.192/28", @@ -8318,6 +9980,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "99.83.96.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.221.1.0/24", "region": "us-west-2", @@ -8366,6 +10034,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.178.212/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.197.0/24", "region": "us-west-2", @@ -8468,6 +10142,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.193.201/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.94.249.48/28", "region": "eu-south-1", @@ -8612,6 +10292,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "69.234.192.0/18", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "36.103.232.0/25", "region": "GLOBAL", @@ -8624,12 +10310,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.240.136/31", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" - }, { "ip_prefix": "54.178.0.0/16", "region": "ap-northeast-1", @@ -8708,6 +10388,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.50.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.4.0/24", "region": "us-east-2", @@ -8756,6 +10442,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.178.233/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.251.0/24", "region": "us-east-2", @@ -8768,6 +10460,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.25.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.91.0/24", "region": "af-south-1", @@ -8852,6 +10550,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.193.203/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.144.216.6/31", "region": "eu-north-1", @@ -8882,6 +10586,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.27.96/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.27.128/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.18.0.0/15", "region": "eu-west-1", @@ -8900,6 +10616,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.178.171/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.19.0/24", "region": "ap-northeast-3", @@ -8942,6 +10664,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.122.114/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.242.227/32", "region": "af-south-1", @@ -8966,6 +10694,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.178.149/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.240.230.0/23", "region": "us-west-2", @@ -9014,6 +10748,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.190/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.216.0/31", "region": "eu-north-1", @@ -9081,8 +10821,14 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "150.222.129.120/31", - "region": "eu-central-1", + "ip_prefix": "99.83.72.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.129.120/31", + "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, @@ -9116,12 +10862,30 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.230.43.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.178.208/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "65.8.0.0/16", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.122.112/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.23.0/24", "region": "ap-southeast-2", @@ -9134,6 +10898,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.172/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.225/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.20.0/24", "region": "ap-south-1", @@ -9152,6 +10928,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.122.98/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.5.232.0/22", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.178.190/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.79.0.0/16", "region": "ap-southeast-2", @@ -9176,6 +10970,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "209.54.176.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.128.0.0/15", "region": "us-east-2", @@ -9302,6 +11102,24 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.93.178.235/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.163/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.193/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.0.0/22", "region": "us-east-1", @@ -9344,6 +11162,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.178.160/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.178.207/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "64.252.99.0/24", "region": "ap-south-1", @@ -9351,10 +11181,10 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "3.5.0.0/20", - "region": "us-east-1", + "ip_prefix": "3.5.236.0/22", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-east-1" }, { "ip_prefix": "52.144.192.64/26", @@ -9410,6 +11240,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.92.128.0/17", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.178.148/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.240.176/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.28.0/23", "region": "us-west-2", @@ -9494,6 +11342,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.178.186/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.96.0/24", "region": "ap-northeast-1", @@ -9542,6 +11396,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.134.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.228.0.0/15", "region": "ap-southeast-1", @@ -9554,6 +11414,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.178.221/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.248.96/28", "region": "us-west-2", @@ -9596,6 +11462,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.5.224.0/22", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.230.39.148/31", "region": "us-east-2", @@ -9608,6 +11480,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.178.153/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.222.58.32/28", "region": "cn-north-1", @@ -9632,6 +11510,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.28.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.68.0/23", "region": "eu-central-1", @@ -9692,6 +11576,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.80.198.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.244.52.192/26", "region": "us-west-2", @@ -9704,6 +11594,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.80.197.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.241.32.64/26", "region": "us-west-1", @@ -9722,12 +11618,30 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.80.197.128/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.83.35.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "54.248.220.0/26", "region": "ap-northeast-1", "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.83.35.0/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "176.34.159.192/26", "region": "eu-west-1", @@ -9740,6 +11654,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.83.34.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "54.183.255.128/26", "region": "us-west-1", @@ -9776,6 +11696,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.140.0/22", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.150.0/24", "region": "eu-west-2", @@ -9800,6 +11726,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.5.136.0/22", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.219.72.0/22", "region": "eu-central-1", @@ -9818,6 +11750,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.5.160.0/22", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.174.0/24", "region": "me-south-1", @@ -9836,6 +11774,12 @@ "service": "S3", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.95.178.0/23", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.168.0/24", "region": "us-gov-east-1", @@ -9866,6 +11810,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.5.72.0/23", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.166.0/23", "region": "us-gov-east-1", @@ -9884,6 +11834,12 @@ "service": "S3", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.5.152.0/21", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.218.0.0/17", "region": "eu-west-1", @@ -9896,6 +11852,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.5.252.0/22", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.231.0.0/17", "region": "us-east-1", @@ -9914,6 +11876,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.5.228.0/22", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, { "ip_prefix": "52.95.157.0/24", "region": "ap-northeast-3", @@ -9950,12 +11918,30 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "108.175.60.0/22", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "3.5.164.0/22", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.151.0/24", "region": "eu-south-1", "service": "S3", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "3.5.240.0/22", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.95.158.0/23", "region": "ap-northeast-3", @@ -9992,12 +11978,24 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "3.5.76.0/22", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.172.0/23", "region": "me-south-1", "service": "S3", "network_border_group": "me-south-1" }, + { + "ip_prefix": "3.5.64.0/21", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.219.40.0/22", "region": "ap-southeast-1", @@ -10034,18 +12032,42 @@ "service": "S3", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.5.168.0/23", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "108.175.48.0/22", "region": "us-gov-west-1", "service": "S3", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.95.177.0/24", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.175.0/24", "region": "af-south-1", "service": "S3", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.219.164.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.5.248.0/22", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.95.164.0/23", "region": "sa-east-1", @@ -10053,10 +12075,10 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "3.5.16.0/21", - "region": "us-east-1", + "ip_prefix": "52.219.160.0/23", + "region": "ap-south-1", "service": "S3", - "network_border_group": "us-east-1" + "network_border_group": "ap-south-1" }, { "ip_prefix": "52.219.124.0/22", @@ -10064,6 +12086,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.5.0.0/18", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.152.0/23", "region": "eu-south-1", @@ -10071,13 +12099,31 @@ "network_border_group": "eu-south-1" }, { - "ip_prefix": "54.231.128.0/19", - "region": "eu-west-1", + "ip_prefix": "3.5.216.0/22", + "region": "eu-north-1", "service": "S3", - "network_border_group": "eu-west-1" + "network_border_group": "eu-north-1" }, { - "ip_prefix": "52.95.144.0/24", + "ip_prefix": "3.5.146.0/23", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "54.231.128.0/19", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.95.180.0/24", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "52.95.144.0/24", "region": "us-gov-west-1", "service": "S3", "network_border_group": "us-gov-west-1" @@ -10100,6 +12146,12 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.5.220.0/22", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, { "ip_prefix": "52.219.120.0/22", "region": "us-west-1", @@ -10118,12 +12170,30 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.5.144.0/23", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.154.0/23", "region": "eu-west-3", "service": "S3", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.5.80.0/21", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.219.156.0/22", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.219.44.0/22", "region": "eu-central-1", @@ -10154,6 +12224,12 @@ "service": "S3", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.244.0/22", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.219.140.0/24", "region": "eu-central-1", @@ -10214,6 +12290,12 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.5.148.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.222.48.0/22", "region": "cn-north-1", @@ -10227,10 +12309,34 @@ "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "3.5.0.0/20", - "region": "us-east-1", + "ip_prefix": "3.5.232.0/22", + "region": "sa-east-1", "service": "S3", - "network_border_group": "us-east-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "3.5.236.0/22", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.92.128.0/17", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "3.5.134.0/23", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.5.224.0/22", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" }, { "ip_prefix": "52.82.188.0/22", @@ -10262,6 +12368,12 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.218.180.0/22", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.12.0/24", "region": "us-west-1", @@ -10430,6 +12542,12 @@ "service": "DYNAMODB", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.140.0/22", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", @@ -10616,6 +12734,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.136.0/22", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.191.0.0/16", "region": "us-east-2", @@ -10676,6 +12800,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.160.0/22", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "46.51.192.0/20", "region": "eu-west-1", @@ -10796,6 +12926,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "69.235.128.0/18", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "204.236.128.0/18", "region": "us-west-1", @@ -10922,6 +13058,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "69.231.128.0/18", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "108.136.0.0/15", "region": "ap-southeast-3", @@ -10958,6 +13100,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.230.192.0/18", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "160.1.0.0/16", "region": "us-gov-west-1", @@ -11042,6 +13190,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.72.0/23", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.250.0.0/15", "region": "ap-southeast-1", @@ -11084,6 +13238,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.152.0/21", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "18.224.0.0/14", "region": "us-east-2", @@ -11138,6 +13298,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.252.0/22", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -11252,6 +13418,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.50.0.0/16", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.44.0.0/15", "region": "us-east-1", @@ -11276,6 +13448,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.228.0/22", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "3.124.0.0/14", "region": "eu-central-1", @@ -11462,6 +13640,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.80.0.0/12", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "99.77.147.0/24", "region": "me-south-1", @@ -11480,6 +13664,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "108.175.60.0/22", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "46.51.224.0/19", "region": "ap-northeast-1", @@ -11498,12 +13688,24 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.164.0/22", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "99.77.131.0/24", "region": "us-east-2", "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.5.240.0/22", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", @@ -11612,6 +13814,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.76.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "64.252.78.0/24", "region": "sa-east-1", @@ -11756,6 +13964,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.5.64.0/21", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.248.32/28", "region": "ap-southeast-1", @@ -11942,6 +14156,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.168.0/23", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "18.168.0.0/14", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "34.208.0.0/12", "region": "us-west-2", @@ -12044,6 +14270,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.152.0.0/16", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.95.228.0/24", "region": "me-south-1", @@ -12074,6 +14306,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.248.0/22", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "54.215.0.0/16", "region": "us-west-1", @@ -12152,12 +14390,6 @@ "service": "EC2", "network_border_group": "us-west-1" }, - { - "ip_prefix": "3.5.16.0/21", - "region": "us-east-1", - "service": "EC2", - "network_border_group": "us-east-1" - }, { "ip_prefix": "13.125.0.0/16", "region": "ap-northeast-2", @@ -12188,12 +14420,24 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.0.0/18", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.8.0.0/16", "region": "us-west-1", "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.249.192/28", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.247.0/24", "region": "us-west-2", @@ -12254,6 +14498,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.5.216.0/22", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "3.130.0.0/16", "region": "us-east-2", @@ -12308,6 +14558,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.146.0/23", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.95.255.96/28", "region": "us-west-1", @@ -12398,6 +14654,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.95.235.0/24", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.241.0/24", "region": "ap-southeast-2", @@ -12470,6 +14732,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.5.220.0/22", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.177.72.0/24", "region": "eu-north-1", @@ -12554,6 +14822,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.5.144.0/23", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.94.248.112/28", "region": "eu-central-1", @@ -12644,6 +14918,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.98.0.0/15", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.66.0.0/16", "region": "ap-southeast-2", @@ -12770,6 +15050,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.80.0/21", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.152.0.0/16", "region": "eu-south-1", @@ -12944,6 +15230,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.244.0/22", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.253.0.0/16", "region": "us-gov-east-1", @@ -13064,6 +15356,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.156.0.0/15", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.254.0.0/16", "region": "us-west-2", @@ -13202,6 +15500,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.148.0/22", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.198.0.0/16", "region": "us-east-1", @@ -13340,6 +15644,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "69.234.192.0/18", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "54.178.0.0/16", "region": "ap-northeast-1", @@ -13479,10 +15789,16 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "54.79.0.0/16", - "region": "ap-southeast-2", + "ip_prefix": "3.5.232.0/22", + "region": "sa-east-1", "service": "EC2", - "network_border_group": "ap-southeast-2" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "54.79.0.0/16", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" }, { "ip_prefix": "54.251.0.0/16", @@ -13539,10 +15855,10 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "3.5.0.0/20", - "region": "us-east-1", + "ip_prefix": "3.5.236.0/22", + "region": "ap-east-1", "service": "EC2", - "network_border_group": "us-east-1" + "network_border_group": "ap-east-1" }, { "ip_prefix": "18.166.0.0/15", @@ -13586,6 +15902,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.5.134.0/23", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.228.0.0/15", "region": "ap-southeast-1", @@ -13610,6 +15932,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.5.224.0/22", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "54.222.58.32/28", "region": "cn-north-1", @@ -13688,6 +16016,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.230.200.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.253.240.192/26", "region": "GLOBAL", @@ -13772,6 +16106,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.230.208.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "116.129.226.0/25", "region": "GLOBAL", @@ -13796,6 +16136,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.230.224.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "71.152.0.0/17", "region": "GLOBAL", @@ -13874,6 +16220,18 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.230.0.0/17", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.230.128.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.239.128.0/18", "region": "GLOBAL", @@ -13964,12 +16322,6 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "54.230.0.0/16", - "region": "GLOBAL", - "service": "CLOUDFRONT", - "network_border_group": "GLOBAL" - }, { "ip_prefix": "52.124.128.0/17", "region": "GLOBAL", @@ -14090,12 +16442,6 @@ "service": "CODEBUILD", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "177.71.207.16/29", - "region": "sa-east-1", - "service": "CODEBUILD", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "52.47.73.72/29", "region": "eu-west-3", @@ -14204,6 +16550,18 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-west-1" }, + { + "ip_prefix": "99.83.100.0/24", + "region": "ap-northeast-3", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "54.230.192.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.105.0/24", "region": "ap-south-1", @@ -14420,6 +16778,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "99.83.99.0/24", + "region": "eu-central-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.109.0/24", "region": "ap-southeast-2", @@ -14438,6 +16802,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.83.96.0/24", + "region": "ap-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "99.82.163.0/24", "region": "eu-central-1", @@ -14462,6 +16832,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.248.126.0/24", + "region": "ca-central-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "13.248.116.0/24", "region": "us-east-1", @@ -14655,418 +17031,448 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "13.124.199.0/24", - "region": "ap-northeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-northeast-2" - }, - { - "ip_prefix": "35.167.191.128/26", - "region": "us-west-2", + "ip_prefix": "64.252.64.0/18", + "region": "GLOBAL", "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "network_border_group": "GLOBAL" }, { - "ip_prefix": "18.200.212.0/23", - "region": "eu-west-1", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-1" + "ip_prefix": "99.77.128.0/18", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" }, { - "ip_prefix": "99.79.169.0/24", - "region": "ca-central-1", - "service": "CLOUDFRONT", - "network_border_group": "ca-central-1" + "ip_prefix": "99.77.128.0/18", + "region": "GLOBAL", + "service": "CHIME_MEETINGS", + "network_border_group": "GLOBAL" }, { - "ip_prefix": "52.15.127.128/26", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "140.179.1.64/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "34.223.12.224/27", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "140.179.1.96/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "54.233.255.128/26", - "region": "sa-east-1", - "service": "CLOUDFRONT", - "network_border_group": "sa-east-1" + "ip_prefix": "140.179.15.0/26", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "13.54.63.128/26", - "region": "ap-southeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "140.179.15.64/26", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "13.59.250.0/26", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "52.81.124.0/23", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "3.234.232.224/27", - "region": "us-east-1", - "service": "CLOUDFRONT", - "network_border_group": "us-east-1" + "ip_prefix": "52.81.135.128/25", + "region": "cn-north-1", + "service": "API_GATEWAY", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "52.66.194.128/26", - "region": "ap-south-1", - "service": "CLOUDFRONT", - "network_border_group": "ap-south-1" + "ip_prefix": "52.81.137.0/24", + "region": "cn-north-1", + "service": "API_GATEWAY", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "13.228.69.0/24", - "region": "ap-southeast-1", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-1" + "ip_prefix": "52.81.167.128/27", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "64.252.64.0/18", - "region": "GLOBAL", - "service": "CLOUDFRONT", - "network_border_group": "GLOBAL" + "ip_prefix": "52.81.167.192/26", + "region": "cn-north-1", + "service": "DYNAMODB", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "18.216.170.128/25", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "52.81.216.0/23", + "region": "cn-north-1", + "service": "API_GATEWAY", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "3.231.2.0/25", - "region": "us-east-1", - "service": "CLOUDFRONT", - "network_border_group": "us-east-1" + "ip_prefix": "52.81.232.0/26", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" }, { - "ip_prefix": "52.220.191.0/26", - "region": "ap-southeast-1", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-1" + "ip_prefix": "161.189.148.0/23", + "region": "cn-northwest-1", + "service": "API_GATEWAY", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "34.232.163.208/29", - "region": "us-east-1", - "service": "CLOUDFRONT", - "network_border_group": "us-east-1" + "ip_prefix": "161.189.66.128/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "35.162.63.192/26", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "161.189.66.192/26", + "region": "cn-northwest-1", + "service": "DYNAMODB", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "34.223.80.192/26", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "52.82.127.0/24", + "region": "cn-northwest-1", + "service": "API_GATEWAY", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "34.226.14.0/24", - "region": "us-east-1", - "service": "CLOUDFRONT", - "network_border_group": "us-east-1" + "ip_prefix": "52.82.92.0/23", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "13.113.203.0/24", - "region": "ap-northeast-1", - "service": "CLOUDFRONT", - "network_border_group": "ap-northeast-1" + "ip_prefix": "52.83.25.128/27", + "region": "cn-northwest-1", + "service": "CLOUD9", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "34.195.252.0/24", - "region": "us-east-1", - "service": "CLOUDFRONT", - "network_border_group": "us-east-1" + "ip_prefix": "52.83.25.160/27", + "region": "cn-northwest-1", + "service": "CLOUD9", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "52.52.191.128/26", - "region": "us-west-1", - "service": "CLOUDFRONT", - "network_border_group": "us-west-1" + "ip_prefix": "52.83.26.0/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "52.56.127.0/25", - "region": "eu-west-2", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-2" + "ip_prefix": "52.83.26.64/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "34.216.51.0/25", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "52.83.5.0/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "52.199.127.192/26", - "region": "ap-northeast-1", - "service": "CLOUDFRONT", - "network_border_group": "ap-northeast-1" + "ip_prefix": "18.252.4.0/30", + "region": "us-gov-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-gov-east-1" }, { - "ip_prefix": "52.212.248.0/26", - "region": "eu-west-1", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-1" + "ip_prefix": "18.252.56.0/23", + "region": "us-gov-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-east-1" }, { - "ip_prefix": "13.210.67.128/26", - "region": "ap-southeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "18.253.186.0/24", + "region": "us-gov-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-east-1" }, { - "ip_prefix": "35.158.136.0/24", - "region": "eu-central-1", - "service": "CLOUDFRONT", - "network_border_group": "eu-central-1" + "ip_prefix": "15.200.141.0/25", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.57.254.0/24", - "region": "eu-central-1", - "service": "CLOUDFRONT", - "network_border_group": "eu-central-1" + "ip_prefix": "15.200.28.80/30", + "region": "us-gov-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.78.247.128/26", - "region": "ap-northeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-northeast-2" + "ip_prefix": "160.1.128.0/24", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.47.139.0/24", - "region": "eu-west-3", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-3" + "ip_prefix": "13.244.121.0/26", + "region": "af-south-1", + "service": "DYNAMODB", + "network_border_group": "af-south-1" }, { - "ip_prefix": "99.77.128.0/18", - "region": "GLOBAL", + "ip_prefix": "13.244.121.196/30", + "region": "af-south-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.122.0/24", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "GLOBAL" + "network_border_group": "af-south-1" }, { - "ip_prefix": "99.77.128.0/18", - "region": "GLOBAL", - "service": "CHIME_MEETINGS", - "network_border_group": "GLOBAL" + "ip_prefix": "13.244.132.0/23", + "region": "af-south-1", + "service": "API_GATEWAY", + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.208.170.0/23", - "region": "ap-northeast-3", + "ip_prefix": "13.244.165.192/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-northeast-3" + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.234.221.192/26", - "region": "ap-south-1", + "ip_prefix": "13.244.176.128/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.234.8.0/23", - "region": "ap-south-1", + "ip_prefix": "13.244.176.64/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.251.113.64/26", - "region": "ap-southeast-1", + "ip_prefix": "13.244.35.128/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.251.116.0/23", - "region": "ap-southeast-1", + "ip_prefix": "13.244.35.192/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "af-south-1" }, { - "ip_prefix": "13.52.118.0/23", - "region": "us-west-1", + "ip_prefix": "18.162.189.0/24", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.163.139.32/27", + "region": "ap-east-1", + "service": "CLOUD9", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.163.201.0/26", + "region": "ap-east-1", + "service": "DYNAMODB", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.163.201.96/27", + "region": "ap-east-1", + "service": "CLOUD9", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.163.204.0/23", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.163.66.0/23", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "13.52.146.192/26", - "region": "us-west-1", + "ip_prefix": "18.163.68.0/26", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "13.53.180.0/23", - "region": "eu-north-1", + "ip_prefix": "18.166.20.128/26", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "eu-north-1" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "18.228.246.0/23", - "region": "sa-east-1", + "ip_prefix": "18.166.20.192/26", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "3.104.82.0/23", - "region": "ap-southeast-2", + "ip_prefix": "18.166.20.64/26", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "3.112.64.0/23", + "ip_prefix": "13.113.196.64/26", "region": "ap-northeast-1", - "service": "AMAZON", + "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.113.218.0/26", + "ip_prefix": "13.113.203.0/24", "region": "ap-northeast-1", - "service": "AMAZON", + "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.122.128.0/23", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" + "ip_prefix": "18.176.203.120/30", + "region": "ap-northeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.123.12.192/26", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" + "ip_prefix": "18.177.156.192/26", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.15.36.64/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "18.179.48.128/27", + "region": "ap-northeast-1", + "service": "CLOUD9", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.17.136.0/23", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "18.179.48.96/27", + "region": "ap-northeast-1", + "service": "CLOUD9", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.227.250.128/25", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" + "ip_prefix": "18.180.178.0/24", + "region": "ap-northeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.8.168.0/23", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "18.180.180.0/23", + "region": "ap-northeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.83.168.0/22", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" + "ip_prefix": "18.180.88.0/23", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "3.91.171.128/25", - "region": "us-east-1", + "ip_prefix": "18.181.204.128/26", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "34.223.24.0/22", - "region": "us-west-2", + "ip_prefix": "18.181.204.192/26", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "34.223.45.0/25", - "region": "us-west-2", + "ip_prefix": "18.181.242.0/23", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "35.180.244.0/23", - "region": "eu-west-3", - "service": "AMAZON", - "network_border_group": "eu-west-3" + "ip_prefix": "18.182.96.64/26", + "region": "ap-northeast-1", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "54.180.184.0/23", - "region": "ap-northeast-2", + "ip_prefix": "18.183.37.0/26", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "ap-northeast-2" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "63.34.60.0/22", - "region": "eu-west-1", - "service": "AMAZON", - "network_border_group": "eu-west-1" + "ip_prefix": "3.112.162.0/23", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "99.79.34.0/23", - "region": "ca-central-1", - "service": "AMAZON", - "network_border_group": "ca-central-1" + "ip_prefix": "3.112.23.0/29", + "region": "ap-northeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "99.80.34.128/25", - "region": "eu-west-1", + "ip_prefix": "3.112.64.0/23", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "108.128.160.0/23", - "region": "eu-west-1", + "ip_prefix": "3.112.96.160/27", + "region": "ap-northeast-1", "service": "API_GATEWAY", - "network_border_group": "eu-west-1" + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "108.128.162.0/24", - "region": "eu-west-1", - "service": "API_GATEWAY", - "network_border_group": "eu-west-1" + "ip_prefix": "3.113.218.0/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.208.180.0/24", - "region": "ap-northeast-3", - "service": "API_GATEWAY", - "network_border_group": "ap-northeast-3" + "ip_prefix": "3.113.218.76/30", + "region": "ap-northeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.235.228.0/24", - "region": "ap-south-1", - "service": "API_GATEWAY", - "network_border_group": "ap-south-1" + "ip_prefix": "52.199.127.192/26", + "region": "ap-northeast-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.235.6.0/23", - "region": "ap-south-1", - "service": "API_GATEWAY", - "network_border_group": "ap-south-1" + "ip_prefix": "54.250.251.0/24", + "region": "ap-northeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.48.74.0/24", - "region": "eu-north-1", - "service": "API_GATEWAY", - "network_border_group": "eu-north-1" + "ip_prefix": "13.124.199.0/24", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.52.201.0/24", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "13.124.247.0/24", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.52.202.0/24", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "13.209.1.56/29", + "region": "ap-northeast-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-northeast-2" }, { "ip_prefix": "15.164.156.0/23", @@ -15075,502 +17481,502 @@ "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "18.138.134.128/25", - "region": "ap-southeast-1", - "service": "API_GATEWAY", - "network_border_group": "ap-southeast-1" + "ip_prefix": "15.164.243.192/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "18.138.244.0/23", - "region": "ap-southeast-1", - "service": "API_GATEWAY", - "network_border_group": "ap-southeast-1" + "ip_prefix": "15.164.243.224/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "18.144.76.128/25", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "15.164.243.32/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "18.229.100.0/26", - "region": "sa-east-1", - "service": "API_GATEWAY", - "network_border_group": "sa-east-1" + "ip_prefix": "15.165.193.64/26", + "region": "ap-northeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "18.229.99.0/24", - "region": "sa-east-1", + "ip_prefix": "15.165.224.0/23", + "region": "ap-northeast-2", "service": "API_GATEWAY", - "network_border_group": "sa-east-1" + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.10.17.0/25", - "region": "eu-west-2", - "service": "API_GATEWAY", - "network_border_group": "eu-west-2" + "ip_prefix": "3.34.101.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.105.172.0/22", - "region": "ap-southeast-2", - "service": "API_GATEWAY", - "network_border_group": "ap-southeast-2" + "ip_prefix": "3.34.228.0/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.112.162.0/23", - "region": "ap-northeast-1", - "service": "API_GATEWAY", - "network_border_group": "ap-northeast-1" + "ip_prefix": "3.34.228.64/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.112.96.160/27", - "region": "ap-northeast-1", - "service": "API_GATEWAY", - "network_border_group": "ap-northeast-1" + "ip_prefix": "3.34.37.0/24", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.12.216.0/22", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.34.38.0/23", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.123.14.0/24", - "region": "eu-central-1", - "service": "API_GATEWAY", - "network_border_group": "eu-central-1" + "ip_prefix": "3.34.89.192/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.123.15.0/25", - "region": "eu-central-1", - "service": "API_GATEWAY", - "network_border_group": "eu-central-1" + "ip_prefix": "3.34.89.196/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.15.35.0/24", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.35.130.128/25", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.15.36.0/26", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "52.78.247.128/26", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.216.135.0/24", - "region": "us-east-1", - "service": "API_GATEWAY", - "network_border_group": "us-east-1" + "ip_prefix": "54.180.184.0/23", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.216.136.0/21", - "region": "us-east-1", - "service": "API_GATEWAY", - "network_border_group": "us-east-1" + "ip_prefix": "13.208.170.0/23", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" }, { - "ip_prefix": "3.216.144.0/23", - "region": "us-east-1", + "ip_prefix": "13.208.180.0/24", + "region": "ap-northeast-3", "service": "API_GATEWAY", - "network_border_group": "us-east-1" + "network_border_group": "ap-northeast-3" }, { - "ip_prefix": "3.216.148.0/22", - "region": "us-east-1", + "ip_prefix": "13.208.194.0/23", + "region": "ap-northeast-3", "service": "API_GATEWAY", - "network_border_group": "us-east-1" + "network_border_group": "ap-northeast-3" }, { - "ip_prefix": "3.9.94.0/24", - "region": "eu-west-2", - "service": "API_GATEWAY", - "network_border_group": "eu-west-2" + "ip_prefix": "13.232.67.128/27", + "region": "ap-south-1", + "service": "CLOUD9", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "34.223.68.0/22", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "13.232.67.160/27", + "region": "ap-south-1", + "service": "CLOUD9", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "34.223.72.0/23", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "13.233.177.0/29", + "region": "ap-south-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "34.223.74.0/25", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "13.233.177.192/26", + "region": "ap-south-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "35.181.128.0/24", - "region": "eu-west-3", - "service": "API_GATEWAY", - "network_border_group": "eu-west-3" + "ip_prefix": "13.234.221.192/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "44.233.54.0/23", - "region": "us-west-2", + "ip_prefix": "13.234.8.0/23", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.235.228.0/24", + "region": "ap-south-1", "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "99.79.126.0/24", - "region": "ca-central-1", + "ip_prefix": "13.235.6.0/23", + "region": "ap-south-1", "service": "API_GATEWAY", - "network_border_group": "ca-central-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.210.2.192/26", - "region": "ap-southeast-2", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "15.206.137.128/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.236.8.0/25", - "region": "ap-southeast-2", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "18.182.96.64/26", - "region": "ap-northeast-1", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-northeast-1" + "ip_prefix": "15.206.137.192/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "18.184.2.128/25", - "region": "eu-central-1", - "service": "AMAZON_CONNECT", - "network_border_group": "eu-central-1" + "ip_prefix": "15.207.13.0/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "18.233.213.128/25", - "region": "us-east-1", - "service": "AMAZON_CONNECT", - "network_border_group": "us-east-1" + "ip_prefix": "15.207.13.128/25", + "region": "ap-south-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "18.236.61.0/25", - "region": "us-west-2", - "service": "AMAZON_CONNECT", - "network_border_group": "us-west-2" + "ip_prefix": "15.207.213.128/25", + "region": "ap-south-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "35.158.127.64/26", - "region": "eu-central-1", - "service": "AMAZON_CONNECT", - "network_border_group": "eu-central-1" + "ip_prefix": "3.6.70.128/26", + "region": "ap-south-1", + "service": "DYNAMODB", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "52.55.191.224/27", - "region": "us-east-1", - "service": "AMAZON_CONNECT", - "network_border_group": "us-east-1" + "ip_prefix": "3.6.70.76/30", + "region": "ap-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "54.190.198.32/28", - "region": "us-west-2", - "service": "AMAZON_CONNECT", - "network_border_group": "us-west-2" + "ip_prefix": "3.7.10.0/23", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.232.67.128/27", + "ip_prefix": "3.7.25.48/30", "region": "ap-south-1", - "service": "CLOUD9", + "service": "AMAZON_APPFLOW", "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.232.67.160/27", + "ip_prefix": "52.66.194.128/26", "region": "ap-south-1", - "service": "CLOUD9", + "service": "CLOUDFRONT", "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.236.82.128/27", - "region": "ap-southeast-2", - "service": "CLOUD9", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.212.3.128/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.236.82.96/27", - "region": "ap-southeast-2", - "service": "CLOUD9", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.212.3.64/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.128/27", + "ip_prefix": "13.228.69.0/24", "region": "ap-southeast-1", - "service": "CLOUD9", + "service": "CLOUDFRONT", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.160/27", + "ip_prefix": "13.250.186.128/27", "region": "ap-southeast-1", "service": "CLOUD9", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.48.186.128/27", - "region": "eu-north-1", + "ip_prefix": "13.250.186.160/27", + "region": "ap-southeast-1", "service": "CLOUD9", - "network_border_group": "eu-north-1" + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.48.186.160/27", - "region": "eu-north-1", - "service": "CLOUD9", - "network_border_group": "eu-north-1" + "ip_prefix": "13.251.113.64/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.52.232.224/27", - "region": "us-west-1", - "service": "CLOUD9", - "network_border_group": "us-west-1" + "ip_prefix": "13.251.116.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.164.243.192/27", - "region": "ap-northeast-2", - "service": "CLOUD9", - "network_border_group": "ap-northeast-2" + "ip_prefix": "18.138.134.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.164.243.32/27", - "region": "ap-northeast-2", - "service": "CLOUD9", - "network_border_group": "ap-northeast-2" + "ip_prefix": "18.138.244.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.188.210.32/27", - "region": "eu-west-3", - "service": "CLOUD9", - "network_border_group": "eu-west-3" + "ip_prefix": "18.141.148.0/26", + "region": "ap-southeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.188.210.64/27", - "region": "eu-west-3", - "service": "CLOUD9", - "network_border_group": "eu-west-3" + "ip_prefix": "18.141.148.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.222.16.96/27", - "region": "ca-central-1", - "service": "CLOUD9", - "network_border_group": "ca-central-1" + "ip_prefix": "18.141.150.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.222.43.0/27", - "region": "ca-central-1", - "service": "CLOUD9", - "network_border_group": "ca-central-1" + "ip_prefix": "18.141.152.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.144.158.0/27", - "region": "us-west-1", - "service": "CLOUD9", - "network_border_group": "us-west-1" + "ip_prefix": "18.141.154.0/23", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.179.48.128/27", - "region": "ap-northeast-1", - "service": "CLOUD9", - "network_border_group": "ap-northeast-1" + "ip_prefix": "18.141.226.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.179.48.96/27", - "region": "ap-northeast-1", - "service": "CLOUD9", - "network_border_group": "ap-northeast-1" + "ip_prefix": "18.141.238.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.184.138.224/27", - "region": "eu-central-1", - "service": "CLOUD9", - "network_border_group": "eu-central-1" + "ip_prefix": "18.141.66.248/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.184.203.128/27", - "region": "eu-central-1", - "service": "CLOUD9", - "network_border_group": "eu-central-1" + "ip_prefix": "18.141.66.252/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.188.9.0/27", - "region": "us-east-2", - "service": "CLOUD9", - "network_border_group": "us-east-2" + "ip_prefix": "3.0.5.32/29", + "region": "ap-southeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.188.9.32/27", - "region": "us-east-2", - "service": "CLOUD9", - "network_border_group": "us-east-2" + "ip_prefix": "52.220.191.0/26", + "region": "ap-southeast-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.230.46.0/27", - "region": "sa-east-1", - "service": "CLOUD9", - "network_border_group": "sa-east-1" + "ip_prefix": "52.76.127.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.230.46.32/27", - "region": "sa-east-1", - "service": "CLOUD9", - "network_border_group": "sa-east-1" + "ip_prefix": "13.210.2.192/26", + "region": "ap-southeast-2", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.10.127.32/27", - "region": "eu-west-2", - "service": "CLOUD9", - "network_border_group": "eu-west-2" + "ip_prefix": "13.210.67.128/26", + "region": "ap-southeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.10.201.64/27", - "region": "eu-west-2", - "service": "CLOUD9", - "network_border_group": "eu-west-2" + "ip_prefix": "13.236.8.0/25", + "region": "ap-southeast-2", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "34.217.141.224/27", - "region": "us-west-2", + "ip_prefix": "13.236.82.128/27", + "region": "ap-southeast-2", "service": "CLOUD9", - "network_border_group": "us-west-2" + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "34.218.119.32/27", - "region": "us-west-2", + "ip_prefix": "13.236.82.96/27", + "region": "ap-southeast-2", "service": "CLOUD9", - "network_border_group": "us-west-2" + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "34.245.205.0/27", - "region": "eu-west-1", - "service": "CLOUD9", - "network_border_group": "eu-west-1" + "ip_prefix": "13.239.158.0/29", + "region": "ap-southeast-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "34.245.205.64/27", - "region": "eu-west-1", - "service": "CLOUD9", - "network_border_group": "eu-west-1" + "ip_prefix": "13.54.63.128/26", + "region": "ap-southeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "35.172.155.192/27", - "region": "us-east-1", - "service": "CLOUD9", - "network_border_group": "us-east-1" + "ip_prefix": "3.104.82.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "35.172.155.96/27", - "region": "us-east-1", - "service": "CLOUD9", - "network_border_group": "us-east-1" + "ip_prefix": "3.105.172.0/22", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "13.209.1.56/29", - "region": "ap-northeast-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-northeast-2" + "ip_prefix": "3.24.227.192/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "13.233.177.0/29", - "region": "ap-south-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-south-1" + "ip_prefix": "3.25.138.0/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "13.239.158.0/29", + "ip_prefix": "3.25.138.64/26", "region": "ap-southeast-2", - "service": "EC2_INSTANCE_CONNECT", + "service": "AMAZON", "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "13.48.4.200/30", - "region": "eu-north-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-north-1" + "ip_prefix": "3.25.178.128/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "13.52.6.112/29", - "region": "us-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-1" + "ip_prefix": "3.25.37.128/25", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "18.202.216.48/29", - "region": "eu-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-1" + "ip_prefix": "3.25.37.64/26", + "region": "ap-southeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "18.206.107.24/29", - "region": "us-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-east-1" + "ip_prefix": "3.25.38.0/23", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "18.228.70.32/29", - "region": "sa-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "sa-east-1" + "ip_prefix": "3.25.40.0/24", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "18.237.140.160/29", - "region": "us-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-2" + "ip_prefix": "3.25.43.0/24", + "region": "ap-southeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.0.5.32/29", - "region": "ap-southeast-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-southeast-1" + "ip_prefix": "3.25.44.0/23", + "region": "ap-southeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.112.23.0/29", - "region": "ap-northeast-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-northeast-1" + "ip_prefix": "3.25.47.28/30", + "region": "ap-southeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.120.181.40/29", - "region": "eu-central-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-central-1" + "ip_prefix": "3.25.47.32/30", + "region": "ap-southeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.16.146.0/29", - "region": "us-east-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-east-2" + "ip_prefix": "54.153.254.0/24", + "region": "ap-southeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "3.8.37.24/29", - "region": "eu-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-2" + "ip_prefix": "15.222.16.96/27", + "region": "ca-central-1", + "service": "CLOUD9", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "35.180.112.80/29", - "region": "eu-west-3", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-3" + "ip_prefix": "15.222.43.0/27", + "region": "ca-central-1", + "service": "CLOUD9", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "35.183.92.176/29", + "ip_prefix": "15.222.43.128/26", "region": "ca-central-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "DYNAMODB", "network_border_group": "ca-central-1" }, { - "ip_prefix": "13.124.247.0/24", - "region": "ap-northeast-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-2" + "ip_prefix": "15.222.43.32/27", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" }, { "ip_prefix": "15.223.100.0/24", @@ -15585,238 +17991,1294 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.132.21.0/24", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" - }, - { - "ip_prefix": "18.132.22.0/23", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" + "ip_prefix": "15.223.52.0/23", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.141.152.0/24", - "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-1" + "ip_prefix": "3.96.143.128/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.141.154.0/23", - "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-1" + "ip_prefix": "3.96.143.192/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.156.52.0/24", - "region": "eu-central-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-central-1" + "ip_prefix": "3.96.2.68/30", + "region": "ca-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.156.54.0/23", - "region": "eu-central-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-central-1" + "ip_prefix": "3.96.2.72/30", + "region": "ca-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.180.178.0/24", - "region": "ap-northeast-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-1" + "ip_prefix": "3.96.84.0/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.180.180.0/23", - "region": "ap-northeast-1", + "ip_prefix": "35.183.255.0/24", + "region": "ca-central-1", "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-1" + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.230.103.0/24", - "region": "sa-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "sa-east-1" + "ip_prefix": "35.183.92.176/29", + "region": "ca-central-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "18.230.104.0/23", - "region": "sa-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "sa-east-1" + "ip_prefix": "99.79.126.0/24", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "3.217.228.0/22", - "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-east-1" + "ip_prefix": "99.79.169.0/24", + "region": "ca-central-1", + "service": "CLOUDFRONT", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "3.235.112.0/21", - "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-east-1" + "ip_prefix": "99.79.34.0/23", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" }, { - "ip_prefix": "3.249.28.0/23", - "region": "eu-west-1", + "ip_prefix": "18.156.52.0/24", + "region": "eu-central-1", "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.25.43.0/24", - "region": "ap-southeast-2", + "ip_prefix": "18.156.54.0/23", + "region": "eu-central-1", "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-2" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.25.44.0/23", - "region": "ap-southeast-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-2" + "ip_prefix": "18.157.237.128/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.34.37.0/24", - "region": "ap-northeast-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-2" + "ip_prefix": "18.157.237.192/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.34.38.0/23", - "region": "ap-northeast-2", + "ip_prefix": "18.157.71.192/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.184.138.224/27", + "region": "eu-central-1", + "service": "CLOUD9", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.184.2.128/25", + "region": "eu-central-1", + "service": "AMAZON_CONNECT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.184.203.128/27", + "region": "eu-central-1", + "service": "CLOUD9", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.192.142.0/23", + "region": "eu-central-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.120.181.40/29", + "region": "eu-central-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.122.128.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.12.192/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.14.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.15.0/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.128/26", + "region": "eu-central-1", + "service": "DYNAMODB", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.244/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.248/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.74.0/23", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.158.127.64/26", + "region": "eu-central-1", + "service": "AMAZON_CONNECT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.158.136.0/24", + "region": "eu-central-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.57.254.0/24", + "region": "eu-central-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.59.127.0/24", + "region": "eu-central-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.48.186.128/27", + "region": "eu-north-1", + "service": "CLOUD9", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.186.160/27", + "region": "eu-north-1", + "service": "CLOUD9", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.186.192/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.32.0/24", + "region": "eu-north-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.200/30", + "region": "eu-north-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.74.0/24", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.49.126.128/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.49.143.0/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.49.143.64/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.49.40.64/26", + "region": "eu-north-1", + "service": "DYNAMODB", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.49.42.0/23", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.53.180.0/23", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.161.135.0/26", + "region": "eu-south-1", + "service": "DYNAMODB", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.135.164/30", + "region": "eu-south-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.135.64/27", + "region": "eu-south-1", + "service": "CLOUD9", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.135.96/27", + "region": "eu-south-1", + "service": "CLOUD9", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.136.0/24", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.140.0/23", + "region": "eu-south-1", + "service": "API_GATEWAY", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.164.128/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.192.0/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.192.64/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.68.128/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.68.192/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "108.128.160.0/23", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "108.128.162.0/24", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "18.200.212.0/23", + "region": "eu-west-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "18.202.216.48/29", + "region": "eu-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.92/30", + "region": "eu-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.244.0/26", + "region": "eu-west-1", + "service": "DYNAMODB", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.244.240/30", + "region": "eu-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.245.0/24", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.246.0/23", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.249.28.0/23", + "region": "eu-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.250.209.192/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.250.210.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.250.243.64/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.250.244.0/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.56.0/24", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.62.128/25", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.205.0/27", + "region": "eu-west-1", + "service": "CLOUD9", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.205.64/27", + "region": "eu-west-1", + "service": "CLOUD9", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.19.124.0/23", + "region": "eu-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.212.248.0/26", + "region": "eu-west-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "63.34.60.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.34.128/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "18.130.91.144/30", + "region": "eu-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.130.91.148/30", + "region": "eu-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.146.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.21.0/24", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.22.0/23", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.133.45.0/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.133.45.64/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.127.32/27", + "region": "eu-west-2", + "service": "CLOUD9", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.17.0/25", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.17.128/25", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.192/26", + "region": "eu-west-2", + "service": "DYNAMODB", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.64/27", + "region": "eu-west-2", + "service": "CLOUD9", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.11.53.0/24", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.168.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.37.24/29", + "region": "eu-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.94.0/24", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.176.32.0/24", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.179.42.0/23", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.56.127.0/25", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.188.184.0/24", + "region": "eu-west-3", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.128/26", + "region": "eu-west-3", + "service": "DYNAMODB", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.196/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.200/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.32/27", + "region": "eu-west-3", + "service": "CLOUD9", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.64/27", + "region": "eu-west-3", + "service": "CLOUD9", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.155.192/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.231.0/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.231.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.80.0/23", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.112.80/29", + "region": "eu-west-3", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.244.0/23", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.181.128.0/24", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.47.139.0/24", + "region": "eu-west-3", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.184.1.128/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.1.64/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.141.160/27", + "region": "me-south-1", + "service": "CLOUD9", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.141.192/26", + "region": "me-south-1", + "service": "DYNAMODB", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.144.0/23", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.245.0/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.192/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.86.0/23", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.91.32/27", + "region": "me-south-1", + "service": "CLOUD9", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.140.0/23", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.228.1.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.1.192/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.1.64/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.246.0/23", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.70.32/29", + "region": "sa-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.0/26", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.112/30", + "region": "sa-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.116/30", + "region": "sa-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.220.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.220.192/26", + "region": "sa-east-1", + "service": "CLOUDFRONT", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.99.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.103.0/24", + "region": "sa-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.104.0/23", + "region": "sa-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.46.0/27", + "region": "sa-east-1", + "service": "CLOUD9", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.46.128/26", + "region": "sa-east-1", + "service": "DYNAMODB", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.46.32/27", + "region": "sa-east-1", + "service": "CLOUD9", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.230.54.0/23", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "54.233.204.0/24", + "region": "sa-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "54.233.255.128/26", + "region": "sa-east-1", + "service": "CLOUDFRONT", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.206.107.24/29", + "region": "us-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.233.213.128/25", + "region": "us-east-1", + "service": "AMAZON_CONNECT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.216.135.0/24", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.216.136.0/21", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.216.144.0/23", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.216.148.0/22", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.217.228.0/22", + "region": "us-east-1", "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-2" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.180.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.180.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.181.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.181.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.182.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.182.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.183.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.183.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.227.250.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.231.2.0/25", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.234.232.224/27", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.234.248.192/26", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.112.0/21", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.189.100/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.189.96/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.202.128/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.26.0/23", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.32.0/21", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.169.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.169.192/26", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.32.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.48.0/23", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.94.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.237.107.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.83.168.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.91.171.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.195.252.0/24", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.226.14.0/24", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.172.155.192/27", + "region": "us-east-1", + "service": "CLOUD9", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.172.155.96/27", + "region": "us-east-1", + "service": "CLOUD9", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.23.61.0/24", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.23.62.0/24", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.55.191.224/27", + "region": "us-east-1", + "service": "AMAZON_CONNECT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.59.250.0/26", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.0/27", + "region": "us-east-2", + "service": "CLOUD9", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.32/27", + "region": "us-east-2", + "service": "CLOUD9", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.216.170.128/25", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.216.0/22", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.128/26", + "region": "us-east-2", + "service": "DYNAMODB", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.88/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.92/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" }, { - "ip_prefix": "35.176.32.0/24", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" + "ip_prefix": "3.128.56.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { - "ip_prefix": "35.183.255.0/24", - "region": "ca-central-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ca-central-1" + "ip_prefix": "3.128.56.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { - "ip_prefix": "44.234.54.0/23", - "region": "us-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-west-2" + "ip_prefix": "3.128.56.64/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { - "ip_prefix": "52.19.124.0/23", - "region": "eu-west-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-1" + "ip_prefix": "3.128.93.0/24", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" }, { - "ip_prefix": "52.23.61.0/24", - "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-east-1" + "ip_prefix": "3.134.215.0/24", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" }, { - "ip_prefix": "52.23.62.0/24", - "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-east-1" + "ip_prefix": "3.15.35.0/24", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" }, { - "ip_prefix": "52.59.127.0/24", - "region": "eu-central-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-central-1" + "ip_prefix": "3.15.36.0/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" }, { - "ip_prefix": "52.76.127.0/24", - "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-1" + "ip_prefix": "3.15.36.64/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { - "ip_prefix": "54.153.254.0/24", - "region": "ap-southeast-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-southeast-2" + "ip_prefix": "3.16.146.0/29", + "region": "us-east-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-east-2" }, { - "ip_prefix": "54.233.204.0/24", - "region": "sa-east-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "sa-east-1" + "ip_prefix": "3.17.136.0/23", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { - "ip_prefix": "54.244.46.0/23", - "region": "us-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-west-2" + "ip_prefix": "3.21.86.0/23", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" }, { - "ip_prefix": "54.250.251.0/24", - "region": "ap-northeast-1", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "ap-northeast-1" + "ip_prefix": "52.15.127.128/26", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" }, { - "ip_prefix": "3.218.180.0/22", - "region": "us-east-1", - "service": "DYNAMODB", - "network_border_group": "us-east-1" + "ip_prefix": "13.52.118.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { - "ip_prefix": "15.188.210.196/30", - "region": "eu-west-3", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-3" + "ip_prefix": "13.52.146.192/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { - "ip_prefix": "15.188.210.200/30", - "region": "eu-west-3", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-3" + "ip_prefix": "13.52.201.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.130.91.144/30", - "region": "eu-west-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-2" + "ip_prefix": "13.52.202.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.130.91.148/30", - "region": "eu-west-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-2" + "ip_prefix": "13.52.232.224/27", + "region": "us-west-1", + "service": "CLOUD9", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.141.66.248/30", - "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-southeast-1" + "ip_prefix": "13.52.6.112/29", + "region": "us-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.141.66.252/30", - "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-southeast-1" + "ip_prefix": "18.144.158.0/27", + "region": "us-west-1", + "service": "CLOUD9", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.176.203.120/30", - "region": "ap-northeast-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-northeast-1" + "ip_prefix": "18.144.158.64/26", + "region": "us-west-1", + "service": "DYNAMODB", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.229.100.112/30", - "region": "sa-east-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "sa-east-1" + "ip_prefix": "18.144.184.0/23", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" }, { - "ip_prefix": "18.229.100.116/30", - "region": "sa-east-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "sa-east-1" + "ip_prefix": "18.144.76.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.100.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.114.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.114.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "3.101.52.208/30", @@ -15831,106 +19293,160 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "3.113.218.76/30", - "region": "ap-northeast-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-northeast-1" + "ip_prefix": "3.101.87.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { - "ip_prefix": "3.12.23.88/30", - "region": "us-east-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-2" + "ip_prefix": "52.52.191.128/26", + "region": "us-west-1", + "service": "CLOUDFRONT", + "network_border_group": "us-west-1" }, { - "ip_prefix": "3.12.23.92/30", - "region": "us-east-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-2" + "ip_prefix": "18.236.61.0/25", + "region": "us-west-2", + "service": "AMAZON_CONNECT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.237.140.160/29", + "region": "us-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.51.0/25", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.224/27", + "region": "us-west-2", + "service": "CLOUD9", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.32/27", + "region": "us-west-2", + "service": "CLOUD9", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.12.224/27", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.24.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.45.0/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.68.0/22", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.72.0/23", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.127.48.244/30", - "region": "eu-central-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-central-1" + "ip_prefix": "34.223.74.0/25", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.127.48.248/30", - "region": "eu-central-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-central-1" + "ip_prefix": "34.223.80.192/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.235.189.100/30", - "region": "us-east-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-1" + "ip_prefix": "35.162.63.192/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.235.189.96/30", - "region": "us-east-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-1" + "ip_prefix": "35.167.191.128/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.248.186.92/30", - "region": "eu-west-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-1" + "ip_prefix": "44.227.178.0/24", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.248.244.240/30", - "region": "eu-west-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-1" + "ip_prefix": "44.233.54.0/23", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.25.47.28/30", - "region": "ap-southeast-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-southeast-2" + "ip_prefix": "44.234.106.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.25.47.32/30", - "region": "ap-southeast-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-southeast-2" + "ip_prefix": "44.234.108.128/25", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.34.89.192/30", - "region": "ap-northeast-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-northeast-2" + "ip_prefix": "44.234.113.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.34.89.196/30", - "region": "ap-northeast-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-northeast-2" + "ip_prefix": "44.234.123.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.6.70.76/30", - "region": "ap-south-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-south-1" + "ip_prefix": "44.234.123.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.7.25.48/30", - "region": "ap-south-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ap-south-1" + "ip_prefix": "44.234.22.128/26", + "region": "us-west-2", + "service": "DYNAMODB", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.96.2.68/30", - "region": "ca-central-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ca-central-1" + "ip_prefix": "44.234.28.0/22", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" }, { - "ip_prefix": "3.96.2.72/30", - "region": "ca-central-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "ca-central-1" + "ip_prefix": "44.234.54.0/23", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" }, { "ip_prefix": "44.234.73.116/30", @@ -15945,28 +19461,22 @@ "network_border_group": "us-west-2" }, { - "ip_prefix": "18.252.4.0/30", - "region": "us-gov-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-gov-east-1" - }, - { - "ip_prefix": "15.200.28.80/30", - "region": "us-gov-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-gov-west-1" + "ip_prefix": "44.234.90.252/30", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "15.161.135.164/30", - "region": "eu-south-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-south-1" + "ip_prefix": "54.190.198.32/28", + "region": "us-west-2", + "service": "AMAZON_CONNECT", + "network_border_group": "us-west-2" }, { - "ip_prefix": "13.244.121.196/30", - "region": "af-south-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "af-south-1" + "ip_prefix": "54.244.46.0/23", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" } ], "ipv6_prefixes": [ @@ -16036,6 +19546,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2620:107:4000:a940::/58", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2600:1ffd:80a7::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ff9:e000::/40", "region": "sa-east-1", @@ -16114,6 +19636,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1ffd:80c8::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d050:2000::/40", "region": "eu-west-3", @@ -16126,6 +19654,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1f01:4802::/47", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2620:108:7000::/44", "region": "us-west-2", @@ -16396,6 +19930,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2600:1ffd:82be::/48", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:9000:a500::/40", "region": "GLOBAL", @@ -16414,6 +19954,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ffd:80e1::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2620:107:4000:40::/64", "region": "us-west-1", @@ -16474,6 +20020,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ffd:8492::/48", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2406:da19::/36", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2620:108:d000::/44", "region": "us-gov-west-1", @@ -16534,6 +20092,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2620:107:4000:a880::/58", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:da00:2000::/40", "region": "ap-northeast-2", @@ -16552,6 +20116,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:1ffd:8149::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2620:107:4008::/45", "region": "us-east-1", @@ -16660,6 +20230,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:807b::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:daff:2000::/40", "region": "ap-northeast-2", @@ -16702,12 +20278,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2400:6500:0:7800::/56", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2a05:d07c:4000::/40", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1f01:48e2::/47", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2a05:d016::/36", "region": "eu-north-1", @@ -16720,6 +20308,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2620:107:4000:a900::/58", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2a05:d014::/36", "region": "eu-central-1", @@ -16774,12 +20368,36 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2600:1ffd:812f::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2a05:d000:2000::/40", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:daff:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2600:1ffd:8285::/48", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2600:1ffd:8422::/48", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -16792,6 +20410,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf8:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", @@ -16810,6 +20434,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:80f0::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2400:6500:0:7700::/56", "region": "af-south-1", @@ -16822,12 +20452,24 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:1ffd:84af::/48", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:9000:2000::/36", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:1ffd:85e8::/48", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:9000:a300::/40", "region": "GLOBAL", @@ -16864,6 +20506,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1ffd:8188::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2406:dafc:1000::/40", "region": "af-south-1", @@ -16916,7 +20564,13 @@ "ipv6_prefix": "2406:dafa:6000::/40", "region": "ap-northeast-3", "service": "AMAZON", - "network_border_group": "ap-northeast-3" + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2600:1ffd:838e::/48", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { "ipv6_prefix": "2600:1ff8:2000::/40", @@ -17044,18 +20698,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1ffd:80d0::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d01a::/36", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2620:107:4000:a8c0::/58", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:daf8:8000::/40", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1ffd:816c::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1ffe:1000::/40", "region": "ca-central-1", @@ -17086,6 +20758,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ffd:83ad::/48", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d07f:6000::/40", "region": "eu-north-1", @@ -17140,6 +20818,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:83d2::/48", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:9000:a200::/40", "region": "GLOBAL", @@ -17188,6 +20872,12 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2600:1ffd:85c0::/48", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:daf8:1000::/40", "region": "af-south-1", @@ -17224,12 +20914,30 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ffd:818f::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1ffd:81c2::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2a05:d050:e000::/40", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1ffd:84bd::/48", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:1f01:4800::/47", "region": "ap-south-1", @@ -17260,6 +20968,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2600:1ffd:803f::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:dafc:6000::/40", "region": "ap-northeast-3", @@ -17362,6 +21076,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2600:1ffd:8165::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2a05:d078:2000::/40", "region": "eu-west-3", @@ -17386,6 +21106,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:819f::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2400:6500:0:7500::/56", "region": "ap-south-1", @@ -17494,6 +21220,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2600:1f01:4804::/47", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d050:4000::/40", "region": "eu-central-1", @@ -17518,6 +21250,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:dafc:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1fa0:5000::/40", "region": "us-gov-east-1", @@ -17572,6 +21310,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ffd:8508::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da00:c000::/40", "region": "ap-southeast-2", @@ -17590,12 +21334,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2620:107:4000:a840::/58", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2400:7fc0:2c00::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:833b::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fff:3000::/40", "region": "us-west-2", @@ -17638,12 +21394,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ffd:8066::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2400:6500:0:7000::/56", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:daa0:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:dafa:8000::/40", "region": "ap-southeast-1", @@ -17710,12 +21478,6 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, - { - "ipv6_prefix": "2600:1ffd:857f::/48", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" - }, { "ipv6_prefix": "2a05:d03a:e000::/40", "region": "me-south-1", @@ -17728,6 +21490,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2600:1ffd:85b2::/48", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2a05:d03a:2000::/40", "region": "eu-west-3", @@ -17764,6 +21532,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:dafe:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -17776,6 +21550,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:1ffd:8190::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2406:daa0:1000::/40", "region": "af-south-1", @@ -17788,6 +21568,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1ffd:81a7::/48", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2406:dafa:e000::/40", "region": "ap-east-1", @@ -17824,6 +21610,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf9:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4870::/47", "region": "eu-west-2", @@ -17896,12 +21688,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2406:da00:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1ffd:831b::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d07f:4000::/40", "region": "eu-central-1", @@ -17962,6 +21766,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:1ffd:80cb::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d07c:c000::/40", "region": "eu-west-2", @@ -17998,6 +21808,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1ffd:8143::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -18130,6 +21946,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2400:7fc0:83cc:cc00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2804:800:ff00::b147:cf80/122", "region": "sa-east-1", @@ -18184,6 +22006,24 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2400:7fc0:83cc:ce00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:cd00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:ce00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2600:1f1c:7ff:f800::/53", "region": "us-west-1", @@ -18214,6 +22054,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2404:c2c0:83cc:cc00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2600:1f1c:fff:f800::/53", "region": "us-west-1", @@ -18292,6 +22138,12 @@ "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2400:7fc0:83cc:cd00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2600:1f14:7ff:f800::/53", "region": "us-west-2", @@ -18544,6 +22396,12 @@ "service": "S3", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:daf8:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", @@ -18814,6 +22672,12 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daa0:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:dafa:8000::/40", "region": "ap-southeast-1", @@ -18868,6 +22732,12 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:daf9:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2a05:d079:e000::/40", "region": "me-south-1", @@ -18970,6 +22840,12 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:1ffd:80a7::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:da70:6000::/40", "region": "ap-northeast-3", @@ -19000,6 +22876,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1ffd:80c8::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2404:c2c0::/40", "region": "cn-northwest-1", @@ -19084,12 +22966,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ffd:82be::/48", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2404:c2c0:4000::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1ffd:80e1::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f00:5000::/40", "region": "us-gov-east-1", @@ -19102,6 +22996,18 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ffd:8492::/48", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2406:da19::/36", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f70:c000::/40", "region": "us-west-1", @@ -19126,6 +23032,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2600:1ffd:8149::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2a05:d000:4000::/40", "region": "eu-central-1", @@ -19174,6 +23086,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1ffd:807b::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:daff:2000::/40", "region": "ap-northeast-2", @@ -19223,22 +23141,46 @@ "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2600:1f60:6000::/40", - "region": "us-east-2", + "ipv6_prefix": "2600:1f60:6000::/40", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2406:daff:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, + { + "ipv6_prefix": "2600:1ffd:812f::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2a05:d000:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:daff:9000::/40", + "region": "ap-southeast-3", "service": "EC2", - "network_border_group": "us-east-2" + "network_border_group": "ap-southeast-3" }, { - "ipv6_prefix": "2406:daff:1000::/40", - "region": "af-south-1", + "ipv6_prefix": "2600:1ffd:8285::/48", + "region": "ap-south-1", "service": "EC2", - "network_border_group": "af-south-1" + "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2a05:d000:2000::/40", - "region": "eu-west-3", + "ipv6_prefix": "2600:1ffd:8422::/48", + "region": "ap-southeast-1", "service": "EC2", - "network_border_group": "eu-west-3" + "network_border_group": "ap-southeast-1" }, { "ipv6_prefix": "2a01:578:3::/64", @@ -19252,12 +23194,36 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:80f0::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f00:2000::/40", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:1ffd:84af::/48", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2600:1ffd:85e8::/48", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2600:1ffd:8188::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1f70:8000::/40", "region": "us-east-1", @@ -19282,6 +23248,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ffd:838e::/48", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d03a:6000::/40", "region": "eu-north-1", @@ -19336,12 +23308,24 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1ffd:80d0::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d01a::/36", "region": "eu-south-1", "service": "EC2", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1ffd:816c::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "240f:80ff:8000::/40", "region": "cn-north-1", @@ -19354,6 +23338,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2600:1ffd:83ad::/48", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d07f:6000::/40", "region": "eu-north-1", @@ -19372,6 +23362,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ffd:83d2::/48", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2406:da11::/36", "region": "af-south-1", @@ -19390,12 +23386,42 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2600:1ffd:85c0::/48", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2600:1ffd:818f::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1ffd:81c2::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1ffd:84bd::/48", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:c000::/40", "region": "eu-west-2", "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2600:1ffd:803f::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d03a:a000::/40", "region": "eu-south-1", @@ -19432,6 +23458,12 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2600:1ffd:8165::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "240f:8000:4000::/40", "region": "cn-northwest-1", @@ -19444,6 +23476,12 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ffd:819f::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", @@ -19498,6 +23536,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ffd:8508::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da00:c000::/40", "region": "ap-southeast-2", @@ -19510,6 +23554,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ffd:833b::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fff:3000::/40", "region": "us-west-2", @@ -19546,6 +23596,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ffd:8066::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -19570,18 +23626,18 @@ "service": "EC2", "network_border_group": "eu-south-1" }, - { - "ipv6_prefix": "2600:1ffd:857f::/48", - "region": "us-west-1", - "service": "EC2", - "network_border_group": "us-west-1" - }, { "ipv6_prefix": "2a05:d03a:e000::/40", "region": "me-south-1", "service": "EC2", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1ffd:85b2::/48", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2a05:d03a:2000::/40", "region": "eu-west-3", @@ -19606,12 +23662,24 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:1ffd:8190::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1f00:e000::/40", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1ffd:81a7::/48", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -19642,12 +23710,24 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2406:da00:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1ffd:831b::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d07f:4000::/40", "region": "eu-central-1", @@ -19672,6 +23752,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2600:1ffd:80cb::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d000:6000::/40", "region": "eu-north-1", @@ -19684,6 +23770,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1ffd:8143::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2a05:d03a:c000::/40", "region": "eu-west-2", @@ -19773,6 +23865,132 @@ "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2400:7fc0:4000::/56", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2404:c2c0:4000::/56", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2406:da70:e000::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da70:4000::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:2000::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:a000::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:8000::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:c000::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2600:1f70:1000::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d03a:4000::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d03a:6000::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d03a:a000::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2a05:d03a:8000::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d03a:c000::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d03a:2000::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d03a:e000::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2600:1f70:e000::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:8000::/56", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:1f70:6000::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:c000::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:4000::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" } ] } \ No newline at end of file From 53dabf5a1ec24cd39d88af49301a5a072c5551e4 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 17:36:56 +0200 Subject: [PATCH 298/979] Format finding --- ...netesengine-cluster-pod-security-policy-config-disabled.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json index 33b7d2670..5790a7645 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json @@ -1,6 +1,7 @@ { "description": "Pod Security Policy Disabled", "rationale": "A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.", + "remediation": "Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -19,7 +20,6 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy", "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" ], - "remediation": "Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.", "dashboard_name": "Clusters", "path": "kubernetesengine.projects.id.zones.id.clusters.id", "conditions": [ From 818be5ed66ed54701551eadf595d357bf51e0d55 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 17:41:20 +0200 Subject: [PATCH 299/979] Format code --- tools/sort-ruleset.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/sort-ruleset.py b/tools/sort-ruleset.py index 504b6d5ff..9a97a9d36 100755 --- a/tools/sort-ruleset.py +++ b/tools/sort-ruleset.py @@ -5,7 +5,8 @@ import sys if len(sys.argv) < 2: - print('Error, you must provide the path to the ruleset as an argument.\nUsage:\n$ sort-ruleset.py \n') + print('Error, you must provide the path to the ruleset as an argument.\n' + 'Usage:\n$ sort-ruleset.py \n') sys.exit(42) ruleset_name = sys.argv[1] @@ -16,8 +17,7 @@ with open(ruleset_name, 'rt') as f: ruleset = json.load(f) -ruleset = json.dumps(ruleset, indent = 4, sort_keys = True) - +ruleset = json.dumps(ruleset, indent=4, sort_keys=True) with open(ruleset_name, 'wt') as f: for line in ruleset.split('\n'): From a42da4108e06ee0cec1a7e0656ef4701cd60df5e Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 17:48:48 +0200 Subject: [PATCH 300/979] Format rulesets and filters --- .../aliyun/rules/rulesets/default.json | 240 +++++++++--------- .../aliyun/rules/rulesets/filters.json | 3 +- .../providers/aws/rules/rulesets/filters.json | 46 ++-- .../azure/rules/rulesets/filters.json | 3 +- .../gcp/rules/rulesets/cis-1.0.0.json | 62 ++--- .../providers/gcp/rules/rulesets/default.json | 74 +++--- .../providers/gcp/rules/rulesets/filters.json | 3 +- .../providers/oci/rules/rulesets/default.json | 134 +++++----- .../providers/oci/rules/rulesets/filters.json | 3 +- tools/format_findings.py | 7 +- tools/sort-ruleset.py | 64 ++++- 11 files changed, 338 insertions(+), 301 deletions(-) diff --git a/ScoutSuite/providers/aliyun/rules/rulesets/default.json b/ScoutSuite/providers/aliyun/rules/rulesets/default.json index 523d5e027..21c72c1dd 100755 --- a/ScoutSuite/providers/aliyun/rules/rulesets/default.json +++ b/ScoutSuite/providers/aliyun/rules/rulesets/default.json @@ -1,122 +1,122 @@ { - "about": "Default ruleset for Alibaba Cloud.", - "rules": { - "ram-user-with-multiple-api-keys.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "ram-user-lacking-mfa.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "ram-user-with-old-api-key.json": [ - { - "enabled": false, - "level": "warning" - } - ], - "ram-user-unused-console-password.json": [ - { - "enabled": false, - "level": "warning" - } - ], - "ram-password-policy-expiration-threshold.json": [ - { - "args": [ - "90" - ], - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-minimum-length.json": [ - { - "args": [ - "8" - ], - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-no-expiration.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-no-lowercase-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-no-number-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-no-symbol-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-no-uppercase-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-password-policy-reuse-enabled.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "ram-user-unused-api-key.json": [ - { - "enabled": false, - "level": "warning" - } - ], - "kms-no-key-rotation.json": [ - { - "args": [ - "90" - ], - "enabled": true, - "level": "warning" - } - ], - "actiontrail-not-configured.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "actiontrail-not-enabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "ecs-instance-with-public-ip.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "ecs-instance-with-deletion-protection-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ] - } + "about": "Default ruleset for Alibaba Cloud.", + "rules": { + "actiontrail-not-configured.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "actiontrail-not-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "ecs-instance-with-deletion-protection-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "ecs-instance-with-public-ip.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kms-no-key-rotation.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "warning" + } + ], + "ram-password-policy-expiration-threshold.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-minimum-length.json": [ + { + "args": [ + "8" + ], + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-no-expiration.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-no-lowercase-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-no-number-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-no-symbol-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-no-uppercase-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-password-policy-reuse-enabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "ram-user-lacking-mfa.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "ram-user-unused-api-key.json": [ + { + "enabled": false, + "level": "warning" + } + ], + "ram-user-unused-console-password.json": [ + { + "enabled": false, + "level": "warning" + } + ], + "ram-user-with-multiple-api-keys.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "ram-user-with-old-api-key.json": [ + { + "enabled": false, + "level": "warning" + } + ] + } } diff --git a/ScoutSuite/providers/aliyun/rules/rulesets/filters.json b/ScoutSuite/providers/aliyun/rules/rulesets/filters.json index 0505a0c97..d6a73a987 100755 --- a/ScoutSuite/providers/aliyun/rules/rulesets/filters.json +++ b/ScoutSuite/providers/aliyun/rules/rulesets/filters.json @@ -1,5 +1,4 @@ { "about": "Default set of filters for Scout", - "rules": { - } + "rules": {} } diff --git a/ScoutSuite/providers/aws/rules/rulesets/filters.json b/ScoutSuite/providers/aws/rules/rulesets/filters.json index 017332787..6be052ea7 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/filters.json +++ b/ScoutSuite/providers/aws/rules/rulesets/filters.json @@ -1,52 +1,52 @@ { + "about": "Default set of filters for Scout", "rules": { - "iam-role-for-service.json": [ + "ec2-instance-with-open-nacls.json": [ { - "args": [ - "EC2", - "ec2.amazonaws.com" - ], "enabled": true - }, + } + ], + "ec2-security-group-with-public-cidr-grant.json": [ { - "args": [ - "Lambda", - "lambda.amazonaws.com" - ], "enabled": true } - ], + ], "iam-role-for-aws-account.json": [ { "args": [ - "same", + "same", "isSameAccount" - ], + ], "enabled": true - }, + }, { "args": [ - "cross", + "cross", "isCrossAccount" - ], + ], "enabled": true } ], - "s3-bucket-website-enabled.json": [ + "iam-role-for-service.json": [ { + "args": [ + "EC2", + "ec2.amazonaws.com" + ], "enabled": true - } - ], - "ec2-instance-with-open-nacls.json": [ + }, { + "args": [ + "Lambda", + "lambda.amazonaws.com" + ], "enabled": true } ], - "ec2-security-group-with-public-cidr-grant.json": [ + "s3-bucket-website-enabled.json": [ { "enabled": true } ] - }, - "about": "Default set of filters for Scout" + } } diff --git a/ScoutSuite/providers/azure/rules/rulesets/filters.json b/ScoutSuite/providers/azure/rules/rulesets/filters.json index 0505a0c97..d6a73a987 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/filters.json +++ b/ScoutSuite/providers/azure/rules/rulesets/filters.json @@ -1,5 +1,4 @@ { "about": "Default set of filters for Scout", - "rules": { - } + "rules": {} } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json index 24a0e53db..7a24d82c0 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json @@ -1,24 +1,6 @@ { "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.0.0.", "rules": { - "iam-gmail-accounts-used.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-sa-has-admin-privileges.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-user-has-sa-user-role.json": [ - { - "enabled": true, - "level": "warning" - } - ], "cloudsql-allows-root-login-from-any-host.json": [ { "enabled": true, @@ -55,13 +37,37 @@ "level": "warning" } ], + "iam-gmail-accounts-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-lack-of-service-account-key-rotation.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-basic-authentication-enabled.json": [ + "iam-sa-has-admin-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-service-account-with-user-managed-keys.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-user-has-sa-user-role.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-basic-authentication-enabled.json": [ { "enabled": true, "level": "warning" @@ -109,6 +115,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-cluster-private-google-access-disabled.json": [ { "enabled": true, @@ -145,12 +157,6 @@ "level": "warning" } ], - "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], "kubernetesengine-node-auto-upgrade-disabled.json": [ { "enabled": true, @@ -174,12 +180,6 @@ "enabled": true, "level": "warning" } - ], - "iam-service-account-with-user-managed-keys.json": [ - { - "enabled": true, - "level": "warning" - } ] } } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index a36aba77d..d6b4532fa 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -1,36 +1,6 @@ { "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", "rules": { - "iam-gmail-accounts-used.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-primitive-role-in-use.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-role-assigned-to-user.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-sa-has-admin-privileges.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-user-has-sa-user-role.json": [ - { - "enabled": true, - "level": "warning" - } - ], "cloudsql-allows-root-login-from-any-host.json": [ { "enabled": true, @@ -164,12 +134,36 @@ "level": "warning" } ], + "iam-gmail-accounts-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-lack-of-service-account-key-rotation.json": [ { "enabled": true, "level": "warning" } ], + "iam-primitive-role-in-use.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-role-assigned-to-user.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-sa-has-admin-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-service-account-user-member.json": [ { "args": [ @@ -194,7 +188,13 @@ "level": "warning" } ], - "kubernetesengine-basic-authentication-enabled.json": [ + "iam-user-has-sa-user-role.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-basic-authentication-enabled.json": [ { "enabled": true, "level": "warning" @@ -242,37 +242,37 @@ "level": "warning" } ], - "kubernetesengine-cluster-private-google-access-disabled.json": [ + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-dashboard-enabled.json": [ + "kubernetesengine-cluster-private-google-access-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-default-service-account-used.json": [ + "kubernetesengine-dashboard-enabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-legacy-abac-enabled.json": [ + "kubernetesengine-default-service-account-used.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ + "kubernetesengine-legacy-abac-enabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ { "enabled": true, "level": "warning" diff --git a/ScoutSuite/providers/gcp/rules/rulesets/filters.json b/ScoutSuite/providers/gcp/rules/rulesets/filters.json index 0505a0c97..d6a73a987 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/filters.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/filters.json @@ -1,5 +1,4 @@ { "about": "Default set of filters for Scout", - "rules": { - } + "rules": {} } diff --git a/ScoutSuite/providers/oci/rules/rulesets/default.json b/ScoutSuite/providers/oci/rules/rulesets/default.json index 95fae51ea..8826515a1 100755 --- a/ScoutSuite/providers/oci/rules/rulesets/default.json +++ b/ScoutSuite/providers/oci/rules/rulesets/default.json @@ -1,71 +1,71 @@ { - "about": "Default ruleset for Oracle Cloud Infrastructure.", - "rules": { - "identity-policy-affects-user.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "identity-user-with-multiple-api-keys.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "identity-password-policy-minimum-length.json": [ - { - "args": [ - "8" + "about": "Default ruleset for Oracle Cloud Infrastructure.", + "rules": { + "identity-password-policy-minimum-length.json": [ + { + "args": [ + "8" + ], + "enabled": true, + "level": "danger" + } ], - "enabled": true, - "level": "danger" - } - ], - "identity-password-policy-no-lowercase-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "identity-password-policy-no-number-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "identity-password-policy-no-symbol-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "identity-password-policy-no-uppercase-required.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "objectstorage-public-bucket.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "objectstorage-bucket-lacking-kms-encryption.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "kms-no-key-rotation.json": [ - { - "args": [ - "90" + "identity-password-policy-no-lowercase-required.json": [ + { + "enabled": true, + "level": "danger" + } ], - "enabled": true, - "level": "warning" - } - ] - } + "identity-password-policy-no-number-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "identity-password-policy-no-symbol-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "identity-password-policy-no-uppercase-required.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "identity-policy-affects-user.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "identity-user-with-multiple-api-keys.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kms-no-key-rotation.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "warning" + } + ], + "objectstorage-bucket-lacking-kms-encryption.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "objectstorage-public-bucket.json": [ + { + "enabled": true, + "level": "danger" + } + ] + } } diff --git a/ScoutSuite/providers/oci/rules/rulesets/filters.json b/ScoutSuite/providers/oci/rules/rulesets/filters.json index 0505a0c97..d6a73a987 100755 --- a/ScoutSuite/providers/oci/rules/rulesets/filters.json +++ b/ScoutSuite/providers/oci/rules/rulesets/filters.json @@ -1,5 +1,4 @@ { "about": "Default set of filters for Scout", - "rules": { - } + "rules": {} } diff --git a/tools/format_findings.py b/tools/format_findings.py index 0b4154095..a1ce906d0 100644 --- a/tools/format_findings.py +++ b/tools/format_findings.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 +import sys import os import json import argparse @@ -73,7 +74,11 @@ def format_folder(folder_path): args = parser.parse_args() if args.folder: - format_folder(args.folder) + if not os.path.isdir(args.folder): + print('Error, the path provided is not valid.') + sys.exit(1) + else: + format_folder(args.folder) else: provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci'] diff --git a/tools/sort-ruleset.py b/tools/sort-ruleset.py index 9a97a9d36..e93050bee 100755 --- a/tools/sort-ruleset.py +++ b/tools/sort-ruleset.py @@ -1,24 +1,60 @@ #!/usr/bin/env python3 +import os +import json +import argparse +from collections import OrderedDict import json import os import sys -if len(sys.argv) < 2: - print('Error, you must provide the path to the ruleset as an argument.\n' - 'Usage:\n$ sort-ruleset.py \n') - sys.exit(42) -ruleset_name = sys.argv[1] -if not os.path.isfile(ruleset_name): - print('Error, the path provided is not valid.') - sys.exit(42) -with open(ruleset_name, 'rt') as f: - ruleset = json.load(f) +def get_folder_files(folder_path): + files = [] + for (dirpath, dirnames, filenames) in os.walk(folder_path): + files.extend(filenames) + break + return files + +def format_folder(folder_path): + print(f'Formatting rulesets in {folder_path}') + + files = get_folder_files(folder_path) + + for fn in files: + + loc = f'{folder_path}/{fn}' + + with open(loc, 'rt') as f: + ruleset = json.load(f) + + ruleset = json.dumps(ruleset, indent=4, sort_keys=True) + + with open(loc, 'wt') as f: + for line in ruleset.split('\n'): + f.write('%s\n' % line.rstrip()) + + +if __name__ == "__main__": + + parser = argparse.ArgumentParser(description='Tool to help properly format rulesets.') + parser.add_argument('-f', '--folder', + required=False, + help="The path of the folder containing the rulesets. If not provided will format all folders") + args = parser.parse_args() -ruleset = json.dumps(ruleset, indent=4, sort_keys=True) + if args.folder: + if not os.path.isdir(args.folder): + print('Error, the path provided is not valid.') + sys.exit(1) + else: + format_folder(args.folder) + else: + provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci'] -with open(ruleset_name, 'wt') as f: - for line in ruleset.split('\n'): - f.write('%s\n' % line.rstrip()) + for provider_code in provider_codes: + current_file_dirname = os.path.dirname(__file__) + rulesets_path = os.path.abspath( + os.path.join(current_file_dirname, f"../ScoutSuite/providers/{provider_code}/rules/rulesets/")) + format_folder(rulesets_path) From 47aba779bcd186cfbb8ba2edeaeed374c9b7faf7 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 17:49:37 +0200 Subject: [PATCH 301/979] Reformat code --- tools/format_findings.py | 7 ++++--- tools/sort-ruleset.py | 5 +---- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tools/format_findings.py b/tools/format_findings.py index a1ce906d0..d0ee2ab29 100644 --- a/tools/format_findings.py +++ b/tools/format_findings.py @@ -1,10 +1,11 @@ #!/usr/bin/env python3 -import sys -import os -import json import argparse +import json +import os +import sys from collections import OrderedDict + from utils import get_capitalized_title diff --git a/tools/sort-ruleset.py b/tools/sort-ruleset.py index e93050bee..c130ad839 100755 --- a/tools/sort-ruleset.py +++ b/tools/sort-ruleset.py @@ -1,15 +1,11 @@ #!/usr/bin/env python3 -import os -import json import argparse -from collections import OrderedDict import json import os import sys - def get_folder_files(folder_path): files = [] for (dirpath, dirnames, filenames) in os.walk(folder_path): @@ -17,6 +13,7 @@ def get_folder_files(folder_path): break return files + def format_folder(folder_path): print(f'Formatting rulesets in {folder_path}') From 9057043364c1280ab1b277d52cbfdfdc83cf7b97 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 18:18:36 +0200 Subject: [PATCH 302/979] Minor changes --- tests/test_aws_provider.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index 395c9df63..4bcabc7c9 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -19,7 +19,7 @@ class TestAWSProviderClass(unittest.TestCase): @mock.patch("ScoutSuite.providers.aws.authentication_strategy.boto3") @mock.patch("ScoutSuite.providers.aws.authentication_strategy.get_caller_identity") def test_authenticate(self, mock_get_caller_identity, mock_session): - auth_strat = get_authentication_strategy("aws") + aws_authentication_strategy = get_authentication_strategy("aws") boto3_session = Object() boto3_session._session = Object() @@ -68,7 +68,7 @@ def test_authenticate(self, mock_get_caller_identity, mock_session): ] for test_case in test_cases: - result = auth_strat.authenticate( + result = aws_authentication_strategy.authenticate( test_case["profile"], test_case["aws_access_key_id"], test_case["aws_secret_access_key"], @@ -82,7 +82,7 @@ def test_authenticate(self, mock_get_caller_identity, mock_session): # exception test mock_session.Session.side_effect = Exception("an exception") with pytest.raises(AuthenticationException): - result = auth_strat.authenticate(None, None, None, None) + result = aws_authentication_strategy.authenticate(None, None, None, None) # mock two separate places from which get_aws_account_id is called @mock.patch("ScoutSuite.providers.aws.facade.base.get_aws_account_id") From c794c79f11d457b2e31c92251d844efbe5ef8be1 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 18:20:50 +0200 Subject: [PATCH 303/979] Reformat code --- tests/test_aws_provider.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index 4bcabc7c9..3936fa742 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -1,13 +1,14 @@ +import unittest +from unittest import mock + +import pytest + +from ScoutSuite.providers import get_provider from ScoutSuite.providers.aws.authentication_strategy import AWSCredentials from ScoutSuite.providers.base.authentication_strategy import AuthenticationException from ScoutSuite.providers.base.authentication_strategy_factory import ( get_authentication_strategy, ) -from ScoutSuite.providers import get_provider -from ScoutSuite.providers.aws.provider import AWSProvider -import pytest -import unittest -from unittest import mock class Object(object): @@ -19,6 +20,7 @@ class TestAWSProviderClass(unittest.TestCase): @mock.patch("ScoutSuite.providers.aws.authentication_strategy.boto3") @mock.patch("ScoutSuite.providers.aws.authentication_strategy.get_caller_identity") def test_authenticate(self, mock_get_caller_identity, mock_session): + aws_authentication_strategy = get_authentication_strategy("aws") boto3_session = Object() From 315e6e26582e7e355de3596e3295744b63dfbac4 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 18:24:35 +0200 Subject: [PATCH 304/979] Set correct dependency name --- tests/test_aws_provider.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index 3936fa742..7c3664195 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -19,13 +19,13 @@ class Object(object): class TestAWSProviderClass(unittest.TestCase): @mock.patch("ScoutSuite.providers.aws.authentication_strategy.boto3") @mock.patch("ScoutSuite.providers.aws.authentication_strategy.get_caller_identity") - def test_authenticate(self, mock_get_caller_identity, mock_session): + def test_authenticate(self, mock_get_caller_identity, mock_boto3): aws_authentication_strategy = get_authentication_strategy("aws") boto3_session = Object() boto3_session._session = Object() - mock_session.Session.return_value = boto3_session + mock_boto3.Session.return_value = boto3_session test_cases = [ # no params @@ -76,13 +76,13 @@ def test_authenticate(self, mock_get_caller_identity, mock_session): test_case["aws_secret_access_key"], test_case["aws_session_token"], ) - mock_session.Session.assert_called_with(**test_case["call_dict"]) + mock_boto3.Session.assert_called_with(**test_case["call_dict"]) mock_get_caller_identity.assert_called_with(boto3_session) assert isinstance(result, AWSCredentials) assert result.session == boto3_session # exception test - mock_session.Session.side_effect = Exception("an exception") + mock_boto3.Session.side_effect = Exception("an exception") with pytest.raises(AuthenticationException): result = aws_authentication_strategy.authenticate(None, None, None, None) From 4f12073fcd58dfa7a91efa6caf9686fcb300b8e5 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 18:59:51 +0200 Subject: [PATCH 305/979] Minor changes --- tests/test_aws_provider.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index 7c3664195..4cd95613c 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -6,9 +6,7 @@ from ScoutSuite.providers import get_provider from ScoutSuite.providers.aws.authentication_strategy import AWSCredentials from ScoutSuite.providers.base.authentication_strategy import AuthenticationException -from ScoutSuite.providers.base.authentication_strategy_factory import ( - get_authentication_strategy, -) +from ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy class Object(object): From e2f1d311f1098a7392b59adff4c44276a986af35 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 28 Sep 2020 19:00:18 +0200 Subject: [PATCH 306/979] Basic testing module --- tests/test_azure_provider.py | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100755 tests/test_azure_provider.py diff --git a/tests/test_azure_provider.py b/tests/test_azure_provider.py new file mode 100755 index 000000000..709f12d3a --- /dev/null +++ b/tests/test_azure_provider.py @@ -0,0 +1,29 @@ +import unittest +from unittest import mock + +import pytest + +from ScoutSuite.providers.azure.authentication_strategy import AzureCredentials +from ScoutSuite.providers.base.authentication_strategy import AuthenticationException +from ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy + + +# Test methods for Azure Provider +class TestAzureProviderClass(unittest.TestCase): + @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UserPassCredentials") + def test_authenticate(self, mock_UserPassCredentials): + azure_authentication_strategy = get_authentication_strategy("azure") + + result = azure_authentication_strategy.authenticate( + user_account=True, + username='some-username', + password='some-password' + ) + + mock_UserPassCredentials.assert_called_with('some-username', 'some-password', + resource='https://graph.windows.net') + assert isinstance(result, AzureCredentials) + + # exception test + with pytest.raises(AuthenticationException): + result = azure_authentication_strategy.authenticate(None, None, None, None) From 81907271c2c319a4f7d8fe78f30b90ab0d891c82 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 11:16:26 +0200 Subject: [PATCH 307/979] Improve error handling --- ScoutSuite/providers/gcp/facade/gce.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index bcd225840..c725f96ae 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -30,15 +30,17 @@ async def get_firewalls(self, project_id): async def get_instances(self, project_id, zone): try: + instances = [] gce_client = self._get_client() request = gce_client.instances().list(project=project_id, zone=zone) instances_group = gce_client.instances() instances = await GCPFacadeUtils.get_all('items', request, instances_group) - await self._add_metadata(project_id, instances) - return instances except Exception as e: print_exception(f'Failed to retrieve compute instances: {e}') - return [] + else: + await self._add_metadata(project_id, instances) + finally: + return instances async def _add_metadata(self, project_id, instances): project = await self.get_project(project_id) From 31900ff22c7a8f86b5a703998f4c6c90cce5b881 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 11:34:45 +0200 Subject: [PATCH 308/979] Remove duplicate header setting --- ScoutSuite/providers/gcp/facade/utils.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/utils.py b/ScoutSuite/providers/gcp/facade/utils.py index 0544dc51c..eb4c0ef55 100755 --- a/ScoutSuite/providers/gcp/facade/utils.py +++ b/ScoutSuite/providers/gcp/facade/utils.py @@ -1,8 +1,4 @@ from ScoutSuite.providers.utils import run_concurrently -from ScoutSuite.utils import get_user_agent - -from googleapiclient import http - class GCPFacadeUtils: @@ -17,10 +13,6 @@ async def _get_all(resources, resource_key: str, request, resources_group): @staticmethod async def get_all(resource_key: str, request, resources_group): - # force set custom user agent - http.set_user_agent(request.http, get_user_agent()) - request.headers['user-agent'] = get_user_agent() - resources = [] await GCPFacadeUtils._get_all(resources, resource_key, request, resources_group) return resources From c207efa6b5fa44e61cc0babdc79ac9340d2add48 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 11:38:36 +0200 Subject: [PATCH 309/979] Remove debug message --- ScoutSuite/providers/base/services.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index 3ab7c15cf..d6c61bbc0 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -18,14 +18,15 @@ async def fetch(self, services: list, regions: list, excluded_regions: list): if not services: print_debug('No services to scan') else: + # Remove "credentials" as it isn't a service + if 'credentials' in services: + services.remove('credentials') + # Print services that are going to get skipped: for service in vars(self): if service not in services: print_debug('Skipping the {} service'.format(format_service_name(service))) - # Remove "credentials" as it isn't a service - if 'credentials' in services: services.remove('credentials') - # Then, fetch concurrently all services: if services: tasks = { From fc56d42d86f9c892c24621f6225fb6a93ed65a03 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 11:40:38 +0200 Subject: [PATCH 310/979] Remove debug message --- ScoutSuite/providers/base/services.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index d6c61bbc0..99da05fef 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -24,7 +24,7 @@ async def fetch(self, services: list, regions: list, excluded_regions: list): # Print services that are going to get skipped: for service in vars(self): - if service not in services: + if service not in services and service != 'credentials': print_debug('Skipping the {} service'.format(format_service_name(service))) # Then, fetch concurrently all services: From a8d3c48e50b26fc692415f2465062f2981b1bd33 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 11:42:38 +0200 Subject: [PATCH 311/979] Add missing service --- ScoutSuite/providers/gcp/facade/base.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index d2b26fdf8..e3a9ec48c 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -150,8 +150,10 @@ async def is_api_enabled(self, project_id, service): endpoint = 'container' elif service == 'StackdriverLogging': endpoint = 'logging' + elif service == 'StackdriverMonitoring': + endpoint = 'monitoring' else: - print_debug('Could not validate the state of the {} API for project \"{}\", including'.format( + print_debug('Could not validate the state of the {} API for project \"{}\", including it in the execution'.format( format_service_name(service.lower()), project_id)) return True @@ -164,6 +166,6 @@ async def is_api_enabled(self, project_id, service): project_id)) return False - print_error('Could not validate the state of the {} API for project \"{}\", including'.format( + print_error('Could not validate the state of the {} API for project \"{}\", including it in the execution'.format( format_service_name(service.lower()), project_id)) return True From 577c23305e72951760deb773498ceaaa17b682f4 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Sep 2020 12:01:21 +0200 Subject: [PATCH 312/979] Handle project not configured as a workspace --- ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py index 20d85bca6..c9c1e08ad 100644 --- a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py +++ b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py @@ -7,6 +7,7 @@ class StackdriverMonitoringFacade: + # TODO find a way to skip the project if it's not configured as a stackdriver workspace def get_uptime_client(self): client_info = ClientInfo(user_agent=get_user_agent()) @@ -24,7 +25,8 @@ async def get_uptime_checks(self, project_id: str): name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_uptime_check_configs(name)]) except Exception as e: - print_exception(f'Failed to retrieve uptime checks: {e}') + if 'is not a workspace' not in e.message and '404' not in str(e): + print_exception(f'Failed to retrieve uptime checks: {e}') return [] async def get_alert_policies(self, project_id: str): @@ -33,5 +35,6 @@ async def get_alert_policies(self, project_id: str): name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_alert_policies(name)]) except Exception as e: - print_exception(f'Failed to retrieve alert policies: {e}') + if 'is not a workspace' not in e.message and '404' not in str(e): + print_exception(f'Failed to retrieve alert policies: {e}') return [] From ab30812487305b06cea3316db6fd09f156f4d983 Mon Sep 17 00:00:00 2001 From: Juan Jose Date: Fri, 2 Oct 2020 11:29:55 +0200 Subject: [PATCH 313/979] Bug Fixed --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index f5f02a583..5ea46bd66 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -870,9 +870,8 @@ function loadMetadata() { function exportSummary() { var anchor = window.location.hash.substr(1) // Strip the # sign - var path = decodeURIComponent(anchor.replace('#', '')) // Get resource path based on browsed-to path - var item_indexes = getValueAt(path); + var item_indexes = getValueAt(""); // create array with item values var items = []; @@ -924,8 +923,7 @@ function showResourcesDetails() { $('#resources_details_download_csv_button').click(function(){ var anchor = window.location.hash.substr(1) - var path = decodeURIComponent(anchor.replace('#', "")) - var item_indexes = getValueAt(path) + var item_indexes = getValueAt("") var items = [] var index = 0 items[index] = ["Service", "Resource", "#"] From 598f9cd6d9c10ab3ed0de5b50f28ee2b85d4c170 Mon Sep 17 00:00:00 2001 From: Sushant Mimani Date: Fri, 2 Oct 2020 13:20:12 -0700 Subject: [PATCH 314/979] Fix typos in AWS findings --- .../providers/aws/rules/findings/s3-bucket-world-acl.json | 2 +- .../aws/rules/findings/s3-bucket-world-policy-arg.json | 2 +- .../aws/rules/findings/s3-bucket-world-policy-star.json | 2 +- .../providers/aws/rules/findings/ses-identity-world-policy.json | 2 +- .../providers/aws/rules/findings/sns-topic-world-policy.json | 2 +- .../providers/aws/rules/findings/sqs-queue-world-policy.json | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json index 83759accb..c186aa1de 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-acl.json @@ -1,6 +1,6 @@ { "description": "_ARG_2_", - "rationale": "An S3 bucket has bee found that was accessible for _ARG_0_. If sensitive information is stored in this bucket, it could be at risk of being accessed by potential attackers.", + "rationale": "An S3 bucket has been found that was accessible for _ARG_0_. If sensitive information is stored in this bucket, it could be at risk of being accessed by potential attackers.", "dashboard_name": "Bucket ACLs", "display_path": "s3.buckets.id", "path": "s3.buckets.id.grantees.id", diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json index 6264cc36a..f8431676f 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json @@ -1,6 +1,6 @@ { "description": "_ARG_0_ Actions Authorized to All Principals", - "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", "dashboard_name": "Bucket Policy Statements", "display_path": "s3.buckets.id", "path": "s3.buckets.id.policy.Statement.id", diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json index 34babf80e..89761b6d3 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-star.json @@ -1,6 +1,6 @@ { "description": "All Actions Authorized to All Principals", - "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", "remediation": "Remove any Statement having an Effect set to Allow and a Principal set to \"*\" or {\"AWS\":\"*\"} in the affected bucket policy", "compliance": [ { diff --git a/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json b/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json index f974975d7..0a93bddc5 100755 --- a/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json +++ b/ScoutSuite/providers/aws/rules/findings/ses-identity-world-policy.json @@ -1,6 +1,6 @@ { "description": "_ARG_0_ Authorized to All Principals", - "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", "dashboard_name": "Statements", "display_path": "ses.regions.id.identities.id", "path": "ses.regions.id.identities.id.policies.id.Statement.id", diff --git a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json index 0b6cf3561..fe2e01732 100755 --- a/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json +++ b/ScoutSuite/providers/aws/rules/findings/sns-topic-world-policy.json @@ -1,6 +1,6 @@ { "description": "_ARG_0_ Authorized to All Principals", - "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", "dashboard_name": "Statements", "display_path": "sns.regions.id.topics.id", "path": "sns.regions.id.topics.id.Policy.Statement.id", diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json index 1efc61e83..5d90f8950 100755 --- a/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json +++ b/ScoutSuite/providers/aws/rules/findings/sqs-queue-world-policy.json @@ -1,6 +1,6 @@ { "description": "_ARG_0_ Authorized to All Principals", - "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents and opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", + "rationale": "Allowing IAM actions to all principals is contrary to the principle of least privilege and presents an opportunity for abuse. This policy should be reviewed to ensure it is secure and in line with the resource's intended use.", "dashboard_name": "Statements", "display_path": "sqs.regions.id.queues.id", "path": "sqs.regions.id.queues.id.Policy.Statement.id", From a10616fc56d94c3a009d603a5b087135b3ec8c1b Mon Sep 17 00:00:00 2001 From: amemni Date: Tue, 6 Oct 2020 14:38:28 +0200 Subject: [PATCH 315/979] Fix AttributeErrors in Azure VM resources --- .../azure/resources/virtualmachines/disks.py | 8 +++++--- .../resources/virtualmachines/snapshots.py | 19 +++++++------------ 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index 6ca6f6f2e..6cf3dd1ee 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -17,7 +17,8 @@ async def fetch_all(self): def _parse_disk(self, raw_disk): disk_dict = {} disk_dict['id'] = get_non_provider_id(raw_disk.id) - disk_dict['unique_id'] = raw_disk.unique_id + disk_dict['unique_id'] = raw_disk.unique_id if \ + hasattr(raw_disk, 'unique_id') else None disk_dict['name'] = raw_disk.name disk_dict['type'] = raw_disk.type disk_dict['location'] = raw_disk.location @@ -30,14 +31,15 @@ def _parse_disk(self, raw_disk): disk_dict['hyper_vgeneration'] = raw_disk.hyper_vgeneration disk_dict['creation_data'] = raw_disk.creation_data disk_dict['disk_size_gb'] = raw_disk.disk_size_gb - disk_dict['disk_size_bytes'] = raw_disk.disk_size_bytes + disk_dict['disk_size_bytes'] = raw_disk.disk_size_bytes if \ + hasattr(raw_disk, 'disk_size_bytes') else None disk_dict['provisioning_state'] = raw_disk.provisioning_state disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write disk_dict['disk_mbps_read_write'] = raw_disk.disk_mbps_read_write disk_dict['disk_state'] = raw_disk.disk_state disk_dict['additional_properties'] = raw_disk.additional_properties - if raw_disk.encryption and raw_disk.encryption.type: + if hasattr(raw_disk, 'encryption') and hasattr(raw_disk.encryption, 'type'): disk_dict['encryption_type'] = raw_disk.encryption.type else: disk_dict['encryption_type'] = None diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py index 208f9ae12..e17406bca 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py @@ -29,21 +29,16 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['hyper_vgeneration'] = raw_snapshot.hyper_vgeneration snapshot_dict['creation_data'] = raw_snapshot.creation_data snapshot_dict['disk_size_gb'] = raw_snapshot.disk_size_gb - snapshot_dict['disk_size_bytes'] = raw_snapshot.disk_size_bytes - snapshot_dict['unique_id'] = raw_snapshot.unique_id + snapshot_dict['disk_size_bytes'] = raw_snapshot.disk_size_bytes if \ + hasattr(raw_snapshot, 'disk_size_bytes') else None + snapshot_dict['unique_id'] = raw_snapshot.unique_id if \ + hasattr(raw_snapshot, 'unique_id') else None snapshot_dict['provisioning_state'] = raw_snapshot.provisioning_state - snapshot_dict['incremental'] = raw_snapshot.incremental + snapshot_dict['incremental'] = raw_snapshot.incremental if \ + hasattr(raw_snapshot, 'incremental') else None snapshot_dict['additional_properties'] = raw_snapshot.additional_properties - # TODO this can be removed - # snapshot_dict['encryption'] = raw_snapshot.encryption - # snapshot_dict['encryption_settings_collection'] = raw_snapshot.encryption_settings_collection - # if raw_snapshot.encryption_settings_collection and raw_snapshot.encryption_settings_collection.enabled: - # snapshot_dict['encryption_enabled'] = True - # else: - # snapshot_dict['encryption_enabled'] = False - - if raw_snapshot.encryption and raw_snapshot.encryption.type: + if hasattr(raw_snapshot, 'encryption') and hasattr(raw_snapshot.encryption, 'type'): snapshot_dict['encryption_type'] = raw_snapshot.encryption.type else: snapshot_dict['encryption_type'] = None From 4d62d9c67b17f9a549c7f92f3f04b8aadc785217 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 10:31:21 +0200 Subject: [PATCH 316/979] Fix rule --- .../rules/findings/cloudtrail-no-data-logging.json | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json index 8b3bd832a..f00a12046 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json @@ -1,26 +1,21 @@ { - "description": "Data Logging Not Configured", + "description": "Data Events Logging Not Configured", "rationale": "CloudTrail Data Logging is not configured, which means that S3 access and Lambda invocations are not logged.

    Note: S3 bucket logging can be used in place of Cloudtrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.", "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" ], - "dashboard_name": "Configuration", + "dashboard_name": "Trails", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", - [ - "cloudtrail.data_logging_trails_count", - "equal", - "0" - ], [ "this", "withKey", - "wildcard_data_logging" + "DataEventsEnabled" ], [ - "wildcard_data_logging", + "DataEventsEnabled", "false", "" ] From e6eb3b52c47edca233322b5a1f573bd047a432bb Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 10:34:30 +0200 Subject: [PATCH 317/979] Add additional rule --- .../cloudtrail-partial-data-logging.json | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100755 ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json new file mode 100755 index 000000000..e1fee9bb6 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json @@ -0,0 +1,24 @@ +{ + "description": "Data Logging Configuration not Covering All Resources", + "rationale": "CloudTrail Data Logging is not configured to cover all S3 or Lambda resources, which means that all S3 access and Lambda invocations are not logged.

    Note: S3 bucket logging can be used in place of CloudTrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.", + "references": [ + "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" + ], + "dashboard_name": "Trail Regions", + "display_path": "cloudtrail.regions.id.trails.id", + "path": "cloudtrail.regions.id.trails.id", + "conditions": [ + "and", + [ + "this", + "withKey", + "wildcard_data_logging" + ], + [ + "wildcard_data_logging", + "false", + "" + ] + ], + "id_suffix": "cloudtrail-data-events-disabled" +} From 1aab59bc7f774cab4018fac70f6cc8fc5f98159e Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 10:34:36 +0200 Subject: [PATCH 318/979] Add rule --- ScoutSuite/providers/aws/rules/rulesets/detailed.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index 272b5cab5..32278ffe0 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -34,6 +34,12 @@ "level": "warning" } ], + "cloudtrail-partial-data-logging.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudtrail-no-data-logging.json": [ { "enabled": true, From b3f24d961740307e093f8df1970cdde665cf4560 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 10:35:44 +0200 Subject: [PATCH 319/979] Remove legacy content --- ScoutSuite/providers/aws/resources/cloudtrail/base.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/base.py b/ScoutSuite/providers/aws/resources/cloudtrail/base.py index bcd1fc881..34ec2d040 100755 --- a/ScoutSuite/providers/aws/resources/cloudtrail/base.py +++ b/ScoutSuite/providers/aws/resources/cloudtrail/base.py @@ -14,7 +14,6 @@ def __init__(self, facade: AWSFacade): async def finalize(self): global_events_logging = [] - data_logging_trails_count = 0 for region in self['regions']: for trail_id, trail in self['regions'][region]['trails'].items(): @@ -23,10 +22,6 @@ async def finalize(self): continue if trail['IncludeGlobalServiceEvents'] and trail['IsLogging']: global_events_logging.append((region, trail_id,)) - # Any wildcard logging? - if trail.get('wildcard_data_logging', False): - data_logging_trails_count += 1 - self['data_logging_trails_count'] = data_logging_trails_count self['IncludeGlobalServiceEvents'] = len(global_events_logging) > 0 self['DuplicatedGlobalServiceEvents'] = len(global_events_logging) > 1 From 779028aecadcfe4156317a94ca928a7603edfaf2 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 10:37:57 +0200 Subject: [PATCH 320/979] Normalize dashboard names --- .../findings/cloudtrail-duplicated-global-services-logging.json | 2 +- .../rules/findings/cloudtrail-no-cloudwatch-integration.json | 2 +- .../aws/rules/findings/cloudtrail-no-data-logging.json | 2 +- .../aws/rules/findings/cloudtrail-no-encryption-with-kms.json | 2 +- .../rules/findings/cloudtrail-no-global-services-logging.json | 2 +- .../aws/rules/findings/cloudtrail-no-log-file-validation.json | 2 +- .../providers/aws/rules/findings/cloudtrail-no-logging.json | 2 +- .../aws/rules/findings/cloudtrail-partial-data-logging.json | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json index d5b65c079..a03c8770a 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-duplicated-global-services-logging.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events" ], - "dashboard_name": "Configuration", + "dashboard_name": "Configurations", "path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json index 4c309de02..daed6594e 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json @@ -19,7 +19,7 @@ "reference": "2.4" } ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json index f00a12046..1402a1022 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json index c78cca5f7..15e0a39ff 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -22,7 +22,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html" ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json index fcf1ce68f..4f47a4855 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-global-services-logging.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events" ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json index fd2ec2401..3615c3d7b 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-log-file-validation.json @@ -22,7 +22,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html" ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json index bc2cb8fc1..d0e38137d 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-logging.json @@ -22,7 +22,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html" ], - "dashboard_name": "Trails", + "dashboard_name": "Configurations", "path": "cloudtrail.regions.id.trails.id", "conditions": [ "and", diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json index e1fee9bb6..d9ee31e02 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" ], - "dashboard_name": "Trail Regions", + "dashboard_name": "Configurations", "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ From 76487d88229c5040239cf1288dac3fdc836bc2cb Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 12:47:19 +0200 Subject: [PATCH 321/979] Fix rule --- .../cloudtrail-no-encryption-with-kms.json | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json index 15e0a39ff..4bb6734de 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -26,17 +26,25 @@ "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ - "and", + "or", [ "cloudtrail.regions.id.trails.id.", - "withKey", - "KMSKeyId" + "withoutKey", + "KmsKeyId" ], [ - "cloudtrail.regions.id.trails.id.KMSKeyId", - "null", - "" + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "KmsKeyId" + ], + [ + "cloudtrail.regions.id.trails.id.KmsKeyId", + "null", + "" + ] ] ], - "id_suffix": "NoKMSEncryption" + "id_suffix": "cloudtrail-kms-key-unused" } \ No newline at end of file From aae370ceb71769ac5481a5f22b8fbfd7ebc815e6 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 14:02:29 +0200 Subject: [PATCH 322/979] Minor fix --- ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py index c9c1e08ad..00cc67760 100644 --- a/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py +++ b/ScoutSuite/providers/gcp/facade/stackdrivermonitoring.py @@ -25,7 +25,7 @@ async def get_uptime_checks(self, project_id: str): name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_uptime_check_configs(name)]) except Exception as e: - if 'is not a workspace' not in e.message and '404' not in str(e): + if 'is not a workspace' not in getattr(e, 'message', '') and '404' not in str(e): print_exception(f'Failed to retrieve uptime checks: {e}') return [] @@ -35,6 +35,6 @@ async def get_alert_policies(self, project_id: str): name = client.project_path(project_id) return await run_concurrently(lambda: [r for r in client.list_alert_policies(name)]) except Exception as e: - if 'is not a workspace' not in e.message and '404' not in str(e): + if 'is not a workspace' not in getattr(e, 'message', '') and '404' not in str(e): print_exception(f'Failed to retrieve alert policies: {e}') return [] From 1024c16f79a10e285425dc0fcbfd49622d3279ac Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 14:20:08 +0200 Subject: [PATCH 323/979] Change hasattr for getattr --- .../providers/azure/resources/virtualmachines/disks.py | 7 +++---- .../azure/resources/virtualmachines/instances.py | 1 + .../azure/resources/virtualmachines/snapshots.py | 9 +++------ 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index 6cf3dd1ee..a913fd960 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -16,9 +16,9 @@ async def fetch_all(self): def _parse_disk(self, raw_disk): disk_dict = {} + disk_dict['id'] = get_non_provider_id(raw_disk.id) - disk_dict['unique_id'] = raw_disk.unique_id if \ - hasattr(raw_disk, 'unique_id') else None + disk_dict['unique_id'] = getattr(raw_disk, 'unique_id', None) disk_dict['name'] = raw_disk.name disk_dict['type'] = raw_disk.type disk_dict['location'] = raw_disk.location @@ -31,8 +31,7 @@ def _parse_disk(self, raw_disk): disk_dict['hyper_vgeneration'] = raw_disk.hyper_vgeneration disk_dict['creation_data'] = raw_disk.creation_data disk_dict['disk_size_gb'] = raw_disk.disk_size_gb - disk_dict['disk_size_bytes'] = raw_disk.disk_size_bytes if \ - hasattr(raw_disk, 'disk_size_bytes') else None + disk_dict['disk_size_bytes'] = getattr(raw_disk, 'disk_size_bytes', None) disk_dict['provisioning_state'] = raw_disk.provisioning_state disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write disk_dict['disk_mbps_read_write'] = raw_disk.disk_mbps_read_write diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index 87bab4cde..be7169423 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -18,6 +18,7 @@ async def fetch_all(self): async def _parse_instance(self, raw_instance): instance_dict = {} + instance_dict['id'] = get_non_provider_id(raw_instance.id.lower()) instance_dict['name'] = raw_instance.name instance_dict['vm_id'] = raw_instance.vm_id diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py index e17406bca..bfeef9501 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py @@ -18,6 +18,7 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict = {} snapshot_dict['id'] = get_non_provider_id(raw_snapshot.id) + snapshot_dict['unique_id'] = getattr(raw_snapshot, 'unique_id', None) snapshot_dict['name'] = raw_snapshot.name snapshot_dict['type'] = raw_snapshot.type snapshot_dict['location'] = raw_snapshot.location @@ -29,13 +30,9 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['hyper_vgeneration'] = raw_snapshot.hyper_vgeneration snapshot_dict['creation_data'] = raw_snapshot.creation_data snapshot_dict['disk_size_gb'] = raw_snapshot.disk_size_gb - snapshot_dict['disk_size_bytes'] = raw_snapshot.disk_size_bytes if \ - hasattr(raw_snapshot, 'disk_size_bytes') else None - snapshot_dict['unique_id'] = raw_snapshot.unique_id if \ - hasattr(raw_snapshot, 'unique_id') else None + snapshot_dict['disk_size_bytes'] = getattr(raw_snapshot, 'disk_size_bytes', None) snapshot_dict['provisioning_state'] = raw_snapshot.provisioning_state - snapshot_dict['incremental'] = raw_snapshot.incremental if \ - hasattr(raw_snapshot, 'incremental') else None + snapshot_dict['incremental'] = getattr(raw_snapshot, 'incremental', None) snapshot_dict['additional_properties'] = raw_snapshot.additional_properties if hasattr(raw_snapshot, 'encryption') and hasattr(raw_snapshot.encryption, 'type'): From 667865b09030a554fb0c3b5745ea5bc1089338d5 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 14:22:34 +0200 Subject: [PATCH 324/979] Change hasattr for getattr --- ScoutSuite/providers/azure/resources/virtualmachines/disks.py | 4 ++-- .../providers/azure/resources/virtualmachines/snapshots.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index a913fd960..28dfe1ab9 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -38,8 +38,8 @@ def _parse_disk(self, raw_disk): disk_dict['disk_state'] = raw_disk.disk_state disk_dict['additional_properties'] = raw_disk.additional_properties - if hasattr(raw_disk, 'encryption') and hasattr(raw_disk.encryption, 'type'): - disk_dict['encryption_type'] = raw_disk.encryption.type + if hasattr(raw_disk, 'encryption'): + disk_dict['encryption_type'] = getattr(raw_disk.encryption, 'type', None) else: disk_dict['encryption_type'] = None diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py index bfeef9501..5b694904d 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/snapshots.py @@ -35,8 +35,8 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['incremental'] = getattr(raw_snapshot, 'incremental', None) snapshot_dict['additional_properties'] = raw_snapshot.additional_properties - if hasattr(raw_snapshot, 'encryption') and hasattr(raw_snapshot.encryption, 'type'): - snapshot_dict['encryption_type'] = raw_snapshot.encryption.type + if hasattr(raw_snapshot, 'encryption'): + snapshot_dict['encryption_type'] = getattr(raw_snapshot.encryption, 'type', None) else: snapshot_dict['encryption_type'] = None From 6ae01aa925a31ba840a1873aee7ab053b7929c27 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 7 Oct 2020 16:16:13 +0200 Subject: [PATCH 325/979] Upgrade version --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 049f660e4..8a2bed9ba 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.10.0' +__version__ = '5.10.1' ERRORS_LIST = [] From 778f99c934f46212afb42c3dcca2bbf085c0f32a Mon Sep 17 00:00:00 2001 From: Yashvendra Date: Thu, 8 Oct 2020 00:31:12 +0530 Subject: [PATCH 326/979] Fixing Filter-Pattern Checks --- .../aws/resources/cloudwatch/base.py | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index b70b31533..624a7ce76 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -36,31 +36,32 @@ async def finalize(self): self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = False for metric_filter_id, metric_filter in self['regions'][region]['metric_filters'].items(): # Check events - if metric_filter['pattern'] == 'filterPattern": "{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") }': + if metric_filter['pattern'] == "{ ($.errorCode = \"*UnauthorizedOperation\") || ($.errorCode = \"AccessDenied*\") }": self['regions'][region]['metric_filters_pattern_checks']['unauthorized_api_calls'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = "ConsoleLogin") && ($.additionalEventData.MFAUsed != "Yes") }': + if metric_filter['pattern'] == "{ ($.eventName = \"ConsoleLogin\") && ($.additionalEventData.MFAUsed != \"Yes\") }": self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = True - if metric_filter['pattern'] == 'filterPattern": "{ $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" }': + if metric_filter['pattern'] == "{ $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" }": self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName=DeleteGroupPolicy) || ($..eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }': + if metric_filter['pattern'] == "{ ($.eventName=DeleteGroupPolicy) || ($..eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }": self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }': + if metric_filter['pattern'] == "{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }": self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = ConsoleLogin) && ($.errorMessage = "Failed authentication") }': + if metric_filter['pattern'] == "{ ($.eventName = ConsoleLogin) && ($.errorMessage = \"Failed authentication\") }": self['regions'][region]['metric_filters_pattern_checks']['console_authentication_failures'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = kms.amazonaws.com) && (($.eventName = DisableKey) || ($.eventName = ScheduleKeyDeletion)) }': + if metric_filter['pattern'] == "{ ($.eventSource = kms.amazonaws.com) && (($.eventName = DisableKey) || ($.eventName = ScheduleKeyDeletion)) }": self['regions'][region]['metric_filters_pattern_checks']['cmk_deletion'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketReplication)) }': + if metric_filter['pattern'] == "{ ($.eventSource = s3.amazonaws.com) && (($.eventName = PutBucketAcl) || ($.eventName = PutBucketPolicy) || ($.eventName = PutBucketCors) || ($.eventName = PutBucketLifecycle) || ($.eventName = PutBucketReplication) || ($.eventName = DeleteBucketPolicy) || ($.eventName = DeleteBucketReplication)) }": self['regions'][region]['metric_filters_pattern_checks']['s3_policy_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventSource = config.amazonaws.com) && (($.eventName = StopConfigurationRecorder) || ($.eventName = DeleteDeliveryChannel) || ($.eventName = PutDeliveryChannel) || ($.eventName = PutConfigurationRecorder)) }': + if metric_filter['pattern'] == "{ ($.eventSource = config.amazonaws.com) && (($.eventName = StopConfigurationRecorder) || ($.eventName = DeleteDeliveryChannel) || ($.eventName = PutDeliveryChannel) || ($.eventName = PutConfigurationRecorder)) }": self['regions'][region]['metric_filters_pattern_checks']['aws_configuration_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) }': + if metric_filter['pattern'] == "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) }": self['regions'][region]['metric_filters_pattern_checks']['security_group_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }': + if metric_filter['pattern'] == "{ ($.eventName = CreateNetworkAcl) || ($.eventName = CreateNetworkAclEntry) || ($.eventName = DeleteNetworkAcl) || ($.eventName = DeleteNetworkAclEntry) || ($.eventName = ReplaceNetworkAclEntry) || ($.eventName = ReplaceNetworkAclAssociation) }": self['regions'][region]['metric_filters_pattern_checks']['nacl_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }': + if metric_filter['pattern'] == "{ ($.eventName = CreateCustomerGateway) || ($.eventName = DeleteCustomerGateway) || ($.eventName = AttachInternetGateway) || ($.eventName = CreateInternetGateway) || ($.eventName = DeleteInternetGateway) || ($.eventName = DetachInternetGateway) }": self['regions'][region]['metric_filters_pattern_checks']['network_gateways_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }': + if metric_filter['pattern'] == "{ ($.eventName = CreateRoute) || ($.eventName = CreateRouteTable) || ($.eventName = ReplaceRoute) || ($.eventName = ReplaceRouteTableAssociation) || ($.eventName = DeleteRouteTable) || ($.eventName = DeleteRoute) || ($.eventName = DisassociateRouteTable) }": self['regions'][region]['metric_filters_pattern_checks']['route_table_changes'] = True - if metric_filter['pattern'] == 'filterPattern": "{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }': + if metric_filter['pattern'] == "{ ($.eventName = CreateVpc) || ($.eventName = DeleteVpc) || ($.eventName = ModifyVpcAttribute) || ($.eventName = AcceptVpcPeeringConnection) || ($.eventName = CreateVpcPeeringConnection) || ($.eventName = DeleteVpcPeeringConnection) || ($.eventName = RejectVpcPeeringConnection) || ($.eventName = AttachClassicLinkVpc) || ($.eventName = DetachClassicLinkVpc) || ($.eventName = DisableVpcClassicLink) || ($.eventName = EnableVpcClassicLink) }": self['regions'][region]['metric_filters_pattern_checks']['vpc_changes'] = True + \ No newline at end of file From b2febaef0eb16951ca148e7cb7a3f1651cac3a2d Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 9 Oct 2020 10:00:38 +0200 Subject: [PATCH 327/979] Fix URL --- tools/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/README.md b/tools/README.md index d6aa83192..6d1458f1f 100644 --- a/tools/README.md +++ b/tools/README.md @@ -2,7 +2,7 @@ This folder holds a number of useful tools for development and advanced usage of Scout Suite. -## [aws_security_hub_export.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/aws_securtiy_hub_export.py) +## [aws_security_hub_export.py](https://github.com/nccgroup/ScoutSuite/blob/master/tools/aws_security_hub_export.py) Allows exporting results from at report to AWS Security Hub. From 250ff27a2fdabf1ec8c7f3e5ba3ec3b609f0d572 Mon Sep 17 00:00:00 2001 From: kbroughton-praetorian Date: Fri, 9 Oct 2020 18:58:10 -0700 Subject: [PATCH 328/979] fix docker-compose.yaml, unignore docker/bin --- .gitignore | 2 + docker/bin/container-install-additional.sh | 49 +++++++++++++++++++++ docker/bin/container-install-aws2.sh | 50 ++++++++++++++++++++++ docker/bin/container-install-azure.sh | 41 ++++++++++++++++++ docker/bin/container-install-gcp.sh | 27 ++++++++++++ docker/bin/container-install-scoutsuite.sh | 22 ++++++++++ docker/bin/container-set-motd.sh | 6 +++ docker/docker-compose.yaml | 2 +- 8 files changed, 198 insertions(+), 1 deletion(-) create mode 100755 docker/bin/container-install-additional.sh create mode 100755 docker/bin/container-install-aws2.sh create mode 100755 docker/bin/container-install-azure.sh create mode 100755 docker/bin/container-install-gcp.sh create mode 100755 docker/bin/container-install-scoutsuite.sh create mode 100755 docker/bin/container-set-motd.sh diff --git a/.gitignore b/.gitignore index e00899887..1dd20a453 100755 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,5 @@ report-* # Private folders /private*/ /**/private*/ + +!docker/bin diff --git a/docker/bin/container-install-additional.sh b/docker/bin/container-install-additional.sh new file mode 100755 index 000000000..e603e0a15 --- /dev/null +++ b/docker/bin/container-install-additional.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# ===================================== +# install software packages needed for +# all the other components to run +# ===================================== +# AUTHOR: jason.ross@nccgroup.com +# VERSION: 0.1.0 +# ===================================== +export DEBIAN_FRONTEND=noninteractive + +WORKDIR=/root +TMPDIR=/tmp +cd ${TMPDIR} + +echo -e "\n\nSoftware Pre-reqs Installation Starting...\n\n" + +# ===================================== +# make sure the timezone gets set to UTC +# ===================================== +ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime + +# ===================================== +# set up the pre-reqs +# ===================================== +apt-get update > /dev/null 2>&1 +apt-get install -qy \ + apt-transport-https \ + apt-utils \ + ca-certificates \ + cmake \ + curl \ + dialog \ + gnupg \ + groff \ + less \ + lsb-release \ + nano \ + python3 \ + python3-pip \ + unzip \ + vim \ + virtualenv \ + virtualenvwrapper + +# reconfigure the tzdata package to make sure it picks up the UTC bit +dpkg-reconfigure --frontend noninteractive tzdata + +echo -e "\n\nSoftware Pre-reqs Installation Complete!\n\n" diff --git a/docker/bin/container-install-aws2.sh b/docker/bin/container-install-aws2.sh new file mode 100755 index 000000000..253a84c2b --- /dev/null +++ b/docker/bin/container-install-aws2.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# ===================================== +# container-scoutsuite-install.sh +# ===================================== +# AUTHOR: jason.ross@nccgroup.com +# VERSION: 0.1.0 +# ===================================== +export DEBIAN_FRONTEND=noninteractive + +WORKDIR=/root +TMPDIR=/tmp +AWSDIR=/root/.aws + +echo -e "\n\nAWS2 CLI Installation Starting...\n\n" + +# ===================================== +# install AWS CLI v2 +# ===================================== +cd ${TMPDIR} +curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +unzip awscliv2.zip +./aws/install --update + +# ===================================== +# clean up install artifacts +# ===================================== +rm ${TMPDIR}/awscliv2.zip +rm -rf ${TMPDIR}/aws + +# ===================================== +# Setup AWS configuration templates +# ===================================== + +# if the aws config directory already exists +# then we do nothing and leave it alone +if [ ! -d ${AWSDIR} ]; then + mkdir ${AWSDIR} + + # create the config template + cat <<'EOF' >${AWSDIR}/config + [default] + region = us-east-1 + output = json + aws_access_key_id = + aws_secret_access_key = +EOF +fi + +echo -e "\n\nAWS2 CLI Installation Complete!\n\n" diff --git a/docker/bin/container-install-azure.sh b/docker/bin/container-install-azure.sh new file mode 100755 index 000000000..81057ae09 --- /dev/null +++ b/docker/bin/container-install-azure.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +# ===================================== +# install the Azure CLI Tools +# ===================================== +# AUTHOR: jason.ross@nccgroup.com +# VERSION: 0.1.0 +# ===================================== +export DEBIAN_FRONTEND=noninteractive + +WORKDIR=/root +TMPDIR=/tmp +cd ${TMPDIR} + +echo -e "\n\nAzure CLI Installation Starting...\n\n" + +# blackbox pipe a random URL directly to shell +# why? because MSFT +#curl -sL https://aka.ms/InstallAzureCLIDeb | bash + +# manual process + +# add msft gpg key to apt +curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/microsoft.asc.gpg + +# set the right repo name +CLI_REPO=$(lsb_release -cs) + +# MSFT has no repo for focal yet, force the system to use eoan instead +if [[ ${CLI_REPO} -eq "focal" ]]; then + CLI_REPO="eoan" +fi + +# add the msft repo to apt +echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ + > /etc/apt/sources.list.d/azure-cli.list + +# install the software +apt-get update && apt-get install -y azure-cli + +echo -e "\n\nAzure CLI Installation Complete!\n\n" diff --git a/docker/bin/container-install-gcp.sh b/docker/bin/container-install-gcp.sh new file mode 100755 index 000000000..fd602e1fb --- /dev/null +++ b/docker/bin/container-install-gcp.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# ===================================== +# install gCloud SDK CLI Tools +# ===================================== +# AUTHOR: jason.ross@nccgroup.com +# VERSION: 0.1.0 +# ===================================== +export DEBIAN_FRONTEND=noninteractive + +WORKDIR=/root +TMPDIR=/tmp +cd ${TMPDIR} + +echo -e "\n\ngCloud SDK Installation Starting...\n\n" + +# add the gcp repo to apt +echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list + +# add the gcp pubkey to apt +curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - + +# install the sdk + some extra python-related bits +apt-get update && apt-get install -y google-cloud-sdk google-cloud-sdk-app-engine-python google-cloud-sdk-app-engine-python-extras + +# let folks know the install is done +echo -e "\n\ngCloud SDK Installation Complete!\n\n" diff --git a/docker/bin/container-install-scoutsuite.sh b/docker/bin/container-install-scoutsuite.sh new file mode 100755 index 000000000..2ebe85785 --- /dev/null +++ b/docker/bin/container-install-scoutsuite.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# ===================================== +# install ScoutSuite into a virtual env +# ===================================== +# AUTHOR: jason.ross@nccgroup.com +# VERSION: 0.1.0 +# ===================================== +export DEBIAN_FRONTEND=noninteractive + +WORKDIR=/root +TMPDIR=/tmp + +# ===================================== +# install ScoutSuite +# ===================================== +cd ${WORKDIR} +virtualenv -p python3 scoutsuite +source ${WORKDIR}/scoutsuite/bin/activate +pip install scoutsuite + +echo -e "\n\nScoutsuite Installation Complete!\n\n" diff --git a/docker/bin/container-set-motd.sh b/docker/bin/container-set-motd.sh new file mode 100755 index 000000000..5ed02d14a --- /dev/null +++ b/docker/bin/container-set-motd.sh @@ -0,0 +1,6 @@ +#!/bin/bash +cat <<'EOF' >> /root/.bashrc +cd ${HOME} +source ${HOME}/scoutsuite/bin/activate +echo -e "Welcome to ScoutSuite!\nTo run ScoutSuite, just type \`scout -h\` to see the help documentation.\nHave fun!\n\n" +EOF \ No newline at end of file diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 27c60d32c..626e5c1b5 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -7,7 +7,7 @@ services: env_file: - config/build.env build: - context: src + context: . dockerfile: src/Dockerfile args: - VCS_REF From 6e5757c5e7799de4402715826d009ac1033d865d Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 14 Oct 2020 09:02:28 +0200 Subject: [PATCH 329/979] Fix typos in rules --- .../aliyun/rules/findings/ram-user-unused-console-password.json | 2 +- .../aws/rules/findings/cloudtrail-no-data-logging.json | 2 +- ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json | 2 +- .../aws/rules/findings/redshift-cluster-no-version-upgrade.json | 2 +- .../rules/findings/redshift-cluster-publicly-accessible.json | 2 +- .../aws/rules/findings/route53-domain-no-autorenew.json | 2 +- .../aws/rules/findings/route53-domain-no-transferlock.json | 2 +- .../findings/route53-domain-transferlock-not-authorized.json | 2 +- .../providers/aws/rules/findings/s3-bucket-no-logging.json | 2 +- .../findings/storageaccount-account-allowing-clear-text.json | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json b/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json index fa2a1d694..683221411 100755 --- a/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json +++ b/ScoutSuite/providers/aliyun/rules/findings/ram-user-unused-console-password.json @@ -1,5 +1,5 @@ { - "description": "User with Unused Console Passord", + "description": "User with Unused Console Password", "rationale": "", "dashboard_name": "Users", "path": "ram.users.id", diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json index 1402a1022..d04423f68 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-data-logging.json @@ -1,6 +1,6 @@ { "description": "Data Events Logging Not Configured", - "rationale": "CloudTrail Data Logging is not configured, which means that S3 access and Lambda invocations are not logged.

    Note: S3 bucket logging can be used in place of Cloudtrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.", + "rationale": "CloudTrail Data Logging is not configured, which means that S3 access and Lambda invocations are not logged.

    Note: S3 bucket logging can be used in place of CloudTrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.", "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json index bbe4fa844..6313b8f3f 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-instance-types.json @@ -1,6 +1,6 @@ { "description": "Use of _ARG_0_ Instances", - "rationale": "Policies dictacte _ARG_0_ EC2 instances should not be used in this environment", + "rationale": "Policies dictate _ARG_0_ EC2 instances should not be used in this environment", "references": [ "https://aws.amazon.com/ec2/instance-types/" ], diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json index 8c2adb0b6..d0985d25d 100755 --- a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json +++ b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-no-version-upgrade.json @@ -1,6 +1,6 @@ { "description": "Version Upgrade Disabled", - "rationale": "Version upgrade is necessary to ensure major verson upgrades will be applied automatically to the cluster within the maintenance window.", + "rationale": "Version upgrade is necessary to ensure major version upgrades will be applied automatically to the cluster within the maintenance window.", "references": [ "https://docs.aws.amazon.com/redshift/latest/APIReference/API_ModifyCluster.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json index 3eae8dc53..c7d74a5ea 100755 --- a/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json +++ b/ScoutSuite/providers/aws/rules/findings/redshift-cluster-publicly-accessible.json @@ -1,6 +1,6 @@ { "description": "Cluster Publicly Accessible", - "rationale": "Redshift clusters should never be public, as this increases the risk of exposing sensitive data. Public acessibility means that other AWS users can access your cluster and the data stored in it.", + "rationale": "Redshift clusters should never be public, as this increases the risk of exposing sensitive data. Public accessibility means that other AWS users can access your cluster and the data stored in it.", "references": [ "https://docs.aws.amazon.com/redshift/latest/gsg/getting-started.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json index 4ae548a91..8fc48986d 100755 --- a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json +++ b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-autorenew.json @@ -1,6 +1,6 @@ { "description": "Automatic Renewal Not Set for Domain", - "rationale": "Enable automatic renewal to remove the risk of lising control over your domain names.", + "rationale": "Enable automatic renewal to remove the risk of losing control over your domain names.", "references": [ "https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-enable-disable-auto-renewal.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json index d6cbd3a74..970459899 100755 --- a/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json +++ b/ScoutSuite/providers/aws/rules/findings/route53-domain-no-transferlock.json @@ -1,6 +1,6 @@ { "description": "Domain Transfer Not Locked", - "rationale": "A domain lock prevents someone from transfering your domain to another registrar without your permission.", + "rationale": "A domain lock prevents someone from transferring your domain to another registrar without your permission.", "references": [ "https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-lock.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json index ef55bdd40..3ac02647e 100755 --- a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json +++ b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json @@ -1,6 +1,6 @@ { "description": "Domain Transfer Lock Not Supported by TLD", - "rationale": "A domain lock prevents someone from transfering your domain to another registrar without your permission. Your domain's TLD does not support this feature.", + "rationale": "A domain lock prevents someone from transferring your domain to another registrar without your permission. Your domain's TLD does not support this feature.", "references": [ "https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html" ], diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json index ca949b117..c46a8fb89 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-no-logging.json @@ -1,6 +1,6 @@ { "description": "Bucket Access Logging Disabled", - "rationale": "Server access logging provides detailed records of the requests that are made to a bucket. Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.

    Note: Cloudtrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", + "rationale": "Server access logging provides detailed records of the requests that are made to a bucket. Server access logs can assist you in security and access audits, help you learn about your customer base, and understand your Amazon S3 bill.

    Note: CloudTrail data events can be used in place of S3 bucket logging. If that is the case, this finding can be considered a false positive.", "remediation": "Ensure that S3 buckets have Logging enabled", "compliance": [ { diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json index d683c2fd4..5a370d170 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json @@ -1,6 +1,6 @@ { "description": "Secure Transfer (HTTPS) Not Enforced", - "rationale": "The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection.

    For example, when calling REST APIs to access storage accounts, the connection must use HTTPS. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. When using the Azure files service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and some flavors of the Linux SMB client.

    Because Azure storage doesn\u2019t support HTTPS for custom domain names, this option is not applied when using a custom domain name.", + "rationale": "The secure transfer option enhances the security of a storage account by only allowing requests to the storage account by a secure connection.

    For example, when calling REST APIs to access storage accounts, the connection must use HTTPS. Any requests using HTTP will be rejected when 'secure transfer required' is enabled. When using the Azure files service, connection without encryption will fail, including scenarios using SMB 2.1, SMB 3.0 without encryption, and some flavors of the Linux SMB client.

    Because Azure storage does not support HTTPS for custom domain names, this option is not applied when using a custom domain name.", "remediation": "In the Azure console:
    1. Go to Storage Accounts
    2. For each storage account, go to Configuration
    3. Set Secure transfer required to Enabled
    ", "compliance": [ { From f45af9795b0f3648b2b7130c7dbc918fcca25933 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 14 Oct 2020 10:35:54 +0200 Subject: [PATCH 330/979] Improve handling of disallowed regions --- ScoutSuite/providers/aws/facade/s3.py | 35 ++++++++++++--------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 7b1f6f206..924e513e8 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -12,27 +12,24 @@ class S3Facade(AWSBaseFacade): async def get_buckets(self): try: # If there are regions specified, try for each of them until one works. + # Otherwise, try all the available regions until one works. # This is required in case there's an IAM policy that denies access to APIs on a regional basis, # as per https://github.com/nccgroup/ScoutSuite/issues/727 - region = None - if self.regions: - buckets = [] - exception = '' - for region in self.regions: - try: - client = AWSFacadeUtils.get_client('s3', self.session, region) - buckets = await run_concurrently(lambda: client.list_buckets()['Buckets']) - except Exception as e: - exception = e - else: - break - if not buckets: - if exception: - print_exception(f'Failed to list buckets: {exception}') - return [] - else: - client = AWSFacadeUtils.get_client('s3', self.session) - buckets = await run_concurrently(lambda: client.list_buckets()['Buckets']) + buckets = [] + exception = '' + region_list = self.regions if self.regions else await run_concurrently(lambda: self.session.get_available_regions('s3')) + for region in region_list: + try: + client = AWSFacadeUtils.get_client('s3', self.session, region) + buckets = await run_concurrently(lambda: client.list_buckets()['Buckets']) + except Exception as e: + exception = e + else: + break + if not buckets: + if exception: + print_exception(f'Failed to list buckets: {exception}') + return [] except Exception as e: print_exception(f'Failed to list buckets: {e}') return [] From ddc4c68d4ef841cb9ced10851188f31520c42da1 Mon Sep 17 00:00:00 2001 From: "Li, Sam" Date: Thu, 15 Oct 2020 18:36:15 -0400 Subject: [PATCH 331/979] Implement code pulling aws cloudfront assets --- ScoutSuite/providers/aws/facade/base.py | 4 ++- ScoutSuite/providers/aws/facade/cloudfront.py | 35 +++++++++++++++++++ ScoutSuite/providers/aws/facade/utils.py | 5 ++- .../aws/resources/cloudfront/__init__.py | 0 .../aws/resources/cloudfront/base.py | 18 ++++++++++ .../aws/resources/cloudfront/distributions.py | 27 ++++++++++++++ ScoutSuite/providers/aws/resources/regions.py | 1 - ScoutSuite/providers/aws/services.py | 3 ++ ScoutSuite/providers/base/resources/base.py | 2 +- ScoutSuite/providers/base/services.py | 3 +- ScoutSuite/utils.py | 1 + 11 files changed, 91 insertions(+), 8 deletions(-) create mode 100644 ScoutSuite/providers/aws/facade/cloudfront.py create mode 100644 ScoutSuite/providers/aws/resources/cloudfront/__init__.py create mode 100644 ScoutSuite/providers/aws/resources/cloudfront/base.py create mode 100644 ScoutSuite/providers/aws/resources/cloudfront/distributions.py diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index a2e25f743..eb7b5f91c 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -6,6 +6,7 @@ from ScoutSuite.providers.aws.facade.cloudformation import CloudFormation from ScoutSuite.providers.aws.facade.cloudtrail import CloudTrailFacade from ScoutSuite.providers.aws.facade.cloudwatch import CloudWatch +from ScoutSuite.providers.aws.facade.cloudfront import CloudFront from ScoutSuite.providers.aws.facade.config import ConfigFacade from ScoutSuite.providers.aws.facade.directconnect import DirectConnectFacade from ScoutSuite.providers.aws.facade.ec2 import EC2Facade @@ -248,8 +249,8 @@ def _instantiate_facades(self): self.directconnect = DirectConnectFacade(self.session) self.efs = EFSFacade(self.session) self.elasticache = ElastiCacheFacade(self.session) - self.emr = EMRFacade(self.session) self.route53 = Route53Facade(self.session) + self.cloudfront = CloudFront(self.session) self.elb = ELBFacade(self.session) self.elbv2 = ELBv2Facade(self.session) self.iam = IAMFacade(self.session) @@ -261,6 +262,7 @@ def _instantiate_facades(self): self.sns = SNSFacade(self.session) self.sqs = SQSFacade(self.session) self.secretsmanager = SecretsManagerFacade(self.session) + self.emr = EMRFacade(self.session) # Instantiate facades for proprietary services try: diff --git a/ScoutSuite/providers/aws/facade/cloudfront.py b/ScoutSuite/providers/aws/facade/cloudfront.py new file mode 100644 index 000000000..63fde3f01 --- /dev/null +++ b/ScoutSuite/providers/aws/facade/cloudfront.py @@ -0,0 +1,35 @@ +import asyncio + +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade +from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils +from ScoutSuite.providers.utils import run_concurrently + +class CloudFront(AWSBaseFacade): + async def get_distributions(self): + client = AWSFacadeUtils.get_client('cloudfront',self.session) + # When no cloudfront distribution exists, we first need to initiate the creation + # of a new distributions generate_credential_report by calling + # client.list_distributions and then check for COMPLETE status before trying to download it: + aws_cloudfront_api_called, n_attempts = False, 3 + try: + while not aws_cloudfront_api_called and n_attempts > 0: + response = await run_concurrently(client.list_distributions) + if 'ResponseMetadata' in response: + aws_cloudfront_api_called = True + else: + n_attempts -= 1 + await asyncio.sleep(0.1) # Wait for 100ms before doing a new attempt. + except Exception as e: + print_exception('Failed to call aws cloudfront api: {}'.format(e)) + return [] + finally: + if not aws_cloudfront_api_called and n_attempts == 0: + print_exception('Failed to call aws cloudfront api in {} attempts'.format(n_attempts)) + return [] + + try: + return response['DistributionList']['Items'] + except Exception as e: + print_exception('Failed to parse cloudfront distribution list: {}'.format(e)) + return [] diff --git a/ScoutSuite/providers/aws/facade/utils.py b/ScoutSuite/providers/aws/facade/utils.py index 3f9e31f41..d53b6ab7f 100755 --- a/ScoutSuite/providers/aws/facade/utils.py +++ b/ScoutSuite/providers/aws/facade/utils.py @@ -18,7 +18,7 @@ async def get_all_pages(service: str, region: str, session: boto3.session.Sessio :param region:str: Region :param session:boto3.session.Session: Boto3 session used to authenticate the client :param paginator_name:str: Name of the paginator - :param entity:str: Key used to retreive the entities in the paginator's response + :param entity:str: Key used to retreive the entities in the paginator's response :param **paginator_args: Arguments passed to the paginator :return: A list of the fetched entities. @@ -26,7 +26,6 @@ async def get_all_pages(service: str, region: str, session: boto3.session.Sessio results = await AWSFacadeUtils.get_multiple_entities_from_all_pages( service, region, session, paginator_name, [entity], **paginator_args) - if len(results) > 0: return results[entity] else: @@ -41,7 +40,7 @@ async def get_multiple_entities_from_all_pages(service: str, region: str, sessio :param region:str: Region :param session:boto3.session.Session: Boto3 session used to authenticate the client :param paginator_name:str: Name of the paginator - :param entities:list: Keys used to retreive the entities in the paginator's response + :param entities:list: Keys used to retreive the entities in the paginator's response :param **paginator_args: Arguments passed to the paginator :return: A dictionary with the entity keys as keys, and the fetched entities lists as values. diff --git a/ScoutSuite/providers/aws/resources/cloudfront/__init__.py b/ScoutSuite/providers/aws/resources/cloudfront/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/aws/resources/cloudfront/base.py b/ScoutSuite/providers/aws/resources/cloudfront/base.py new file mode 100644 index 000000000..cbb35f039 --- /dev/null +++ b/ScoutSuite/providers/aws/resources/cloudfront/base.py @@ -0,0 +1,18 @@ +from ScoutSuite.providers.aws.resources.base import AWSCompositeResources +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.cloudfront.distributions import Distributions + +from .distributions import Distributions + + +class CloudFront(AWSCompositeResources): + _children = [ + (Distributions, 'distributions') + ] + + def __init__(self, facade: AWSFacade): + super(CloudFront, self).__init__(facade) + self.service = 'cloudfront' + + async def fetch_all(self, partition_name='aws', **kwargs): + await self._fetch_children(self) diff --git a/ScoutSuite/providers/aws/resources/cloudfront/distributions.py b/ScoutSuite/providers/aws/resources/cloudfront/distributions.py new file mode 100644 index 000000000..c6f922455 --- /dev/null +++ b/ScoutSuite/providers/aws/resources/cloudfront/distributions.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id + + +class Distributions(AWSResources): + async def fetch_all(self): + list_distributions = await self.facade.cloudfront.get_distributions() + for distribution in list_distributions: + id, distro = self._parse_distributions(distribution) + self[id] = distro + + def _parse_distributions(self, distribution): + distribution_dict = {} + distribution_dict['id'] = distribution.get('Id') + distribution_dict['arn'] = distribution.get('ARN') + distribution_dict['status'] = distribution.get('Status') + distribution_dict['last_modified_time'] = distribution.get('LastModifiedTime') + distribution_dict['aliases'] = distribution.get('Aliases') + distribution_dict['domain_name'] = distribution.get('DomainName') + distribution_dict['origins'] = distribution.get('Origins') + distribution_dict['viewer_protocol_policy'] = distribution.get('ViewerProtocolPolicy') + distribution_dict['allowed_methods'] = distribution.get('AllowedMethods') + distribution_dict['view_certificate'] = distribution.get('ViewerCertificate') + distribution_dict['restrictions'] = distribution.get('Restrictions') + distribution_dict['alias_icp_recordals'] = distribution.get('AliasICPRecordals') + return distribution_dict['id'], distribution_dict diff --git a/ScoutSuite/providers/aws/resources/regions.py b/ScoutSuite/providers/aws/resources/regions.py index 1581a1be7..fb84a3a2e 100755 --- a/ScoutSuite/providers/aws/resources/regions.py +++ b/ScoutSuite/providers/aws/resources/regions.py @@ -32,5 +32,4 @@ def _set_counts(self): # counting them would make the report confusing. if key == 'vpcs': continue - self[key + '_count'] = sum([region[key + '_count'] for region in self['regions'].values()]) diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index ba0141ea6..f0cea1aee 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -4,6 +4,7 @@ from ScoutSuite.providers.aws.resources.cloudformation.base import CloudFormation from ScoutSuite.providers.aws.resources.cloudtrail.base import CloudTrail from ScoutSuite.providers.aws.resources.cloudwatch.base import CloudWatch +from ScoutSuite.providers.aws.resources.cloudfront.base import CloudFront from ScoutSuite.providers.aws.resources.config.base import Config from ScoutSuite.providers.aws.resources.directconnect.base import DirectConnect from ScoutSuite.providers.aws.resources.ec2.base import EC2 @@ -58,6 +59,7 @@ class AWSServicesConfig(BaseServicesConfig): :ivar cloudtrail: CloudTrail configuration :ivar cloudwatch: CloudWatch configuration: + :ivar cloudfront: CloudFront configuration :ivar config: Config configuration :ivar dynamodb: DynomaDB configuration :ivar ec2: EC2 configuration @@ -85,6 +87,7 @@ def __init__(self, credentials=None, **kwargs): self.cloudformation = CloudFormation(facade) self.cloudtrail = CloudTrail(facade) self.cloudwatch = CloudWatch(facade) + self.cloudfront = CloudFront(facade) self.config = Config(facade) self.directconnect = DirectConnect(facade) self.ec2 = EC2(facade) diff --git a/ScoutSuite/providers/base/resources/base.py b/ScoutSuite/providers/base/resources/base.py index 656155a7d..71f27fb9e 100755 --- a/ScoutSuite/providers/base/resources/base.py +++ b/ScoutSuite/providers/base/resources/base.py @@ -34,7 +34,7 @@ async def fetch_all(self, **kwargs): class CompositeResources(Resources, metaclass=abc.ABCMeta): """This class represents a node in the hierarchical structure. As inherited from `Resources`, it still \ - stores instances of a given type of resources internally but also stores some kind of nested resources \ + stores instances of a given type of resources internally but also stores some kind of nested resources \ referred to as its 'children'. """ diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index 96db93b4b..2132a76c5 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -52,8 +52,7 @@ async def _fetch(self, service, regions=None, excluded_regions=None): if service != 'iam': method_args['partition_name'] = get_partition_name(self.credentials.session) - await service_config.fetch_all(**method_args) - + await service_config.fetch_all(**method_args) if hasattr(service_config, 'finalize'): await service_config.finalize() else: diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 0c72b57da..5b8696077 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -14,6 +14,7 @@ 'cloudformation': 'CloudFormation', 'cloudtrail': 'CloudTrail', 'cloudwatch': 'CloudWatch', + 'cloudfront': 'CloudFront', 'credentials': 'Credentials', 'cognito': 'Cognito', 'config': 'Config', From bc161c209cadf4f3f023d505a72121535da50906 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 16 Oct 2020 09:28:58 +0200 Subject: [PATCH 332/979] Improve error handling --- ScoutSuite/providers/gcp/facade/base.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index e3a9ec48c..e335bcf47 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -132,8 +132,13 @@ async def is_api_enabled(self, project_id, service): serviceusage_client = self._build_arbitrary_client('serviceusage', 'v1', force_new=True) services = serviceusage_client.services() - request = services.list(parent=f'projects/{project_id}') - services_response = await GCPFacadeUtils.get_all('services', request, services) + try: + request = services.list(parent=f'projects/{project_id}') + services_response = await GCPFacadeUtils.get_all('services', request, services) + except Exception as e: + print_exception(f'Could not fetch the state of services for project \"{project_id}\", ' + f'including {format_service_name(service.lower())} in the execution', {'exception': e}) + return True # These are hardcoded endpoint correspondences as there's no easy way to do this. if service == 'IAM': @@ -153,8 +158,8 @@ async def is_api_enabled(self, project_id, service): elif service == 'StackdriverMonitoring': endpoint = 'monitoring' else: - print_debug('Could not validate the state of the {} API for project \"{}\", including it in the execution'.format( - format_service_name(service.lower()), project_id)) + print_debug('Could not validate the state of the {} API for project \"{}\", ' + 'including it in the execution'.format(format_service_name(service.lower()), project_id)) return True for s in services_response: @@ -166,6 +171,6 @@ async def is_api_enabled(self, project_id, service): project_id)) return False - print_error('Could not validate the state of the {} API for project \"{}\", including it in the execution'.format( - format_service_name(service.lower()), project_id)) + print_error(f'Could not validate the state of the {format_service_name(service.lower())} API ' + f'for project \"{project_id}\", including it in the execution') return True From 1938ca1feab4e09d309400af9337f5740969beff Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 09:36:55 +0200 Subject: [PATCH 333/979] Fix rule, as the previous evaluation was incorrect --- ...am-managed-policy-allows-full-privileges.json | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 8b103b536..4b17a2539 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -1,7 +1,7 @@ { "description": "Managed Policy Allows Full Administrative Privileges", "rationale": "Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", - "remediation": "Ensure no managed policies are configured with Effect:Allow, Action:* and Resource:*", + "remediation": "Ensure no managed policies are configured with Effect: Allow, Action: * and Resource: *", "compliance": [ { "name": "CIS Amazon Web Services Foundations", @@ -25,9 +25,17 @@ "Allow" ], [ - "iam.policies.id.PolicyDocument.Statement.id.", - "containAction", - "*" + "and", + [ + "iam.policies.id.PolicyDocument.Statement.id.", + "withKey", + "Action" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id.Action", + "containString", + "*:*" + ] ], [ "iam.policies.id.PolicyDocument.Statement.id.Resource", From 9a457a8bdb3238eca4f95d37c5629d6fe9c04950 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 09:41:02 +0200 Subject: [PATCH 334/979] Set correct display path --- .../aws/rules/findings/iam-inline-policy-allows-NotActions.json | 2 +- .../rules/findings/iam-inline-policy-allows-non-sts-action.json | 2 +- .../rules/findings/iam-managed-policy-allows-NotActions.json | 2 +- .../findings/iam-managed-policy-allows-full-privileges.json | 2 +- .../findings/iam-managed-policy-allows-non-sts-action.json | 2 +- .../aws/rules/findings/iam-managed-policy-for-role.json | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json index be4cb35da..b8decbfc8 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-NotActions.json @@ -6,7 +6,7 @@ "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html", "https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/" ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam._ARG_0_s.id", "path": "iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json index ce7b88bd5..e05edfe36 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-allows-non-sts-action.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam._ARG_0_s.id", "path": "iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json index a3f58b4c5..ab756d63f 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-NotActions.json @@ -5,7 +5,7 @@ "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html", "https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/" ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam.policies.id", "path": "iam.policies.id.PolicyDocument.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 4b17a2539..46a4ca1c9 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -14,7 +14,7 @@ "reference": "1.22" } ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam.policies.id", "path": "iam.policies.id.PolicyDocument.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json index bb1f2ef82..02f6ae679 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-non-sts-action.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam.policies.id", "path": "iam.policies.id.PolicyDocument.Statement.id", "conditions": [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json index 2316259dd..3c3392d71 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json @@ -4,7 +4,7 @@ "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html" ], - "dashboard_name": "Policies", + "dashboard_name": "Statements", "display_path": "iam.policies.id", "path": "iam.policies.id.PolicyDocument.Statement.id", "conditions": [ From a18e0b0a73f9e5e666be0bead052e74547ba4000 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 09:41:24 +0200 Subject: [PATCH 335/979] Update IP list --- ScoutSuite/data/aws/ip-ranges/aws.json | 790 +++++++++++++++++++++++-- 1 file changed, 743 insertions(+), 47 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index 91ed4648b..744cc5190 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,6 +1,6 @@ { - "syncToken": "1601301076", - "createDate": "2020-09-28-13-51-16", + "syncToken": "1603344677", + "createDate": "2020-10-22-05-31-17", "prefixes": [ { "ip_prefix": "3.5.140.0/22", @@ -56,6 +56,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.219.168.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.78.0/24", "region": "ap-southeast-1", @@ -110,6 +116,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.137.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.135/32", "region": "eu-central-1", @@ -134,6 +146,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.187/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.199.0/25", "region": "us-west-1", @@ -242,6 +260,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.3.190/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.228.0/24", "region": "sa-east-1", @@ -392,6 +416,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.127.118/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.205/32", "region": "us-west-1", @@ -404,6 +434,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.95.182.0/23", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.240.236.54/32", "region": "eu-south-1", @@ -446,6 +482,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.3.185/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "180.163.57.128/26", "region": "GLOBAL", @@ -644,6 +686,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.3.234/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.240.245/32", "region": "eu-south-1", @@ -656,6 +704,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.138.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "52.47.0.0/16", "region": "eu-west-3", @@ -710,6 +764,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.25.248/29", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.208.0.0/16", "region": "ap-northeast-3", @@ -752,6 +812,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.150.8.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", @@ -800,6 +866,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.127.112/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.178.134/32", "region": "us-west-1", @@ -860,6 +932,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.44.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "18.192.0.0/15", "region": "eu-central-1", @@ -1064,6 +1142,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "150.222.3.240/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.134/31", "region": "eu-central-1", @@ -1118,12 +1202,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "15.230.131.32/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "52.46.252.0/22", "region": "us-east-1", @@ -1142,12 +1220,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.3.198/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.236.0.0/15", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.104/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.240.192/31", "region": "us-west-2", @@ -1406,6 +1496,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.127.121/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.95.168.0/24", "region": "us-gov-east-1", @@ -1466,6 +1562,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.3.242/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.122/31", "region": "eu-central-1", @@ -1526,6 +1628,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.96/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.144.192.0/26", "region": "us-east-1", @@ -1694,6 +1802,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.3.182/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.79.0/24", "region": "us-east-1", @@ -1808,12 +1922,24 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.93.127.93/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.95.63.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.3.212/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.126.215/32", "region": "us-east-1", @@ -1988,12 +2114,6 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, - { - "ip_prefix": "15.230.131.64/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -2180,6 +2300,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.122.255/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.230.192.0/21", "region": "GLOBAL", @@ -2222,6 +2348,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.99/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.95.166.0/23", "region": "us-gov-east-1", @@ -2462,6 +2594,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.233.70/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.240.212.0/22", "region": "us-west-1", @@ -2630,6 +2768,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.127.108/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.178.157/32", "region": "us-west-1", @@ -2654,6 +2798,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.232/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.122.106/31", "region": "eu-central-1", @@ -2876,6 +3026,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.3.180/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.98.0/24", "region": "eu-west-1", @@ -3122,6 +3278,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.3.236/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "3.124.0.0/14", "region": "eu-central-1", @@ -3284,6 +3446,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.105/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.138.253/32", "region": "eu-west-2", @@ -3314,6 +3482,12 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "150.222.3.226/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.208.88/31", "region": "af-south-1", @@ -3368,6 +3542,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.3.200/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.234.0/24", "region": "us-west-1", @@ -3470,6 +3650,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.3.208/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.106.0/24", "region": "us-west-1", @@ -3506,6 +3692,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.4.156/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.156.0.0/14", "region": "eu-central-1", @@ -3566,6 +3758,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.22.88/29", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.77.0/24", "region": "ap-northeast-3", @@ -3794,6 +3992,12 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "150.222.3.186/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.122.94/31", "region": "eu-central-1", @@ -3992,6 +4196,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.93.127.113/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.137.0/24", "region": "ap-northeast-2", @@ -4028,6 +4238,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.144.233.128/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.216.0.0/15", "region": "us-east-1", @@ -4256,6 +4472,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.3.238/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.126.138/32", "region": "ap-southeast-2", @@ -4382,6 +4604,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.120.179/32", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.209.192/26", "region": "eu-west-2", @@ -4538,6 +4766,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "150.222.3.244/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.3.250/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "46.137.224.0/19", "region": "ap-southeast-1", @@ -4562,6 +4802,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.127.116/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.178.133/32", "region": "us-west-1", @@ -4574,6 +4820,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "63.246.112.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "150.222.122.96/31", "region": "eu-central-1", @@ -4586,6 +4838,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.107/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.240.152/31", "region": "us-west-2", @@ -4682,6 +4940,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.29.0/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.126.137/32", "region": "ap-southeast-2", @@ -4694,6 +4958,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.3.214/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.38.0/24", "region": "us-east-1", @@ -4826,6 +5096,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.4.162/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.65.192/26", "region": "us-east-1", @@ -4886,6 +5162,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.127.97/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "150.222.120.226/31", "region": "eu-central-1", @@ -4928,12 +5210,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.127.101/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.93.127.114/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.94.248.32/28", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.144.233.68/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.219.40.0/22", "region": "ap-southeast-1", @@ -4982,6 +5282,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.106/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.94.248.160/28", "region": "us-east-2", @@ -5210,6 +5516,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "150.222.3.254/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "184.72.128.0/17", "region": "us-east-1", @@ -5222,6 +5534,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.115/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.3.246/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.51.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.230.39.38/31", "region": "us-east-2", @@ -5264,6 +5594,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "99.83.76.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "108.166.232.0/21", "region": "us-east-2", @@ -5480,6 +5816,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.4.160/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.94/31", "region": "us-east-2", @@ -5534,6 +5876,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.122.218/32", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.204/32", "region": "us-west-1", @@ -5648,6 +5996,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.3.252/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "208.86.88.0/23", "region": "us-east-1", @@ -6140,6 +6494,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.123.11/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.110.0/24", "region": "GLOBAL", @@ -6482,6 +6842,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.3.218/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.180.0/24", "region": "us-west-2", @@ -6602,6 +6968,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "150.222.3.183/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.222/31", "region": "us-east-2", @@ -6656,6 +7028,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "150.222.3.202/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "223.71.11.0/27", "region": "GLOBAL", @@ -6710,6 +7088,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.127.94/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.95.255.96/28", "region": "us-west-1", @@ -6800,6 +7184,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.3.206/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.94.116.0/22", "region": "us-west-2", @@ -6836,6 +7226,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.127.92/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.94.15.0/24", "region": "eu-west-2", @@ -6944,6 +7340,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.4.154/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.93.99.0/24", "region": "ap-south-1", @@ -7028,6 +7430,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.144.233.64/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.231.232.0/21", "region": "us-west-1", @@ -7166,6 +7574,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.144.233.66/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.78.0.0/16", "region": "eu-west-1", @@ -7274,6 +7688,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.3.228/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "176.32.96.0/21", "region": "us-east-1", @@ -7400,6 +7820,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "150.222.3.189/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.143.0/24", "region": "us-east-1", @@ -7412,6 +7838,18 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.253.0.0/16", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "52.93.127.111/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.119.224.0/21", "region": "us-east-1", @@ -7538,6 +7976,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.233.130/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.240.236.41/32", "region": "eu-south-1", @@ -7616,6 +8060,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.3.192/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.243.11/32", "region": "eu-south-1", @@ -7628,6 +8078,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.93.127.95/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.94.248.112/28", "region": "eu-central-1", @@ -7736,6 +8192,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.25.216/29", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "35.168.0.0/13", "region": "us-east-1", @@ -7748,6 +8210,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.127.120/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "13.209.0.0/16", "region": "ap-northeast-2", @@ -7802,6 +8270,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "13.34.22.56/29", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.221.3.0/24", "region": "eu-central-1", @@ -8006,6 +8480,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.144.233.134/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "54.239.1.144/28", "region": "ap-southeast-3", @@ -8078,6 +8558,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.242.128/25", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.94.17.0/24", "region": "eu-central-1", @@ -8270,6 +8756,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.4.158/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.42/31", "region": "us-east-2", @@ -8288,6 +8780,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.127.119/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.252.0/23", "region": "us-east-1", @@ -8318,6 +8816,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "99.150.0.0/21", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "150.222.243.33/32", "region": "eu-south-1", @@ -8336,6 +8840,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.100/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.249.0/24", "region": "us-east-1", @@ -8384,6 +8894,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.29.32/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", @@ -8768,6 +9284,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.127.102/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.94.249.176/28", "region": "af-south-1", @@ -9182,18 +9704,6 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, - { - "ip_prefix": "15.230.131.48/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, - { - "ip_prefix": "52.92.88.0/22", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" - }, { "ip_prefix": "54.222.64.0/23", "region": "cn-north-1", @@ -9218,6 +9728,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.3.188/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.243.59/32", "region": "eu-south-1", @@ -9308,6 +9824,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.160.0.0/16", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.177.80.0/24", "region": "us-west-2", @@ -9320,12 +9842,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "15.230.131.16/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "52.93.127.26/32", "region": "eu-west-1", @@ -9386,6 +9902,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.109/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.94.198.96/28", "region": "ap-southeast-1", @@ -9488,6 +10010,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.3.194/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.3.204/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.6.0/24", "region": "sa-east-1", @@ -9530,6 +10064,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.210/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "205.251.192.0/21", "region": "GLOBAL", @@ -9584,6 +10124,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.3.224/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.77.0/24", "region": "ap-northeast-1", @@ -9836,6 +10382,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.127.110/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.94.248.64/28", "region": "ap-southeast-2", @@ -9854,6 +10406,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.184/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.3.191/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.128/31", "region": "eu-central-1", @@ -9891,10 +10455,10 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "130.137.180.0/23", - "region": "us-east-1", + "ip_prefix": "150.222.3.230/31", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "3.5.148.0/22", @@ -9902,6 +10466,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.127.117/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.93.242.120/29", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "54.198.0.0/16", "region": "us-east-1", @@ -10286,6 +10862,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.233.132/31", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "64.252.109.0/24", "region": "ap-southeast-2", @@ -10328,6 +10910,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.3.216/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.221.0/24", "region": "us-west-1", @@ -10490,6 +11078,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.95.181.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.144.230.0/26", "region": "ap-northeast-1", @@ -10520,6 +11114,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.3.181/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.3.248/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.76.0/24", "region": "us-east-1", @@ -10616,6 +11222,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.98/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.178.171/32", "region": "us-west-1", @@ -10664,6 +11276,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.3.196/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.122.114/31", "region": "eu-central-1", @@ -10826,12 +11444,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.3.222/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.120/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.4.152/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.119.184.0/22", "region": "ap-southeast-1", @@ -11108,6 +11738,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.127.103/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.178.163/32", "region": "us-west-1", @@ -11462,6 +12098,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.3.220/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", @@ -11702,6 +12344,12 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.219.168.0/24", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.95.150.0/24", "region": "eu-west-2", @@ -11714,6 +12362,12 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.95.182.0/23", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "108.175.56.0/22", "region": "us-gov-west-1", @@ -12242,12 +12896,6 @@ "service": "S3", "network_border_group": "sa-east-1" }, - { - "ip_prefix": "52.92.88.0/22", - "region": "eu-west-2", - "service": "S3", - "network_border_group": "eu-west-2" - }, { "ip_prefix": "54.231.192.0/20", "region": "eu-central-1", @@ -12302,6 +12950,12 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.95.181.0/24", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.82.164.0/22", "region": "cn-northwest-1", @@ -12734,6 +13388,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.150.8.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", @@ -13868,6 +14528,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "63.246.112.0/24", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", @@ -14090,6 +14756,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.51.0.0/16", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "35.181.0.0/16", "region": "eu-west-3", @@ -14768,6 +15440,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.253.0.0/16", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-lax-1" + }, { "ip_prefix": "54.238.0.0/16", "region": "ap-northeast-1", @@ -15062,6 +15740,12 @@ "service": "EC2", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.150.0.0/21", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", @@ -15308,6 +15992,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.160.0.0/16", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.177.80.0/24", "region": "us-west-2", @@ -15494,12 +16184,6 @@ "service": "EC2", "network_border_group": "us-east-1" }, - { - "ip_prefix": "130.137.180.0/23", - "region": "us-east-1", - "service": "EC2", - "network_border_group": "us-east-1" - }, { "ip_prefix": "3.5.148.0/22", "region": "ap-southeast-1", @@ -16706,6 +17390,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "99.83.98.0/24", + "region": "us-west-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-west-1" + }, { "ip_prefix": "75.2.0.0/17", "region": "GLOBAL", @@ -19750,6 +20440,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2400:6500:0:7600::/56", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2406:da1a::/36", "region": "ap-south-1", From 1b6e08a9f0bee286308a27e4884fc86a16022765 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 09:46:21 +0200 Subject: [PATCH 336/979] Add references --- .../findings/iam-managed-policy-allows-full-privileges.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 46a4ca1c9..32f42bbe1 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -2,6 +2,10 @@ "description": "Managed Policy Allows Full Administrative Privileges", "rationale": "Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", "remediation": "Ensure no managed policies are configured with Effect: Allow, Action: * and Resource: *", + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", + "https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/" + ], "compliance": [ { "name": "CIS Amazon Web Services Foundations", From e5c44277f55764c2bf3dc1bdf4695625981de0da Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 09:51:27 +0200 Subject: [PATCH 337/979] improve check --- .../iam-managed-policy-allows-full-privileges.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 32f42bbe1..36aa592b0 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -37,8 +37,12 @@ ], [ "iam.policies.id.PolicyDocument.Statement.id.Action", - "containString", - "*:*" + "containAtLeastOneOf", + [ + "*", + "*:*" + + ] ] ], [ From 609ae2400a03c26b0fbf41afac17416aa81855d2 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 10:28:18 +0200 Subject: [PATCH 338/979] Improve description --- .../findings/iam-managed-policy-allows-full-privileges.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 36aa592b0..2001a28ea 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -1,6 +1,6 @@ { - "description": "Managed Policy Allows Full Administrative Privileges", - "rationale": "Providing full administrative privileges instead of restricting to the minimum set of permissions that the user is required to do exposes the resources to potentially unwanted actions.", + "description": "Managed Policy Allows All Actions", + "rationale": "Providing full privileges instead of restricting to the minimum set of permissions that the principal requires exposes the resources to potentially unwanted actions.", "remediation": "Ensure no managed policies are configured with Effect: Allow, Action: * and Resource: *", "references": [ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", From 719fa7f5f4df66cf205536140f34a2b32bae0e18 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 10:29:51 +0200 Subject: [PATCH 339/979] Format findings --- .../findings/cloudtrail-partial-data-logging.json | 2 +- .../iam-managed-policy-allows-full-privileges.json | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json index d9ee31e02..df616132c 100755 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-partial-data-logging.json @@ -1,5 +1,5 @@ { - "description": "Data Logging Configuration not Covering All Resources", + "description": "Data Logging Configuration Not Covering All Resources", "rationale": "CloudTrail Data Logging is not configured to cover all S3 or Lambda resources, which means that all S3 access and Lambda invocations are not logged.

    Note: S3 bucket logging can be used in place of CloudTrail data events for S3. If that is the case, logs for Lambda invocations may still be missing.", "references": [ "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html" diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 2001a28ea..8e88b2e8c 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -2,10 +2,6 @@ "description": "Managed Policy Allows All Actions", "rationale": "Providing full privileges instead of restricting to the minimum set of permissions that the principal requires exposes the resources to potentially unwanted actions.", "remediation": "Ensure no managed policies are configured with Effect: Allow, Action: * and Resource: *", - "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", - "https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/" - ], "compliance": [ { "name": "CIS Amazon Web Services Foundations", @@ -18,6 +14,10 @@ "reference": "1.22" } ], + "references": [ + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", + "https://aws.amazon.com/blogs/security/back-to-school-understanding-the-iam-policy-grammar/" + ], "dashboard_name": "Statements", "display_path": "iam.policies.id", "path": "iam.policies.id.PolicyDocument.Statement.id", @@ -41,7 +41,6 @@ [ "*", "*:*" - ] ] ], @@ -53,4 +52,4 @@ ] ] ] -} \ No newline at end of file +}} \ No newline at end of file From 56314298ff96e45a5a0c36bb3fd2eeec77d56ddf Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 10:30:07 +0200 Subject: [PATCH 340/979] Sort rulesets --- .../providers/aws/rules/rulesets/detailed.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index 32278ffe0..14f857177 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -34,12 +34,6 @@ "level": "warning" } ], - "cloudtrail-partial-data-logging.json": [ - { - "enabled": true, - "level": "warning" - } - ], "cloudtrail-no-data-logging.json": [ { "enabled": true, @@ -76,6 +70,12 @@ "level": "danger" } ], + "cloudtrail-partial-data-logging.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudwatch-alarm-without-actions.json": [ { "enabled": true, From f1e643055eceabcb7778322a12b82561e460be41 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 10:30:35 +0200 Subject: [PATCH 341/979] Fix rule --- .../findings/iam-managed-policy-allows-full-privileges.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 8e88b2e8c..3f336cc47 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -52,4 +52,4 @@ ] ] ] -}} \ No newline at end of file +} \ No newline at end of file From 0b0eca724898ce9585b82e512505e6ff1933fb35 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 10:41:49 +0200 Subject: [PATCH 342/979] Make uppercase --- .../aws/rules/findings/iam-group-with-inline-policies.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json b/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json index a22e5104c..1a734b59d 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-group-with-inline-policies.json @@ -5,7 +5,7 @@ "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#best-practice-managed-vs-inline", "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html" ], - "dashboard_name": "groups", + "dashboard_name": "Groups", "path": "iam.groups.id", "conditions": [ "and", From e3e85d6fe184af81e15f82493fb5675ab09bdb95 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 22 Oct 2020 11:57:12 +0200 Subject: [PATCH 343/979] Remove jQuery 1.11.2 --- ScoutSuite/output/data/includes.zip | Bin 2409097 -> 2375744 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/ScoutSuite/output/data/includes.zip b/ScoutSuite/output/data/includes.zip index 21f3f0518140a9f346e6467992d1105bc322eb03..0f18ec4e107f8b3704a5ce37566237ef80638af2 100755 GIT binary patch delta 578 zcmYk$%PT}-7zXe;=bH;>IBs)e%+*U7_k|)0mSm%prDSZ#g0Yi@jYP`0)SHsX!cLSD zGiJ_+zks4#{sl@Y8+pESYI07$I?waH-}jxhl^w-c-cpt?ltrDB*W_7Er4>*?fE^s* z1Q(P*DQMt^GAIWfDxeaopc-mGp63N0_#ptbPzOP%hY*Az0#S%T92zcDY1(L(zZDj9 zy2A5mCBdiHln~?dW(x7rmr};|465e`g}XA;FSJMV!^_bz)y11wQ||TSJHM}> zewAC2T`F&7$-|*6(yo;PJej3d5j!lAYlGtLL+5m!>iAm@c|Oe);(;6L5l2Ina?MO` zKE9zgvFP?#)u$ZTpYr}27|l_;a9;WTRULhP2cPF~^4^PI_RZ|d>h1~zSX2d#@xm2;$kJ7y*$#Y*Fa0;cwV rqE=-T@V~ul@nX`s>6ThVW3GXl1}Nei8Fn~rcw%^eHJh!qn~?qh!g|z| delta 34097 zcmV($K;yr_fRO=-g_8k*v;le!ENU=6N^e;Zf{TFw0K0Yp03QGx0BLSxEoyOfWpa5h zYH@XCa(OK=E-^7KGLuPMBY&(rYnPiwmf!bRNTiQUwMw*P$2lh`)f_+Cv1jbqlXf!M zMR-mDg+w<3HK2aDk$?N#Tg6KVC9`KYjs?`~zMtT;)8XLiA6t<=3~pz}Y-T(i6a(EO zgQwH!a|*w+@2mMY$u{=*Wa2?l(!AXV(5BAW_?D3oiaJ$)NE4qXm zI78fj4CsnI?r6wXMxI>eX&5i*6+EnX_VF(MlqMUI<`4857e!1{0@LW4?ZYkcN8;B; z5X0eNE@yT$W@lgQMYhDJ4W)Lhd{L_*$b8jVD} z%va`==E;jR-EcoLjik=3~4V>U_skV~)9h z7)s+Z=ic?+k$)&f7bsbabSdOgqeXyDC~q_d$Q8FArCKwo5H7CG#l3p09;mycf_p2o zmz8S+=OiSmq_*apJ}TvrHPSku$T#}F9=g=4mvcod4B?>!&XqdZ!{g4uzQH$}=%K_Y zT}nI2@PHspv;5cr;zpmsnu!1DlF1C#h?^dkwJ$Z7^oq^E^y}e@^eZ-;%>#5{ZjwZT$Bn~Wjz;m} z;^hy*cpwO8OWSuqQUWi_A!8n*HyYsup?->Z7%N^wgaN>4RbeI#9R>)obQk^ya=|z9 z(Wsf^#NsGPvmS4sC1-(T1kWlt=vTmGIMlpNLVtfSEwPbHV6;-8Wg|HK5dsYdS8kS} zLL2MR_yf;ZMvB90oe(1xn}~ZtKU=&8FR5vShS{%z`w!-DN(Ba*Jw5IQA&wq6Nj7a| z1b1J{qsPd#Y6ye~#GxGJF(qqE`CBonD0&XyICHT3pDJn{_no5=XApB$bi*CLfY{T} z>wnoYY)cCEO*TBu#G5GLD4g*O%n}c{Sa0$NC9^|omm2P(CUH`pIxD3#l)GCJ@7XP* ze^FElKWtH36x@gtUwno~rT&U`m}(&9=>ujEylwuY(eO&SOis1dxJFtt?F~(^qZ%Mw zJ$wwb2GR~fKREZ=E5iuDy*84&_&qpEa(}>vL5+h;+DxicSm`&2*DZ?H(j7(6$K(r= zwfI=m%mWXBOl+xKHEONwusobN4WG?w9;`1)TpnHA@~8m{G0jDLg-m7*4`6^CtW9{A zUK(!lmbSt|n1Q`50*H=Oczi7)%qjXv;k7{~RD*OyYbkJ{My zA!orZTu4xWiM647J9RUe0XLA6UQUc_a6agosC8|Aw+bU5{@f=Zpz+vYu7B;rMJgYL zKcW`Y@ern+&eGa0)R7Ei4TcSZI^YjdUTHiOI02xtY}9_mhTeR69?S!v*k?niq3i%w zfz|-v)o3JS)+R@5M<%*?ZriR70H9q#wq#5CR?=;@AXWg;IFz>dqfw}U`ea@!d7za1 zFE>;umUagehgf`UL*JZH@PGREy;_TjUb*!^BSHQ;I11Z!sLMFz44AW*nn6~hd#o%_ z>ZFT4CBX5+T$Y!ZxhjjLRh6lC4I(ASIHjoAX;Vq?#zO0~VBV8od7b>g8qUlanrNLsfYn;V zso5k|u%!&XS}f_^6R~@a1<7P4)oh2zWb7b$X=(zxq9MJa*EFJQ8qhiL`Z0CqOsA9y1Q$j)Duh{IT zpPtR=YbXl3eTNG)^*8Lo*d!bJGhVTM@wU2o2REwA@wX1J%3FAVo!@w@mQUo$7rM1C zoHxGk?@aSn!n+oJp?U>y!?TCjEBH1~0w6z=cMwh<3aqfxB!9{ZUj!m8{4nEg1RGYN z?~AwyGw?A*1UY!I-bQ)2i9`X^#RY^hKZ&D#fMdCP?2Y)FKbw~vTPE_+J<>t$t&8JjdV1N2^-?VO@kG~;`@IdONzwIq$ z)lxvfc>?sFT5ax0*uS@Td?NIpU0}fV6Ik~LdwloW+?)HZWIfEjdjI0`a(@;GZRS6} z_<4U8r#hMh_^ZV)K7anz>|pVc&`*~azrFt0odA?yy?yt-gPN&J<(K`O0y{QEoUicj z1Ruym_kSRH@QWmvpmQsgr{tEn1^Y>SAEalG!3v1JSoo(TE*kwUC(37-9)oh!td)wQ zg+K{*I68ErUHl#BJSmsNLipJ$)ko{nhQ}!}n+;atrdR?^ilTVtA&rZC)joU^5~2g zkBjVdVaGfVZ^dA7cSirEPWw)`(Srb6^u->!%k9R6^cZ#Nl5{!uV zRZ&Gtur8!Zy(u_vW#DDn4e_hVqshF^pnp9GV7pzNlPq1ya0vJ6tN=2>oa4Xe5%eGKxLuqD<^da8u= zA_pY_cLmWT^dV2M06-mJT$h4FIT>lhbd9XLn1bD9kQD)QpJ?N3tUYlC8jV=8Uy4SP z2}$h8Vc9r!b-W|d>MBLI3&~l(IF|Lv@*1=m5WXe53r*Oc{JAXsIPP#1L z9=!mAy_bAc7XLsVcR?6~9m8HY7f4$tx1vKe*k*Zfs5i}|U#WI7!)PQ8wXt4Iq*Wsy z>&|-E)jhQ5x)PH*=8ds}Imhw~lGpc=FQbtU*h1ao+T6%iVUX(t%0FAKb(pAdaT}1K z+irK+TLkE4Qg~Vt>Pf5R{8j#dOUNZ#6P+xHlYf?5Q1gAS*_-g#mR->#1bl zEA+I={a}^c@@&`czK1NUxI!a`JqiJe;Ts%8@s`JaBy7(X4mi)|v}o@%7ggQI27b2~ zn=#gMd|)}>KwXn<>WO#wLbWJfLF)32cgN6z{XK6~bw@nr88HO&%YV>~z=g_oO{*@M z%<3MAH8a7t*BGzcf@=3QOA?NlWmSdBY(mzP$and^6ew-+H~v4JueSg|rK++N`9zMu zOWN>23)>(oHDzO$wx^(uRrm<(fnt}$t0E<+%#sEBYOn+~0LgQf^MjG1-?HI@Hx!>`0)O)BA2~I-i^SV)U|dA zp?>dcX>UJ&c)#y|%^~*jBvg@Cr}R|+0vlV_AvE*0eoLj|KE~T+OWBuQbSyn)`0oB- z0!$FbM8Kis{XGj*F4u9b{5K+Rx{R@{4XT%g} z!r$9Y8Mkh1F%Gq?1uI6o&hY3*= zHZ0r2SMa+XMd(p3(tY?%gRY9b9t2&tKCV}Shsg_i=-rN(dKq79QvV;oDw2=-ni>-o zGY`iUhI{e_qMft>;tMd zT}Kbcpb8cv-)}rtu{Dry8wf^iujR#NmUE-UZ zyCIRLNX`xZs06$*;Vxsaw$M9PduXmPI7 z8LTtNzkiZDk8c2P!Jfe4WFv!K)$x>LXKD~`)bP1R`JwbQd;hpEu-B=5*JyO3*sWos z(P2%G5qo|M*-+{|w8Er0swk?Xnr^0LO6@LG)8^P&q5q93^7~GMx&D1-*$3{~(@gd5 zVN`p4 zj7>Pt{65*qovPnew~LQ4O~kSV-p90RifU%nDL-<`DK+n5s@h47Qxo|`&}P8Hr zU)fIvm0USh6p3*s-0Lv^u)h{3*2&kN(WGx>))_>D>`2TrfD$hOBSdAD>seNR#vw~0 z+J8LT*$}Nm(w3IA4Vgwip)TC8o0{>hR@+TkpB9)cq);{YtV!Ez+=?TK;U#N~j#ZlX zDak@aoX{NmIjv=J&ciq(R$u?=$Gs}Z;@x!5#A?aiFW~CBg~@i_P#^lLA>_9{jv4A+ z4ccmMp;j{aG1Q?5`(bo+7PcOC(d27&6@L?4w$}i_nbs@u;dEZtsPrXst%GxT`=t@S z#G=!=>SYd(;xrk$$ENB4WciRxu)Z1q0CxLQMd1?bI15~2&gg7}TvuNYz807#3m+wP zY?B1!TS(s$zhK$}2!prS<+`PuSd*FQs#Wf>Re;{iyte+PU&Dq8UI3@5`TfYp-G8$_ z0UcwkSATZUh)w1Jt;ZF!xq~m~T}O2lf%1T~6mVH14R{HB2>KAj&6p?Ed&{=K++%#+ z)axz%SsB|{HC8-a<@T=%+pE-y6@D1VScu<5_~UV-2LKZ1sGKp&Ww(fOSl!P|NFtWR zjN#X&WZZL51g7UwSWIS5JsOKR=r>@d%<-g`y18Rlam<+d;G97e zo1#cZqg44Cmq0kcxKch5*=>Tmuo29Zt@NKuLIv*S0XMZn{dA?R$ zYOkc7mBbRV??2pBS?B)OdjK}D0<&EkqnxZxtphfJ-;5lV7%s-az{obj3xiPjR-kGO zQ#R?4e)(b^5vvV73X}8 z1MNl(hv_fqnVrp)!Ax>EfqiB&!<$S zy`M6%^%FC6sdOghAGA?*{O}qJG`yxFk}o#RN9|lQAN?>jwZ`pg<-Zod&v~^$&pZr| z>)}+~hRHT7so&fC?SI&!-HyW08(Hw1kMgZ}UjxCOIShX~#XsftGY3LG{DLd6zn8zy z@nhH4$BN}rEK#HmKK*xhZ`$6tk)(@$pI;$jJZhkrqNK8W&J1V>*K6BuZ{1aH+fA|k zVB;cjkw~hlWRd5$-*_W(!$R3TbMABJIX&YN2qY4@M#lOE)_)+s7+`161?&BlUC8PK z+AU&mf3__(dZB{VZYCd~N2aFtqg1!fY-sv`m|`)R;qpiMuh zBgICHxkD*RCV%xIkBigOze#cEsA&yP!vaBH^20_otbO)Hl`0H_{WYR zPcwb2@b37t^*(W{SkSVB;DzzqTBB}_zUV$2$7;rL*ABE{ z8hcmyVNCY6F*YRnd=E=66ifV#s}#~4#x2g%u)>Xd;T+7PHrvAr~bDt0_VnlWmnN(Kn^3O8_i1hep~nZ%C1vW zbN`a-?tceoK@6Qdt*$n?F=0pA=OAI~!hD)r_G+30aEtNppM8L^pg=qQa7)ba;=n8Q z5T)&9)9d;2fw$n%lDV{_=I5A9dXNSJ@5Bo_PJ#Qnps|53@iEhv+9tjE>1l6^Vyp$G6^wT|pO3mVdT)Ib0`qG)k)lJA`KR$@S@JttSV& z_30z)WHe3hy~94fA7JG9daS0Wr`zc1Hn|@?5FrflhvTzul3U`A+1X>2+<>qp$=lP@ z8#*D>vUcO;SS`TD-g}NQqt)2Xp0oUC2%z^^TsN_WMgJ z&VLf&6Izjs-qN%!$3ux3usq3@9)t3G+VoFOj&3wJ zDO^Z{7G8tUg(aP2(yMwH!}2VtXiQmAvivuAkX(>Za9$#g>CkcVc@E#;MwwgM@?@1z z_z6QoHyYxDca9Uy)TT+|wxt5$w5{hkHGe&237|6a(Ix!DN14hL5w(1*{BJcpcf+hH zkN9TW%y+YALFI_CwoJalAu*aV&r!lyTi_4hIYeE@8mc2|g{KwRGZ~xsX|>+P^Db2@ zjK&f&J!^YpI0FHOquvKl7VA|tO-dtZS86l{8Eg0;Aij}=sVSlunNygdJ30PLqJMg4 z;G6BvLuM&d37HkubHo7OI_j&oMb{iW+y5-6+EY~OO zbphiI*VJ@ZdbeD}cz^~ppUHjeMSo6wUj1`$=E%fl-?5Mxj!z>!HdT^MCzHsjBx$I2 z*`^kP?)wO?i%b-x?i%}YRffc{mV7949n*85%Bg@%OhQp@WBGApQ8hZhUfq#)8sek@< zVG`lAt)`Q={+)g@IoeNrrw$AtspZZ@ap*_JUUg9Bs=IBz%ai}hR=~rdT!p$56~b9- zRsJqHo}*07V*2pkyMkS%4PAk@_H-HW*EyDVR%KFV3x^=7qWipXCKU{~RvI|_@R z(0_B9JZ~ej+`L=)L9r)yJAb6NS=F&`(ic#JtDly=aQ{$zH0T2}vJnIg^G;J$XFv_s z9{n?eL}Z@HW8<->ksRe`mnc)+H%mAPW`r2QqMyeFmn7-DU7Hs%Gt4E~-G4;P0w)-jR9;^rZ8TvW?u6~@?xR*X zmbsWBM$Qam)T7V+L~Nz~;(mWaKZ&x_16+j_?)`Qvrb-(?h=2b)@^zS~3LXAz$9Sfn z$FtPwzM}Y7nyh(bNB`i38|LN+5E4nt(+?B~f?;u$4|9a4_BrlTRP@f}#n!aV>rojw z9iJN@2N9+7)TNM5h+%){tW~+3JWd`5PdstjbB_4c;$7~UeXVsS({D5c_NlalS0&`8 z2`|WLyW)3>Ysby%BjT{V5YQIOc@Nkf=av~1ZHcX~RrGVcs(R8J2M8913i{fH_c zqTDFH*KUjF^17?}mpU=4HWpUt)Zx?2AQYo&tP6G=?J<;*?u!q32c@K$HX+`_>Z%-; zv}8m&V0aZzdvEJ`llw{@Qy0V_q6;&sa_*MmO(OBlxqn4>;W%UwgFq{aaKiQA_te-{ z)D626Nc4mUpJJQv)@y<%E|s)nA*@kdWkO|WRN#EttK?pVdng~(9Emjztm%moR(#Mu z@Nd<9xq}6S1`*M>F9J1lJ`vQPc*c_7eS*-J-UN}mcQK9Bom!I2jOx`UDNN(^dr1c7+5^GO>XK7;TD4Bf@st&kLYH! zqASRj_xfrPaae%)veVqKbwUb2{R|c7vGo-*`Q|NviZK z8s9|}FL8?`J_PxUZqULh{-AlXLpR)Ew$g8mIe%@fO#M;3p{Y!D3#K$s^C&jq8T7N} zy8W(B92FmQK1@bAFvg=1>+3@AQzOB3dl4K16P%-Rk1;LSHyEFi{Cqhw*T7H6PA3`a`|1 zbAR2}h#EjmB^tD(12+=&*pn_VhoV)J-Xw4Pi3l7!T9`G&sQrF$soo_IW=~>X zZUwYUTn(nt@Sd*Tot|odtwr)Mx*yYBnlq*gr>BePX=wuu*EG~i*m9vs4zclOh<^{0 z;US73Yz)5fHhB{r3RZt6&`2*3aCLU3Ch+~x#hDV_^^>fJ!4LL0WPM;1Pk&6gSuz#(Dr#dVudRI)7{25qkJIi^2gP=N^z$%Jej4~e<0kx&#Hhy6J*Rm^JJH)Y6zaAki{!ROF2UJpta+IS|2h^@_<@ugTTsxlTCy}rT~ ziF34=))8@e?0^LPrspFtsg{HC-ExS0>1e(nGEO<#y_G{R9#q@4C+YQQy+Ywy^LRWG z@^bl%18H|uV~4A@W!&oy_)u&nfB08%zYkRKuc9b&I=Y622<0KE?tk~Ux#)}btQ(zG z^XY82e>*RCvp{ugc8CaxLs#7N+){xxq1N?HbYi@eC?@Co)$(cX>>4Y^&N&3Y>rCCj zoOeRNK!w3?^jnJBj_Ws%^^+KGQOxy@E9Tr-n9wtJOgc7k8X>IFEa#T4TlVKxn*^(? zH3LxHKvSDGMjVd4$A5h2O3#O`^nK_eHO&uj3taM^PqvI3dACWn&U;GV8WHy+IFxrA zs|{M}vy95SLyhh-H0;*+p)mr~Pv3k^n}BZeCEcgoTpb|8h?0wetmhh2cX0odOR5YBmURx(e*%$U%Yqj6n`0S&A1X7sv%P4)~>P~ z02Hj|Fan0z*!~S%oPt9J+$s)y4CO6v(2jcQY`lB94WPvhd}IAqZI!|-8;CYwjJi9P ziFoeI)ajK*v!s*gD!GtW985(=z%yV3^h`T+5(n{WO#}_Oqg2w7K6 zZ(Vk2NlEUHNq;b{7om^qPUKyks7FdO+OLO98$PkmUYGM0+g=$%40=s{K6(@2e0t1~ zH(`ho1f_@E)1b4yl~~J4Yr%MRxd;OQp)m}zQ_X0_p#PE#0ag~ud%BRM(TM8mGBtY+ zt~&*vM27w1!sb_6`_*SZzBmIopmqc67~RI#-fC!M=6|w!mk}dRc3N4Ueeoh{Wj;bnaJCa};!N$w5@ivdu?3VmOJ*ysF(Y0vpMiY&#WhGgBTuw?(9VtcS{u_i7ieXHii~Px zSVLP!slE^?M0&+;aE0PKLvKb74CDFOjN2`MeSe}#j=*$0;1lZ#<^cXFJaCkEc91+^ z?&OkpEu;t=wCN+ACy%POy^@T7A1p^>M=GqnW-689^^Zky6DYCEwWf zT+-=pUG6j6Dx%hnR@zHdYgT5ifOcpROT$c)uEX#n&nkp{L&EFplQ zZGZIhht+Pr*mH2{x%wn|VxKK4!3Hkz+SuY6He@z%(QB|#4IOYboT0nVBo=VN2^lT5 zp#M}pWQGM0E+inV@&m$_VHMF}Gd%ZYQh!s6ycG~WDtyD5GSpU#-3=cpXO$d{J1pZ( zaF49V_Txfhg?fr_2AlK_GkDr`on=ciGk=_cL7!#*Dm{Kom7T|wU~5ue{bP!xrNw$% z`6&1G?&^>!AI~0^H8o8v=_Y=5Gwe0Dt#7 zZcNhzg;S1cfZ@^%ormT))-xXK(sVq^g^x<0=bj{?FyagV2yr#%C171tR+f#~Ji_dl zzSZ(W5Sb;>m!~gcz*Va5<7Qq7ze0K*8ieFVT7tOo+pJk=MSZx_Poemtxp~PCdSR99YC7vAb&6akkfHSnzD8EatRwI0&YD6W@O)B8hFg#yX#eW z6beP`_!dT@=6)L;glZlu+jKM5bVsCv~|8@6bfkje6nGvmsB6VtACvrv1e`x zWUu9JW3wHJ%4R-ZAc8w;+ZyKx+=1;~&-CLZRLPyN5%7@L{N(=_v3;{(UaCdIN;Y&_ zF_dkqK3fB2clZhW3v)S5QBdk*r>TP$mspuM)rQ@abPb-w6B$PTv*i5xRsVddK2M%J z2ZcYmef>Fl{A5+%R%V~%NqDG&crzax7WmRv-#!5)xVGf6;2h)YPsG#o}Mn~V1?@stb~9E$02L{ zHdIcJhJYH^px|)tA5DzqY=MJh0p6Sa7di59x4!#s^?A0~5(^BM7k_=eaY7QRD4eHr zE4|-@bE9r1;W9B zwYsF8A#3LJ^cF6joLyyRj_H{FOijZbn}PTZ1ey>74qtQQZi{Z2le|zfSW1W|iDou{6AExZR99DMaRmz&Uro-= zpg5J*G&w-aQTWQ78FM?mPy~F~Vk&*KvvZN43tZ#VNpdGB?#x>p`71-kX~@O%p7?oFqA@Msils_lC521@O6 zy`n!JF#_mVQJn~RfXZ8!ErYSbi;R(}f=Nc?`#0XZVNYLvZ?)ddCyxOR(e)Hz(2aM^ zYhw&*0JIlAVSmfyX}imIT|-t7`CGir9=9FOssXy?ZO8$d8@5JuH}el%150U(Inr)M z(}U^jCNtXDI8Ex(HH00+auP>bjez|+4qKm{0*tORN7zv3YjX8LKwi#?#-{c%jHJ`W zKu?(NG=5_uz@y91vnYe);LcGJi0AALipf#!G0xl=19g@TJYdKUOBvQ=3NZjD4PW@9 zTqHy@^3ml#vN6492m{@D$-hAuNC@Wv@i-Z`raFhJO3S!=$JWbJyUY$}xH2};~%PtA(8_i0J6xt{IrSC=fL&)NT1 zPN52se6^pqwVzhi4J|`sEO5&WhyTm$Ahh8YX@AdT15Mi-2qoYt#vQPDcg>!l4mI^Q zhh{Cm;IxjSQA;}Z$xF1#VFP9$NE>; z1B&>jRb0c@^e)og*_rod%!$glddV01ILOy@tsB3scCY8lYW=Va^-D1K=@%Gxw}(nk zPk(EbUR}_s`bBN@9@Pk;g*;TmZB3_@21|gV5$eFk-7w(V0;mk=;d(N$cOc~ZQvR2; zs~_8Fo#CSf=xrc&e)`=vI`Zr5byfoC>nm6WRMuTw@H)9j6jPmLRRi?oHu0fW%(B&# z4&Sd(Ril)yB=WqozM@u#?Pl-y@ufJ;rnAp~K^P~2y=SI9;)*Ehd_j_zYs2&;dMkzDm0??G` zbaq8zEb1&k+nBJ&CR~_?q^IFn{RM zjwEQ`LmC^slH}&;MXvTEW=w9vuji5!EcW?=-29& zSpEgQ@-fcEZ($YxI(ww=LylXvm=|$c9u_t0h!6V;5)rU3k_7DS9)VO7=JZ0BXNoG1 zK9F|@#dgb}Gr^tqaf!2>h{waO8h_^N4Pv=2hU{iSf5q#BE=V|~e=)}K*?-di?%o0R z!bcY@qXyWZvbdn~-Cx)1B@NJ@(fDRlh^0XKoLEL~xTGU+zM>D>2Hnx}g+~AK?wxKN zu25xs85|$-EP0=;-bB-AA^eCJ!8L@1*QVqWPIfhf@sb^UT6|{rzz%hK(tji&nTY{l zKa)(J(Np6FR03GG8YVVl?TTKpc}MBX!$C8Oyk@hasP1;3X1lBdOBPBiJQ{f+bb{&7 z0F6Q_ThGK|5ydYhM=9(x1rkrO2~(dqop>1*`Ih&}H`<>2B*xqq*N6S}$Xt(M$^AAt z4@V!J{T+Fn-HGy@=kDQ5L4QrCb(KW9(P2zWbIHA0F7)a)6fW zzKValk=PGbEVG01y$eJ1Qf|WQj|YH(zF{33)Uuk2u*3n0YqWujxqm2-f3YSb`<=hI zbRcYKaw`n_eG|-1>@9oxU{P`?ht2eHL#*jiQVhfyagy^CksLApIXz{!javXO+;Xf1 zLa1)XJPy%*Z_S`(hwaHaUEUINW2#MbY`e=87te^Br8=n){!qE6L;NJ2kFg=vcZk?& zB^k{-lZ)8w1>|ETbY{Z-o~?HyBq*M$i5FA!*P1g`$Mlvu62eX?$%fvP&LHcI z?Cg(Yd&wbK2-{&-1<^mJxDn$Y=_>?%lbJV%63L)YX{N zGyDBh;t)Xv@HqDp^+kTnl9%H_qj8UN}&&%lF`=ai*{;eF%7d;$zzRlk42RO#&5sK8JFWpisr(z zP`5IRJb#?@uKBLpvD=?;FS!=VdN7OO{-JuPS}U&R)SDqKJV*IW-T^6#UxA9%3@2mO zz*x~MC55L+DxcQM)SPyZ9Nr?&6L-!b2ez|i)oxex#96n{2rX(Y2V6?N?|e*Hvt`4Q z(E={^#d>|awfH)JLQPW9*ij1U~K)V^!PI}o} zHS}dO;aD~GM}?$_Y0{UjsguUPG)CN(w+)MQNW_a#RoMTkxsg6BQZwO(MA(OI6kNFGAqq{p2}B&HN2D&wX^R^H8bR$tZZez6(_FSBUrY_v7_$w_ei4*U+Mj)epzg^%DJoD+o+qv_h7U z;04#7<##|L^*n#I2E;MDYy2${Ms&MvD9w!_UPt?Pg^kk+WanOcG&!4e^i)B-hJUy; z1D9At<}+OTOclg;DVXc&3l=f1#*CwadJ^ms0k>1mO?<Y zzyRb8MuaXnWr23CwE^%s!+!x7AT48K1Hhe`GLIs+2C6iRZ&K5aD4wS|1C7EcFgd6n zMGiOEBzs0HK|)Yx>OZc}(0L`)QGex9VIP<|{d|*6xrC0f@Ir)6PCi`BSGVU^A95Vm z)raT$uZfB}&;D?gaat1o@Cm!E{=qc;4+t*0r3H{d^Yi0uP8`@BiTqln<3$o#;pKL) zgSsr~9mxw5>_nSpR@Lobwp%VsC1Rut$?0*gQj{ks6 zwg!(L(8~pibFdFBsKJ^zN**XBut7S@G<7^s7FY@^vS?&@p|6`8QpT26wc-EJWQDzY zMhYX26n|66<@#Y;?eEs} z6>W&Ub~L8$K16#S`g6`-Oa*n%B;z{&OM56^JZzv{)3YA&cH%Eub!vrVx4CT2=Pt--5LO{Ls(J^fuB|PYU2b2 zrlcFBl9^ev-8?CX_=2w?-RWm#QCjGNElxwq@SQ8nUPH344f;1(-9&nJLIBDDtsO3w~@PANpE8%Ps zENKzF^xOf10PYG69nXy8;B|grKxc~M;5xbIB*E$~;q1CnnSa(64NMGiq}B|CV4BE* zm)T;p9>d9$DuF7H_v(~3AWoO~W{{KU&Fbj=eyxtayKp+fCkBC9t2GS~*KsfUl2Yl3 zjOo;;sfuOdl$p}FswWy}ulOUumZE;Hh&~Z%$3~T8BB7D@L=i zz58VSK+E?+-G6`yVG%hQlIIiK6`Gd18@5HN-xtz zeWfqzD}9yRa%o0$nsL&B2CVz_^&krRX4%m%qQQd~*N{Y@FbQ!5pm$>FC&{YbJvdTM zlNHHV3JJgg12P?$4YS{~Y=kN1`?3aRz|}Tc^6avY*v(MNd7)Loix+{|8G7zMZw0el zCh+m}-+yVWpR+Ssg|a42PtBE8W&pyC+Ou+Mzy&oe+ms~xpt!jHO3I!9O#TK0YYnk8drhMOP+CXpW7U+lUdsl4>sqA`0l?0z{22L>;5rZ0Vf{WK>6J9E3J( zlW!K(8^Kn%uvQT>A_sP@XJ)qUB53!(Wd1JnqDyMAC2b$n8#mz+U|*keVW;KjZErLC z^ywf-lN_;}xeX$Fm@B4Pph^5xw|^ZI;r*0mX+^AT$)}n9oMyMSekpYWPTj8i39$va zUiaCtb^nwNiiZt0k8apRUm>#!!8nDj1&ib$pR?Y%Gh)+-F ze(*MpyI^UBI{XjmBlGV7YwJPTpt(~2Zx+>QAf{dJYF`VfL zD?p%3#_Z|sqiHB>AgRQlihn;~89WgxUD8>`Ez*I>bFc;)@kBq;83N}vLm*tg?w>5#pbZNXk z^phxdj}QsraZ3|Wm9j1$hr)h=7!oxCB21USaUEbyFR zl$k~7q1@Ey<^kj61pj#6#2@)`VLIxsk@{_tiOWP zZ3pEoCDSgUA}8{PhHWvYVfjh_{rP0FSugdJo`^5!Px|lACx1jHtDpGapHH^Mrm9vy z>Aydp?AH3N-|n980g`K~M!O{+c;6m2#(+O!hgn1qAG4HGBBD+89hbgcp(|rK*=v@m)GSfa`e8Wf8UQkpnqS+7qXc2 z=^Q`74IP<%M10^}jgqb8sU^f(*BuH{&ug;|QS-hd~XK=}%@;yOX-&sHG0vOBbSbXkFUVj|B@Rr)VM}n(0HBn3W!-A|S zP#>t*;Nghvqt+n9!2ee0yq;ziWC1h@c}1so^{|p@^0}6Jz?Or@5$**#L-1YmRkkpe zoyMJke4UL{_C2`QsqK9Eu&6~rYE_<#vDcbf?-YX52x}`cHQ&C{HE>3U+ENFjzXK%0I#HQ8giK5&Ve-5X2C!-u_&tf z9KO*W-^3z8+FKs6X+Mbf|NVvuKJp zXw}DCs2T#$Khu(S&s@dTHiP^*fUlRq`1j2_cs_ac=ZqxCgv?W#-*T3Wi{X@TE9`R|^ zgf(esD#poE?I6pQQG3y)2s^E~-NGS3Huwm3S+~Nw=E}kzL~-%u@tu%NG70TwF|krS zaa~s1&>cQ*Tr=R^i9kqoI}nq*HjN`yWPiP<`g!ui2DIOEDATF93?f9CFex(i!ShQB z@EJV#MJfin&dJctjX*VrEw>yNAjsV3a?1b+{c*Q-IxHyR(HfH@zVMuu3l-FQ&R)lU zTWx{vhGpjVFS*%Q>@|6$b^)V=Z{IOKp;@6bY&4%}q#7^H8f%oa?%kQO4X+RerhfyC z7geS)GL1#&zcIbqVk2ejkVUe_#F^vx8k6V8*Vs=YpL6qVI<+(myV<_|K45R1+Rf(l zN<;5-LQiSH;1?4W>Q79d9dra!v(BfP_a$w!H1L<3hwV<+R5G~$S3s!0bt>G}Cg}QL zyO!n*cYf&7ea6kasb4EOxiud5+isU|wd{WyLKSp3u)ZmWdUjmi;KR))-`Z!k zK=-$LjWr8RsK><0&)3Ex^ZWp`mcF-RTkW(v_6RZe2EgO@B#`a7ChE1xh;JgKxK(U# zrrv4rJVm!s%(HvAbC2qwq2cJ z>~e^hBv*L_2=z`e#%qda(MBZJ5-T#(G~kWT!6I;I6LS~ z#Klf}x#IK(h036zu3Ff*+Q2HBB%puDgk=H%QCnlIAHbcVBRa5T?=VwV|MVIJwJck8 zsM_2@3iQevYO;siU1{8{vJ+$@6pV-rJ`-c=3g4rG zV}lNAz3LL}xU_rDuPYFD;AN z4+cTsdlb7z%9$zX(io7G7)!brADcb=Wkuhus9#8@R9{n?BhC|XFgX_OT3aLxHN!?J zx}E>V4EeM%vs2X4MYW(ykJV?CCzvKS#CX+dn3B$b8XXAZ(l2yX$W*~lejm=H%-!)+ z*@)6TJGy7jI=UBi&s?2~$XI`LqQ+w+IpIX|4nvsLPk9n#dA`|ao87!vRQqf@rz1Oi zpc8MOm-9VIqHnV8p2Lap&w?o39(tAeV!NNrr$xqDhjIC^srHlg8ZNYwk#|3vl4y3f zUuK)z{j$P?RrY32rwtr)O;pc*Tk%lrw+~Ay`M8IYV*iGku_neMPtJc&ZvFyr+v~EQ z1Yyc_Xiq<);C!m4dEz^ud`QoOewFuwXmowOJ--?UBy!MT&ZwS$TyOj5YED;FtOsY{ zeGYHm#hyc3_p{A@zMSsGZ5ZD6XmhqF79?9nArRr?abE!9qwDjl^XXjOaAo?*xw^$q zcJM!+s|9}SPyaQ&e%pT^o~xyNH{KST`Q2{M;1B$jh{~?$p=MeEN1w){e3DRhf)9l@oX}yvo8OVV^ap=)^#^2;`S4txUj<`D zw1^Hgd22GS79}0?QpWunD~!05S!Q?gm@mePhgcp7&5@_(8hH_DK}i7#;Na)_k{)m3 z(M$VGWcA9SV3*>; z^pCG)BlB~NHor0BpQR&L4|&5>l>mLzoDZFmD*#+cyC3Pal~HUfU>IwIxBU@pTKsbJ zwtZ3S2_$D3^E?SdJNl5f#Lf?OZaHF0_@F{QK%k3wvNC^ov~*$&=@veBqNvNvzZt^m zq8*9jg6!@=_2xj}(73zVSaC8oJ9clF)cc3 z_-udnCR>ounY&>KcRx z<5W9!VHQK1Nn^&FM9}zWh@)ww*{#d@g+dvOz(IeoLpULB9fRcQpfs*XR_)OT@3tfd_ek#V5_98-yw3bqieH?A99W+wrI;w^7f%Uh+Y^;!> z<}H8yfJSkbbOCQ(d9*-utJ3f~nL&dZR3^6petz&CC;Z~>@)dvYjW%lXU+(FhX5^`- zwqBvmT=CXiX3d9j=rxi^xQWW*-_koj+%KsoPK#=2C5yH+<^jrxTX^zpBru}`c@rSO z36gz`Gg9=XI#FQoVbJ$Mt*(f8!T?YU(~Ez@U43#~eC5t8IiaF-V*1n=`n|BZ+M6+w zlA6TN4suz)(P(|7clrZzf)cgB$sMtyqo!>j08^rE{r)s6IkWu7oTrm-!nc+aXK*dE zWX4&hGf43zUrsvfni2{5$koDPKGVI4CDGC%WwseW;avXHUvbv<=BKC3XV^0M>@0t& zB%AQ$pz;SAH6smmNaTi=+jXFB5FX%Sx!2&TayZ%(w{VYsT-|fRStNHQntxAc_kPa~ zAW>(u_autUL4T(l#!5PxjN^%eOkC*oL&cwX5ZCqi)ovD!)@^vB54efM>lSjPf zb?j4eH@es9lo>qc?2?zc0gaykkDirr9xa_TXsMwv_2oT@ylp<^-93YwJq~a8`Pr!A z49jMYjYTMkZ04hhb6FJ{uoi!yj#UTrlG*z%r@{rF0|q_rCei3pYS9d&CJNEeSv$D_ zAP5m-C19MG=c~mCNCMmvS#ue*=>}jO%;Fe6EV8;YduK%pFm33wpaPET+zYxgwcHD8 zcBV%BQVRp`h3^|-s%&yOEK9ZShVv-KYcjBQz&q5{yCd0V{w6xOjwgT4vn7>8pIlPA zt}whvXdpX711RIt6}19ln%f}bG=q{6uZdKHltWzc5&ySAxn6#gt>$-~IT|dNZVfCN zsQI!8HHpv?FT>18vqK2gCwu{AJjnF*41YBF&h)HlWNIo&|I-I{uf)@GJrR3 zG(T?@u-RmH)Q9o^i;sWS^06JF&OqF{u$ZMw=ZNjrH&i1|j4Z9%As0rjsPSzM%#Vm@ z!CnUYgSw=j=&u>zs z93#>6YH0L_>4#1$p zk|tJGBoosh>#B6Z6|Lk&4a;mLUUTbYadt^U7K20G*VBKh+_8{(zuzyA{i|hCzT-$- z2hMYPy3)(Qqg@LIJXsEE zlBTBbE#8FIpiZ(0d=yVMk;t+Rp#oqk!U<#TPj#L(n*X`SF~7?>h}KYt#nsL5hJ(y# z#OVZC8_<7Erb~#nXU~HP2&YIWQ_)?!BY}~H%qSpAzf?Ee-H8_Srz7*Zv&&{DrHxbd zm?LKNVmPtwnW8Ggzn4D$-g90PHMMB%I77xO^aVjvaI>hW$Pb$ZM;YsDc?iDP)e_=U zbXdbB#FM=6(-H$gqcF7Rp6MhahZBh?ubmp=^u>R!GD09;uj4?j0>i7}mc9&>&ppK2 z4a?m9h}o8axtGAu668hYtX8jdBi{# z2z#Z3Qz&!k2oDjUtv5ALwK!jAjVtI(toKQ-KFw=6^*+l(U-3pQYZ;y+LvdfP=^;!1 z>^*-=-_%YIpRAW8npWj2omrqf{xqyukw9{c0qhq9K-~5~04-FVjsXC?mD5gt?pYEZ zY14j+#5mS4&N;$969u*g8kFc+JozL~=s!A4!{9^7%Xq^7N}7P=4;Ozp;p6~(CAkZ5 zc}{1YHw<|*{E9(`K0$izdOpYfzIM}W#>jtVG0z8YH*`ja8a0g7LazCre5sv1dnan`NG3PX6h%6u--4tUDp=HuxikBun1!HL`zJ zv@=vV?AL>VUi%X~4y2Li>WjK_#y`TK|EeEEVcNTU7mc#BU;k~~e@{DTe3`4Sa`k7t z9?~4`H<+(|&Y+-sOc#LEm@3rBK^lIU*HYeCu!Opu(gV;S;eo@Io-5M)4AD3N+HAML zJUUSOTL7GOMN}pO?RE+glrObfzDR$W2!F5LliA)u{n_u4dnQxQxkH!pmEAFZ&CJ({r6|V8*UK|fnow66C{5lqfwnP z;EX?-y+1dH6YEt%MjloYaz!7c5#=aWeu(@Da+%aS!1tg`=4Zi#=J*xKXN+>42A9<` zh%wx=!QK2_#lg4z02@}nQ2I4@jx@1E*~4xf_)chF*Srg!XdO01o+8OYn`Wj*XNdK7 z;}2-{Bl8V-+a>`|^5}?z=AnOe2Gug*vIXkc3Gja$;}urR?n5inCl(xE^}z#JL`(1| zi*>e(G2Fv7iOKWbV?6jHa7Fd6B)Fj8oL*kvL3G7-`#IiAdcDH_Q06cJLO9%Vh-xq9 zcS+!#20;rNwEGnXHU*M3%TBzo>h-W#-SsZLNY7vKIh06-8FvHhG~a*uX8r5Ot(!mc z(P!^FfcslTD{C>wtb8#q%WCxb~2>=A5CSm;W}@ ze{_ey-n5yX4{*0R1_6JpgPgpYlNYwmZbsY=F8>WjYIyu;7pNWN511qYeF)3_`Qp+h zE=zC9$v97b7c-{jjgkHz#A99rwslLlS(163fxHOpYSDKt`GiV(obZE*UD!2#bAPzK z4+t8V<2>h46ZhFTV{Yib5+^{(7dyGqUYXi)bbgf9?@GW!Lfn69jQBGnV#kipX;&}~49TPE zXfihJ5X^|~l5vcNNVy@0ccznr_-}iqQIVCnbuu>M-yEV~Xz|A@vfuHnD@E#1_o z;Pv(e+?(ZLbgqBCW6mEP-}6L~kZ@Lvs%#t$;933s5m93BA~F)hUz$abb|6Z0NnPl# zdGch*MBwPeoB4L0&lfnpgBhPufig22@U{pJ>J`0Ae9o@gyh0~v`mxr*qWvhOHTZzj z9KFtyQ6Q%wefB&0kIqZ_cexG5?$r3f`2*_gYDRX^sa1ajz2>7`cmd+`1Cb7`Q|}u@ zrc0a1@q1N6SJ!+JNm#VJ{_B* z2=;FP)_EGg^`f*283D!em$^btF?xge2diTdH1Nh2i4-#!jR&WvKQJ`kb6-`T=V9sM z<09mAtrCB{r$Rb_{qOcF4==Y-OO+N{%T#(QCMXg`dwX$wNOJEhtqueocRNNPPxUYb zvDD=hb)FyVk9i$2<9ltL$(`p_`c1ZDK`gvbC6S#oWE#7OqJCHkaxanTD9&A-KjnU0 znpqi>q+rC#G!Sx#EMRh&1X21y95B%rf#s4DR$qS%KVX2ghZa2I|*nNqDX3s@dJ_wOajb&1T@I zZbW}>%o0i_{)lD1$|cU~r^qBRf~v=*(>ii|R4pZnEfT;&F=6@b;tDy&H4Dtdr%Jw( zMooWcS6p0qPnkV3WZsv0D{F$Oh9$W5&})z3)R88!ViU2eph`Rz0BFfJ^<>pIiw(Mq zuB8QoQ^dlq?*+QuY7{RcebuE`OJR)|%Y6-WVXG(BsWgMjAO_09K~cTmJ}h%O>z@ib zB9<$LBIM)-^Tpyj{Vn`lRPX+@S-&;cuULPHDp?Thxj?^=8}-3u&k25Xfjzu5{(#E@R+=e zUQ|R9``&6by9&BA5(8GeIs!?_(PQg?rc>rokI}>UHCakB4n;pxUI)F1mbSt6$&#Dao8&ogEm~4L=V*(OgFbw&QqmoM;Sd1*j@0-l9H!zU%qB;gp z)j8WX;NrLES+9!UGu!pKMS@W?r57-ky44`*M>XAo|1=$pn`O4p^UB=LtDFnH%9-*6 z+U2}R!x|Bq=%CXJai6A{qERgXEQtW}m?LOvp#mJxCgr>Plp(V_5&SCRZ-2aN97pRPw4M{Pye315SVX*vEa(8a5Dg1T23!r(<@hk)^w(W-z^E#+4RrCZn9Bkg?tJ_$5cJ>B_|Lat?7i z^=wdz{Wr`ZdVmvM%kS!nq1R@_PPHlA-?Xpt>JOy zXO-1?W%1!qdne-q=DLX(@Pm9LUCLkcp7|-Sa#Btw?f<T47kD;ihl4O z+qX=<1=d0QE0f#+yJef5@gaUI7X`zFN+qi@DdqBk+QFcyKHpP}Q^>C1dWh3_*tGrW zq;Ge!>}?|*#xj2n0N}OqzuJl1f5$=k+vf+hd05rvU#sYU>tk|fO`T8tu^5yO8-}%m z!#QoZ%)KU02v$&(F!Z=8ShdP16j#%T2@lPQ6FBYqoo zigrQq?wOLQkvPIkXZGUzI4A**DJD;F)oD(ANnHO-^Ymv&tam(|w*J-~B)+V-F6?NY z#|`WE>P)Y`8972(Yd&PKxBZN_RkPJBpuIiViP7_Cfs>Pt+prfi2vY;dj$7=Ddwiqj zg5LFU1Mq*yG~@|Kced$rHO***L0vkY4gPq>TB%}9Q}==|zyC5if5|mZ-X*O?r|e8X zn~f#(Uao$jqoj}&eM0#6pviksVr1sai-u}AjkR`o9~n)u_@g*=azXXE47pTEStO%* zF;-QPJOwX;cytU5#)PSWaJ#(NLNDoHEsS1HI|P4>-XAyUW#;H59o3CTqNeMyoYRK_ z)KnQ&SJ#5ncOAa~D9-_Fq(gf`4hPtVTgE}J{MO%(bN=}-52d<#iM<*-1eVLCt{ zcc*{Teog+4`}i0BYGcpka8kGfpO*6L`4Xt1{sH}-K@=jc>AgJBP`6GCH!bQ3nxC|3 zl-4PtHaNMZXfKJItAhs7y@Wr zGiHV1&b*+tB&-S+jYs3iWG$dOwBp8CG0=afnj{aysm?n=6N~|zjD`9a;H<2Q&imlJ zXt9H}_*m_{p;qAitkDB@3IcvT4rt7_t6Vin8bDx5!KKb@oWRiu12?9kj9Q^{01Q zY>n@nv8E=#aSW2_8fQMULt%|o?z@S|Nv3zrSx?vg72~4F%3Ma~yh$q`4L(^PGQ~ryB`T zf7+yGB4`{ooQQ5SkULS_wapb0tU&u_iY2}KNZqG!NH=oOYEZ)A+=p1hQzI6s_H$tb zTUh`tX))P`Pu7tyP_CibJ9sm>j;09_)%z4<8DEeDv?79wCo~5kZbBi-y!1Uonc(0t zcl2M+8bkEOY;F9)c~Ap6xv762BSKCc)=DOH*;kwv%mK)1LM9pIMDU52TR3g3JWQY` zpe>|x!!xq|#AIVcfrdV{6a}hiGFXR-qkgI*pP}ir@0MfN%t<7zMWzdr+=irkx~lXF zM1zyc_4~GcjPSWs7AF1&C%~uGq}ptdQ=nrr>z2%!t2l5{&YH7%6`6m0$U}2B=E-|R zU2*u64Ch%gZ)D!U2J~;NY;`7V*SWg`o@0_+o|SCRo+meh9XK=>eWw*2=Kg3phW}>h zpetsyp?34hBVspb1V%SB-$E}MI0i&f4g41scexkWA`42tk1y6F6XogB*{{y z^Y!>hI@D+q=Dd5o3-y1bW6?ijHXA7)kRQ*W8f%B)d9{smd-FRH2;)N8p^5F_nem7V zJ2Xmq90NMb@vgOuo5o|4Ve|u$5bQYGk=I~b#1k>Tz4t-G zPa{M!Pa9JeGcBxY(4mr#t9N1J2<3i4!Wfk!!yR; zqP>6H+3%>%m6e5M%WjB!Ht#s@%(P0vt8Ue-Kw`UEsGRu>s|1i5+5I#bUHKJ~i{Nd% z3GMQkE3?+J)qF`D0dqOAu7Q6XIPtLoV>I6~zayd5`Yx_br;GLS4tqEnOtSgHl)$y! z@A{tn0&vDh)ChlGa1K7|7MV^kQ7v@M+7M)bFhXX*L^$CXF{MuNI&4NsWrGH=l^}VM z@WzC#;P}#!{!NUaWLwQ8D!(&1Q=XQEEl9F|si6`wtrDk2P?g=T=g7U$22)M_jZYOm znGucQjsol{F-du2K$5xJzL}D36-&`vC#U?}?IF5UE-t=0UX`krr!0)l|qhId*1=mXprI32nzaw&2JI`D8EHoAn9pQB44E*7UeGe z!=lz_ekX#Vh5kBK7%Jnc;o?(P!s@fIqwgd3^-x!^Pcq`~*S`VxtKtjm+oZ5&j0}n8V^;!I>WVn8(wl6NT)wYdX}_nx5YY&K$&+oh`%)JU?U2+fiA=3%wOpz?Vs$iJF#2FOiztl zfhIj;1ejc(3f@8CdDwWzm8Wcmf^}GQ_s5jcxJm8BA-37!GvRIYCC`DQSY+ER^fBLsaS zN4uTVTjvImVpo1^`IP782zFToRUPeP@=Ozbz zT3P5*dQj1{W2k$*)`&<(CR0KcHs3T3GOqGdd!w=sY4}<-8BD*dv1GV)0h>Re+NDAg z%$GH~Cgt$HpuEz6w(4TcWTk(z;GjOf`kN`AShQFZ1imPe^Xtv|bXa4ksYsVOot`Z{F@kMjo?8Tl;(Fo)3R)Zf*9eQf6vR zW^I|@D$)QqR(n!wOx4kn>e*&Y+s$B5XZT^bMnq7K6|_HO*L1p38Go}y!Dv=GAq~c@ zFkpn&2OI5{J^c7 zqPFG7P4A2v=)ZH`mFEclD~W0 z!O(fg9>qm#Ckb*dd9rbhDz(~Gw~#oK@z4cbOeEHV{=8)04ATZLp@!pjfZw`g9klVM zWC&13{Ho!W!+W8D6peMlvteEDLp?`J&I=6@(4bhPt0I41*8J^@v~;w-G>%vZx+t}W ze$EjWd=&aLH;?R*DwV}mWXTa%y0w-1u^gq1ThJ9Zm=fxJAIwc*(;|BF!>u_o&F$nR zIh0;J2;pY}hIV>dH}UJ#N<}gesA7yIX5sVsJJur?>c~(QQMxHkPw%17y({cJw&VeR za^%|v11*2ioCWjT|;+_uAm=%d;dSl5Q-a$zO%iHm9H2ya6W;2(G z;VqpfJnwbuliA57=Imk^8g>%;ri0MKRnaDG*dUe-VTEF29%*_z2eAI_-hF|#*QbPD z{f+T0kmnj%bq%d<&*FCduqi6NI?k`(_RptLr^oJ*y-v6itAC`|ESwh;#QX`fOkWxh6nAR5!KWF}}BcF|1S_K0{N)L1J z{)T^xlxU*7eL&Lk%-zAeE(Y_G=92U8;cu~CZ^~`AooLvcqp-7Ac@){$VQx&S|Hejh zV!0nltK1c1WA=1M?Y0^0D-7G_WX}Age8i6_l6g8Pe>v!Y&8nQUBBFcB>;y|p3cz?} zsvX}XZWzjVV6-Ex{Nt?k6}$L!XlMHX5ublxcZ6JkOhrb4&{*T5RA>nUju!eV3*+z8 z#prgwL2HXdL(N2OHK!zr=!8$&n@lNtnbN(O6PbD1>GIhg1#qj*FM%%p2EQcE#?SLh z-`A_D>DCPCWu;oT2>?tti}~4Dt1Oj=8bxJjm}MociUTR*2OC8~ch zLMmmP^#|?~{tDI7gZWo`VDj%zep; zlP)i!cw3lkLe`^fzu&cQa`Mtm1pS!24e7p~;mQA1FDMLf-ISvz2uigoE5BPU9)S*$ zz5AN?9F}#pSZIt9{p)+}WK6HD-_oNM?ynd6>S0@blikq;W08I=vGdBr&VPTVNpVy1 zG;3E>P&M5S>&|#2wUW|~BE4W$n*m*{xmiNF9*7c+u6Ng)>(%vS+*ANk4?e**J*EZp z(slS)(l_m>J6L6nJEW%&dOoG;B;=}v13$TB!H-)=O-@AdZN{3MVKukX32=Nb`_e_=)I1Nr%^l(w( z2*>2NKfHkNL_d*V!>NfFE#ZD^KP0rxZwnE*I&8j175XpD5yvYx4i5yC{hypUuYLcc zC-2DI$u4~u`6H8}V2*^%>2 z{65@9ihR`h`aLaJ)m^!Kb-kHfua#k4Nnf8_h?sfg$v4{J+O^LtSn&kY^|Jz|wg7a# zWW?rTc90%$E1xG3t*Ui~q>{>YHy5|q5V!$j_x63xI@&X0Sbx6SS6_k>;Z ztd}&ty%$5{d{+seOiQO4i(!|r6U&dQTbwIxpCMAWn=4=cV|Eat`S zNtrL?V!5Uxu_W0}t{(2>FQ!zk5DcKNs9wH+(4z0rd{V(;maTuL^dZTEynV=*^WDj9 z^~m+o-#d6n;)1HLHk&nVCLFl$c0>dp0?$3M%lV-0m*HgP76*PIyNylJI$cGfHTDY zJMOk|m3vqndCPykbJ=kWrQYX*7o2X`+@PwFNccq{Y6fOv-W0}BL%oF|Gd)-D=x?Z^ zeRw_EKhdAVejM!sPSYJ+UxVEl@2{^%xIWJ(tIZBSA4b<@b~gFw?DO%{2Z!iIaJ_vI zr+eh*-cK?jAndlaKTE^3cX3@t*JU3`xd-%jAEEB*voU{y6jQ#z%oMZbU%mS7+ZyCG zWS9Z&g8jx{DQAJ&y?Y_#Oq;+%Qhrs2Uyx@mYR@Dft?X`oSJZI@IKJFz3pnPDwzsFGH7B^mwWbo}C6eZrcB!HYDCM<>_2G2j|`wZDk2H|cxl)1~^Pi&TM?cfA|LL>W`!7EG=u<@NevW(B=hx@w z>Q8_Ccy#@iDjN4=YzsW#op*hn{_FU~|3iC4u48HyJ%~fvFVUXNj$6(i`2uZsnl#AYZh zvLq*1R}yuUacCL>QjG(Afql?;#&+Jq50Lt%XgV`9iVB#RFAFywQ`lYcd~T@^u%pJ;VH`%*a)ow>^+YTm+Y^Q^CfOhN0 zB06sl8d#eAu%f?2OC>GI6Om7hdd_Ld9l`JehQJ^A8P31!j`{_lk?04ujNN8Cr#WNl zl7^p+<^vfT&mvf9aKPn!sk7Lz&&PjXtL+_is`{eJN@6Vnos{S7wPbb|&l5(?lx*Zk zUCz0O@vj9Je45+Ym`1~#cHr%SN}?_FRuN6OSrWo%D=WmjHP>0|sc*yq5r4BCO&Plg z55^o3r)z{}sD!k{k)5TP=t&w*deZUJQ`Zmxg(0V>Q5M_b{l2-#y}Veo+;4yVq1C%f zGEa{#$8IS621hreX;U9l?+_7_E8gCWV^uGi6_eYJSRxzwKBoP*xbi-55p+#DHBPBn%s=$JQ))Nhtclg zOVyjY)AdO1<4nI!qCULpZh#x)+4@9$QOV7&AMa*O-zfe z+GU6kR6enZpB^@gn2vfj3I}x325P?jn$EmM{HfOAJ{A}YCCRmbHhH&M6gZn8I-&VF_zPo96$NyUd%{d|IkCH@wW zBK}>tyl{=*+YmY8WWK;*LpNVD5->Q}SNmVbrB&&ml zg=(FS9au<2dtO4PpMOjY=olz`R9IXfU_CR!4l(a;*s#T?>C+a|u*Ni6r^V6i{t&7KyeJ zdW+4xtiI8VMW>4vJ3AWIBgxFWZgRTEmLu|CUhN_aD3C?>(8P@JuYx5_xQdfECWbW| zz0q?%ZY0emiD%PkK-%vgOi7%611<>vMMSHcejd=CwG9b>6S?5VJE$5JeO3;DQvl};?aPq;j+RfG_ z_&2fh+}b-*gi2ce#i$D0Efy1^ z(ZSQx+ktlyIyJZzE=)N+A_-IH%nT3)8U9sRAc%rd-+*4KTVfaAL`rtL!Au;^O!9er zRZe0x6ChaRn#YOX?=z>*>EeyGEDOiT5>%U_b9 z{{|}OxaxO)Ca@(qtYKnUAI=Nx^Fkb2`DV~0RAKPtbXk3 zr5y?2vSJpv($uQZEgUzF_~kK995jjj=G}jby1!HtpH!`uNOisN5i?kUzh_yFxgBWM zYgB(SPLDq6YYx7CI}H?Zt6vrUV0dz$TnsK4KR1e9H5{MsBw88>IaZ>M_99M3KW2dz zV$nb{slFmkSAga1Pq7Lu)EjjhB{GPzhwLWOv^E;jNz9jlZOD@*r}3p`$}g1-xW9iq zL~rQ(B$DYy%#&}x#OR$$lzrfi^5hcRa@E*?oDp_JEgNHLGQW&b-$^Xk)dh<#-DqW| z)qySyluY|(BwDH+u-s_;i2L8DcSiPjD|`YUX%UMnCvS)E!m~>SXg)s3_!ndk%bx`v zD(Snr=z60zYO5a9TlFr)ZCJQXlcWOI!m4aIef#GDPv$nWzQd!-7b?je8Cbz`4=qPLvgD`#isaATcy*U`4-7!wOF%v>uQ29A20 zPL1!V3Rsqk_?=fQ2p)^AkazSL$kDguafXe|ij z$*2L5@phBlA*Z$f(f_J%hpwyc*I^tvbaNjFij=EAb#*(XQ zjb;;hIk)Z+oNh`hNDzObZfvK8o0%v!3G6}vhQO0f|H4`mhsWo?XwQFMkI;-_`P9Rz z{;~SV$m{}br4_bg9nZy2LJ}|{eYbHbvf0?R-v(w3>xAY?Ag(7JIYU>B1fLPh4=BY|^ z@U8t|9H>g%3nG83x~9s^3q4N2K=0t&C6oFFl1m=h&s1C;Qm#pjS{h6`^dm(00YBAv z)Yv?El;)uch0WphL#M&Wgo%z5QM3N=*DrCb(z02h^ZkH?q>d+f#5xCS!O67;v#;WV zcv&-4`QobwR)`?8Oe@qh?$r0t-&%+wGfkQAaVndTLm_{Zi%GTv?*S*$h!%{Qk>6l}f?gV;s#o}T`ow?Qp}9BHaw+x=mk z)O0N7zW0Blc@%N#O|Nf0u8bcoU&n1PM5X9fND-wH6kl`%#Xq4Bbeix=kf@T(&gd(e zQ8*be>lJqtExL;`2d9a3Z4JMhZ4zr$%?35UjkGnrJsuftAUQoH@3k zsP+@;Xz_Ln{9R?d`7&&spNibHs@p+tcY1}wn?w|GqN7OrNi!%O+_?+M+<$6 z@PeNUwCI*w#KqLlg`ovja10xKUN7@ibWj)KD|J}^Cy1jmo2KadY$ATj- z2kU=3oJ68`%vd3ni7<^{v@>}bz(s$%eY@V2h=-&~#7N_8h_#!L=e!&AbLh<0r>B!a zQ{&uqFLbZqo3(xyqu{4At=Fi^Gw>1tXZq^8p9DXB^Ys_I-JO1*u?s7)V7q7$Rz6MI z8WTFJkkJ#KS`*O+WHn8bSZW0lj1jKf(CdHnZEQ>79Bq(7_Irr06Hjz!gRa)((OQ}k z4Yrd0V7=mkEZ2&ABs%l#(5V@s=nFPUMMkFmWo0z=;+=Qi(}20kzZNO24@YrB0_4*tuwo-lbU7r$o;BVcHVz? z=AP6HxcX~w1Vf#B6pQ5MdBfn!mQ#OSMVDx`)VlW1aH;_w>)?(MYv>HEh+GqQ3@eq1 zqMHMsMdjVQY>)|lCP6bSd}sQziMSaxNp0u%*uTT8)8XnpvKAF$O@IpqQrhnyn_h(7 zM49yz9bi;O144qa_%U)0b-DYA*!4Ls%GmfD<yQ14AIlcuso&M^}<}ZH9lkCp7r) zUheIu{r(*95~pHRwi?|N z4d`D^Opz1@Chys-n=_^>st6I%d=WKsaWe3i? zyuczccdtIUMPsmj(U{8cGMfsji5+|3<4?jVYwD)S#3gvKbjnW*$UZU*kk?caGvnIf zC!W>(#5;qav?DHPJG+0WJc>Iml=?7ZbKX1vH;-&Cu`(Uy4YG>F+tE1Y!~ppN(TdME z*_5Bq_G58Za7#tTr$M06(1a;O&z99@T7@Iv+%~&PI4se43}o8%ai$D3H{$`C+ZTVF9=56c&;zcu<8j^r zqb*5ZgYUn4^%_gq2F)1hrKb0ucsg(KF4MksQ6nV<9k!KQ+Egt{hh<9V>xbq1%~fDE zx!zKP^vt2vh|+`F(zJ4 z&(th8%9$zK!PbAxaHOsfoGvw}Mo2BY%??wdccH~W^%d0?IRF$`GC=5w(~e)jy)e8> zi;1z^Y+2U6H{bq9gTHMbM!Irim^xOYixt*B`kNka6o&w&Vd zE@>un{CdlpGEUb6C@!^v^Hu-`WL~iSkeNWy<(kq-u&I9*8TfDbxh4zUicmnlb=7PF zQ*(D?QBA;@-6V7<=G*n+VaF=tTOgUv-w`#(55{vg*kFQop+*xmA4gYbmoTuF^f}WG zmc!}jgd~?h!#LSRaX77~N=6EeTK42QZngF;D;9H;nxNpVt-mt% zR~k^>I8y7tt{8(pof|+jK?!^Ugz1Gs58{i1!@JZO;Oa&!R)jco#z}MiBmFM1NW}kd zS@oTUMx_l&^<$(7ry==dF{iSBC0a?m#h;lHA9;TcXR9J9IYA6JlvhEY;r^!8&(bl* zBQ}`@qcgB+Tmk*!6~JASWn+l%vMF#K@D$)iUJ44O`(7aVi-j#0t(rpyo6V1cqp*{>r}vYUKz^823iJNMk&|4%@A#-2~DI8RR=uJBdlKJ0OHI&tmvYO|%E zaQF19K^L>`mYW|H>}pCc4_=9XToyI^WYShHw%}7HiE*!fPNLhHt%j0E(zu9Y8%MG# zgCh>+4LK+M#O>#2$N77Ev>dt(mx%lK@s?;){=*@83bzQ6bV~!JRaO03t&W_T{q3`t zOMxjNbw{Xk{L4v|^86vAA1R}KZISoF8ohXv`P}=r55&yfkvTZ;5!UsKy7Kl1UkPj! zsinqt5?-w6HYfuc4o|phfBpIb zsf7_L{+qS*XYZh0{%Zg8te^+=0vT#eBiWv6rMF+KO+I2WAWXmLF3eFK?`^jB6Z&c`G2UogK$cMq%`)saDsU^jq*!F9eq0ma z@*1t0)q?*aS>~DWC$)-sZpp(10b_ z46J}PumNsNC32Rc+SyT!mYM^Ktpk#Mq8)@f)CW*p3qe*BS zCz+xZNb%XV$^z~3Ae``Px&O`4(RmM;<4H;Adp5}g{Q?!~gtUT71mZeOT}^0?61c>6 zyeHidvF9i>)Wn4b)mr6%bUdLUcL1?Hi5NV-#6+`Z3u^HsoJiTv(YPlOi_dV)*3v{T zf`y9?m}@F4)a6a+qq|;kmX7-Mk(oC{N24v)trBRW(C^+xT)cSlZDoY)eFz79)`qs$ zL-!^0&{satBa~ULi$*k2*o4iS$PLfVWW1^LkaC%>jdFeA`>e>e|IdH-g?H%s5s2(Z S*i)Do6H6pxn30TtKlU$#l Date: Tue, 27 Oct 2020 19:03:39 +0100 Subject: [PATCH 344/979] Add ARN to partial --- ScoutSuite/output/data/html/partials/aws/services.iam.users.html | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html index 5a4ccffd9..e86883166 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html @@ -6,6 +6,7 @@

    {{name}}

    Information

    +
    ARN: {{arn}}
    Creation date: {{format_date CreateDate}}
    From 18f017015560fa89da93b18a542921c0de55993f Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:07:21 +0100 Subject: [PATCH 345/979] Remove unnecessary class suffixes --- .../html/partials/aws/services.iam.credential_reports.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index 270d5e72a..1e28d5445 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -10,15 +10,15 @@

    Credentials Report

    Last Used Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'last_used')}}
    Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
    Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
    -
    Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
    +
    Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
    MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
    Hardware MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active_hardware'}}
    Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
    Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
    -
    Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
    +
    Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
    Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
    Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
    -
    Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
    +
    Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
    Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
    Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
    From e8a9cce09f48a5868c1b460511646e8511499de0 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:09:11 +0100 Subject: [PATCH 346/979] Fix broken rule --- .../iam-unused-credentials-not-disabled.json | 42 +++++-------------- 1 file changed, 10 insertions(+), 32 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json index 60c63ee90..5d224e5d7 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -74,25 +74,14 @@ "" ], [ - "or", + "and", [ - "and", - [ - "iam.credential_reports.id.access_key_1_last_used_date", - "notNull", - "" - ], - [ - "iam.credential_reports.id.access_key_1_last_used_date", - "olderThan", - [ - "_ARG_0_", - "days" - ] - ] + "iam.credential_reports.id.access_key_1_last_used_date", + "notNull", + "" ], [ - "iam.credential_reports.id.access_key_1_last_rotated", + "iam.credential_reports.id.access_key_1_last_used_date", "olderThan", [ "_ARG_0_", @@ -109,25 +98,14 @@ "" ], [ - "or", + "and", [ - "and", - [ - "iam.credential_reports.id.access_key_2_last_used_date", - "notNull", - "" - ], - [ - "iam.credential_reports.id.access_key_2_last_used_date", - "olderThan", - [ - "_ARG_0_", - "days" - ] - ] + "iam.credential_reports.id.access_key_2_last_used_date", + "notNull", + "" ], [ - "iam.credential_reports.id.access_key_2_last_rotated", + "iam.credential_reports.id.access_key_2_last_used_date", "olderThan", [ "_ARG_0_", From 07110316d7cc41d566573742f8e93c95773bb532 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:11:57 +0100 Subject: [PATCH 347/979] Add missing classes --- .../html/partials/aws/services.iam.credential_reports.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index 1e28d5445..00e9b9968 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -14,10 +14,10 @@

    Credentials Report

    MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
    Hardware MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active_hardware'}}
    Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
    -
    Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
    +
    Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
    Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
    Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
    -
    Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
    +
    Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
    Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
    Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
    Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
    From a5fbd2ab57efa4ca22b1eb6392162fcf406fe20a Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:14:35 +0100 Subject: [PATCH 348/979] Fix bug --- ScoutSuite/providers/aws/resources/iam/credentialreports.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index 216f14e24..966c0180c 100755 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -53,7 +53,8 @@ async def _user_has_hardware_mfa_devices(self, username): if username == '': devices = await self.facade.iam.get_virtual_mfa_devices() for device in devices: - if device['User']['Arn'][-5:] == ':root': + # If no EnableDate the device has been disabled + if device.get('EnableDate') and device['User']['Arn'][-5:] == ':root': return False return True else: From eecee720d3ec00dd8745a82c5e2a330f27ba2980 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:14:56 +0100 Subject: [PATCH 349/979] Upgrade version --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 8a2bed9ba..bd6758a90 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.10.1' +__version__ = '5.11' ERRORS_LIST = [] From d59e51c79919aea4be380fa9c89f5cd64f15a30d Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 27 Oct 2020 19:35:43 +0100 Subject: [PATCH 350/979] Finish fixing rule --- .../iam-unused-credentials-not-disabled.json | 35 +++++-------------- 1 file changed, 8 insertions(+), 27 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json index 5d224e5d7..b97bde4bb 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-unused-credentials-not-disabled.json @@ -31,37 +31,18 @@ "" ], [ - "or", + "and", [ - "and", - [ - "iam.credential_reports.id.password_last_used", - "notNull", - "" - ], - [ - "iam.credential_reports.id.password_last_used", - "olderThan", - [ - "_ARG_0_", - "days" - ] - ] + "iam.credential_reports.id.password_last_used", + "notNull", + "" ], [ - "and", - [ - "iam.credential_reports.id.password_last_changed", - "notNull", - "" - ], + "iam.credential_reports.id.password_last_used", + "olderThan", [ - "iam.credential_reports.id.password_last_changed", - "olderThan", - [ - "_ARG_0_", - "days" - ] + "_ARG_0_", + "days" ] ] ] From 3eea76479bdca8b0416adee556682c49f7f3254b Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 28 Oct 2020 09:59:36 +0100 Subject: [PATCH 351/979] Add ARN to partials --- .../output/data/html/partials/aws/services.iam.groups.html | 3 ++- .../output/data/html/partials/aws/services.iam.users.html | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html b/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html index 33cffce72..d8acb6fae 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.groups.html @@ -6,7 +6,8 @@

    {{name}}

    Information

    -
    Creation date: {{CreateDate}}
    +
    Arn: {{value_or_none arn}}
    +
    Creation date: {{CreateDate}}

    Members diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html index e86883166..61aaf04b4 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.users.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.users.html @@ -6,7 +6,7 @@

    {{name}}

    Information

    -
    ARN: {{arn}}
    +
    Arn: {{value_or_none arn}}
    Creation date: {{format_date CreateDate}}
    From 0f71a82f14564a5a36554a320aee5f1c02f91f56 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 28 Oct 2020 18:25:14 +0100 Subject: [PATCH 352/979] Handle lack of SA attached to instances --- ScoutSuite/providers/gcp/resources/gce/instances.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gce/instances.py b/ScoutSuite/providers/gcp/resources/gce/instances.py index 8d9ea4251..9f76eb72f 100755 --- a/ScoutSuite/providers/gcp/resources/gce/instances.py +++ b/ScoutSuite/providers/gcp/resources/gce/instances.py @@ -40,8 +40,12 @@ def _parse_instance(self, raw_instance): instance_dict['serial_port_enabled'] = self._is_serial_port_enabled(raw_instance) instance_dict['disks'] = InstanceDisks(self.facade, raw_instance) - instance_dict['service_account'] = raw_instance.get('serviceAccounts', [])[0].get('email') - instance_dict['access_scopes'] = raw_instance.get('serviceAccounts', [])[0].get('scopes') + if 'serviceAccounts' in raw_instance and raw_instance.get('serviceAccounts'): + instance_dict['service_account'] = raw_instance.get('serviceAccounts')[0].get('email') + instance_dict['access_scopes'] = raw_instance.get('serviceAccounts')[0].get('scopes') + else: + instance_dict['service_account'] = None + instance_dict['access_scopes'] = None return instance_dict['id'], instance_dict From cbe46c4561bc662ed5d3693faee89df803872e2d Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Mon, 2 Nov 2020 11:46:09 +0000 Subject: [PATCH 353/979] Map property to support rules related to SNS topic encryption --- ScoutSuite/providers/aws/resources/sns/topics.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/sns/topics.py b/ScoutSuite/providers/aws/resources/sns/topics.py index b98fd3b10..7483bdc96 100755 --- a/ScoutSuite/providers/aws/resources/sns/topics.py +++ b/ScoutSuite/providers/aws/resources/sns/topics.py @@ -41,4 +41,7 @@ def _parse_topic(self, raw_topic): for k in ['Policy', 'DeliveryPolicy', 'EffectiveDeliveryPolicy']: raw_topic[k] = json.loads(attributes[k]) if k in attributes else None + if "KmsMasterKeyId" in attributes: + raw_topic["KmsMasterKeyId"] = attributes["KmsMasterKeyId"] + return raw_topic['name'], raw_topic From 2a47dc627a7b5709163030ea9572e8e76aa7d5ac Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Mon, 2 Nov 2020 12:14:48 +0000 Subject: [PATCH 354/979] Added new encrypted field to SNS topic on the UI --- .../data/html/partials/aws/services.sns.regions.id.topics.html | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html index 08c907ef1..46f207b46 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html +++ b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html @@ -9,6 +9,7 @@

    Information

    Region: {{region}}
    ARN: {{arn}}
    Display name: {{DisplayName}}
    +
    Encrypted: {{#if KmsMasterKeyId}} True {{else}} False {{/if}}
    {{#if Policy}}
    From e2dda4b46257b6b219f01ca81fe1f7f6e0bcbaf0 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Mon, 2 Nov 2020 12:18:30 +0000 Subject: [PATCH 355/979] Add highlighting options for encrypted SNS topics --- .../data/html/partials/aws/services.sns.regions.id.topics.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html index 46f207b46..c549613af 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html +++ b/ScoutSuite/output/data/html/partials/aws/services.sns.regions.id.topics.html @@ -9,7 +9,7 @@

    Information

    Region: {{region}}
    ARN: {{arn}}
    Display name: {{DisplayName}}
    -
    Encrypted: {{#if KmsMasterKeyId}} True {{else}} False {{/if}}
    +
    Encrypted: {{#if KmsMasterKeyId}} True {{else}} False {{/if}}
    {{#if Policy}}
    From b4fa40a619db4e434425211112578d8af8bc02e2 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 4 Nov 2020 19:50:40 +0100 Subject: [PATCH 356/979] Change version --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index bd6758a90..aa80970b5 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.11' +__version__ = '5.10.2' ERRORS_LIST = [] From 38fd557fa0b7937162897e6d43ef2f4490a253f4 Mon Sep 17 00:00:00 2001 From: Eloi Manuel Date: Fri, 6 Nov 2020 11:57:23 +0100 Subject: [PATCH 357/979] Updated list of domains Updated list of domains that do not support transfer lock according to the AWS documentation as of 06-11-2020 (https://github.com/awsdocs/amazon-route53-docs/tree/master/doc_source). --- ...53-domain-transferlock-not-authorized.json | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json index 3ac02647e..9ce2d2530 100755 --- a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json +++ b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json @@ -12,14 +12,30 @@ "name", "match", [ - ".*\\.io", + ".*\\.fr", + ".*\\.qa", ".*\\.co.nz", - ".*\\.jp", + ".*\\.nl", + ".*\\.fi", + ".*\\.es", + ".*\\.de", + ".*\\.se", ".*\\.co.uk", - ".*\\.fr", - ".*\\.it", + ".*\\.me.uk", + ".*\\.ru", + ".*\\.jp", + ".*\\.net.au", + ".*\\.ch", + ".*\\.co.za", + ".*\\.com.au", + ".*\\.com.ar", + ".*\\.cl", ".*\\.org.uk", - ".*\\.uk" + ".*\\.it", + ".*\\.net.nz", + ".*\\.uk", + ".*\\.eu", + ".*\\.org.nz" ] ] ], From aa3e7d8f084e62044d90c23c734ec5cdb541ff8d Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 6 Nov 2020 13:51:31 +0100 Subject: [PATCH 358/979] Make error output prettier --- ScoutSuite/providers/gcp/facade/base.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index e335bcf47..366a2a54a 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -1,3 +1,5 @@ +import json + from ScoutSuite.core.console import print_exception, print_info, print_debug, print_error from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.cloudresourcemanager import CloudResourceManagerFacade @@ -120,7 +122,12 @@ async def _get_projects_recursively(self, parent_type, parent_id): 'You may have specified a non-existing organization/folder/project?') except Exception as e: - print_exception(f'Unable to list accessible Projects: {e}') + try: + content = e.content.decode("utf-8") + content_dict = json.loads(content) + print_exception(f'Unable to list accessible Projects: {content_dict.get("error").get("message")}') + except Exception as e: + print_exception(f'Unable to list accessible Projects: {e}') finally: return projects From 5de95e648b60dd5764086f1fc489d1d493286608 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 6 Nov 2020 14:01:13 +0100 Subject: [PATCH 359/979] Set version to address https://github.com/nccgroup/ScoutSuite/issues/918 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 4ebe406d4..d4f1a8955 100755 --- a/requirements.txt +++ b/requirements.txt @@ -19,7 +19,7 @@ google-cloud-container>=2.1.0 google-cloud-core>=0.29.1 google-cloud-iam>=0.1.0 google-cloud-logging>=1.15.0 -google-cloud-monitoring>=0.36.0 +google-cloud-monitoring==1.1.0 google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 google-cloud-kms==1.3.0 From 9278ce2fd1f51fc82028c4a21b8edf7fc803feb7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 10 Nov 2020 15:57:19 +0100 Subject: [PATCH 360/979] Fix: update functionality to include previous results --- ScoutSuite/__main__.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 2111a2a9b..f9a879973 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -273,11 +273,14 @@ async def _run(provider, if update: try: print_info('Updating existing data') - current_run_services = copy.deepcopy(cloud_provider.services) + #Load previous results last_run_dict = report.encoder.load_from_file('RESULTS') - cloud_provider.services = last_run_dict['services'] - for service in cloud_provider.service_list: - cloud_provider.services[service] = current_run_services[service] + #Get list of previous services which were not updated during this run + previous_services = [prev_service for prev_service in last_run_dict['service_list'] if prev_service not in cloud_provider.service_list] + #Add previous services + for service in previous_services: + cloud_provider.service_list.append(service) + cloud_provider.services[service] = last_run_dict['services'][service] except Exception as e: print_exception('Failure while updating report: {}'.format(e)) From 8a06889911dd4f4579128bb1c3d7f6c85399750f Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Tue, 10 Nov 2020 14:18:02 -0500 Subject: [PATCH 361/979] realigned dir layout for smoother workflow --- docker/{src => }/Dockerfile | 0 docker/{src => }/build.sh | 0 docker/config/build.env | 2 +- docker/docker-compose.yaml | 4 +--- 4 files changed, 2 insertions(+), 4 deletions(-) rename docker/{src => }/Dockerfile (100%) rename docker/{src => }/build.sh (100%) diff --git a/docker/src/Dockerfile b/docker/Dockerfile similarity index 100% rename from docker/src/Dockerfile rename to docker/Dockerfile diff --git a/docker/src/build.sh b/docker/build.sh similarity index 100% rename from docker/src/build.sh rename to docker/build.sh diff --git a/docker/config/build.env b/docker/config/build.env index e129158a3..e2175e243 100644 --- a/docker/config/build.env +++ b/docker/config/build.env @@ -1,6 +1,6 @@ VCS_REF=$(git rev-parse --short HEAD) VCS_URL='https://github.com/nccgroup/ScoutSuite' -VERSION='0.2.1' +VERSION='0.2.2' BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") VENDOR='nccgroup' NAME='scoutsuite' diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 626e5c1b5..cf79659e8 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -2,13 +2,11 @@ version: "3.7" services: ncc-scoutsuite: image: scoutsuite:latest - volumes: - - ./bin:/root/bin env_file: - config/build.env build: context: . - dockerfile: src/Dockerfile + dockerfile: Dockerfile args: - VCS_REF - VCS_URL From 065eb57c84b57f6dc4ff07d3644870939377d34f Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 11 Nov 2020 11:25:20 +0100 Subject: [PATCH 362/979] Fix: S3 bucket CreationDate incorrectly retrieved --- ScoutSuite/providers/aws/facade/s3.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 924e513e8..2e4e75091 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -52,6 +52,8 @@ async def get_buckets(self): # Non-async post-processing for bucket in buckets: self._set_s3_bucket_secure_transport(bucket) + #Update CreationDate of all buckets with the correct values from 'us-east-1' + self._get_and_set_s3_bucket_creationdate(buckets) return buckets @@ -192,6 +194,19 @@ async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}): except Exception as e: print_exception('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e)) + def _get_and_set_s3_bucket_creationdate(self, buckets): + #When using region other than 'us-east-1', the 'CreationDate' is the last modified time according to bucket's last replication in the respective region + #Source: https://github.com/aws/aws-cli/issues/3597#issuecomment-424167129 + #Fixes issue #858 + client = AWSFacadeUtils.get_client('s3', self.session, 'us-east-1') + try: + buckets_useast1 = client.list_buckets()['Buckets'] + for bucket in buckets: + #Find the bucket with the same name and update 'CreationDate' from the 'us-east-1' region data, if doesn't exist keep the original value + bucket['CreationDate'] = next((buck['CreationDate'] for buck in buckets_useast1 if buck['Name'] == bucket['Name']), bucket['CreationDate']) + except Exception as e: + print_exception('Failed to list buckets using region "us-east-1"') + def _set_s3_bucket_secure_transport(self, bucket: {}): try: if 'policy' in bucket: From 1426777a29053ecb2f234240ff0ca396fa599e26 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 11 Nov 2020 14:38:28 +0100 Subject: [PATCH 363/979] Added epilog to argument parser for clarity --- ScoutSuite/core/cli_parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index 234ccb7af..8c1496cf8 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -5,7 +5,7 @@ class ScoutSuiteArgumentParser: def __init__(self): - self.parser = argparse.ArgumentParser() + self.parser = argparse.ArgumentParser(epilog='To get addtional help on a specific provider run: scout.py {provider} -h') # People will still be able to use the old --provider syntax self.parser.add_argument("--provider", From 41527f304cd66017b31c5ea33485126567305f38 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 12 Nov 2020 09:45:55 +0100 Subject: [PATCH 364/979] Improve wording --- .../aws/rules/findings/cloudtrail-no-encryption-with-kms.json | 2 +- .../aws/rules/findings/kms-cmk-rotation-disabled.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json index 4bb6734de..c977c1941 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -1,5 +1,5 @@ { - "description": "CloudTrail Logs Not Encrypted with KMS CMKs", + "description": "CloudTrail Logs Not Encrypted with KMS Customer Master Keys (CMKs)", "rationale": "Not encrypting CloudTrail logs with SSE-KMS affects the confidentiality of the log data.", "remediation": "Ensure each Trail is encrypted with a KMS key", "compliance": [ diff --git a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json index 601c1b4ca..f754079fa 100644 --- a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json @@ -1,7 +1,7 @@ { - "description": "Customer Master Keys (CMKs) with Rotation Disabled", + "description": "KMS Customer Master Keys (CMKs) with Rotation Disabled", "rationale": "Cryptographic best practices discourage extensive reuse of encryption keys. Consequently, Customer Master Keys (CMKs) should be rotated to prevent usage of compromised keys.

    Note that AWS KMS supports optional automatic key rotation only for customer managed CMKs.", - "remediation": "For every Customer-created Master Key (CMK) ensure that Rotate this key every year is enabled", + "remediation": "For every KMS Customer Master Keys (CMKs), ensure that Rotate this key every year is enabled", "compliance": [ { "name": "CIS Amazon Web Services Foundations", From c35670eee0e13b500a0ebc6e1ced2212a302e9d5 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 12 Nov 2020 10:30:04 +0100 Subject: [PATCH 365/979] Improve parsing, formatting and rules --- .../services.ec2.regions.id.snapshots.html | 34 ++++++++++++------- ScoutSuite/providers/aws/provider.py | 6 ++-- .../providers/aws/resources/ec2/snapshots.py | 27 +++++++++++---- .../ec2-ebs-snapshot-not-encrypted.json | 5 +-- .../findings/ec2-ebs-snapshot-public.json | 3 +- 5 files changed, 50 insertions(+), 25 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html index 3f9f5f9d6..eb5244ad4 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html @@ -1,21 +1,22 @@ - + + @@ -23,3 +24,12 @@

    Information

    Handlebars.registerPartial("services.ec2.regions.id.snapshots", $("#services\\.ec2\\.regions\\.id\\.snapshots\\.partial").html()); + + + + + diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 994ed345b..7723c4d36 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -163,10 +163,10 @@ def _add_last_snapshot_date_to_ec2_volumes(self): for region in self.services['ec2']['regions'].values(): for volumeId, volume in region.get('volumes').items(): completed_snapshots = [s for s in region['snapshots'].values() if - s['VolumeId'] == volumeId and s['State'] == 'completed'] + s['volume_id'] == volumeId and s['state'] == 'completed'] sorted_snapshots = sorted( - completed_snapshots, key=lambda s: s['StartTime'], reverse=True) - volume['LastSnapshotDate'] = sorted_snapshots[0]['StartTime'] if len( + completed_snapshots, key=lambda s: s['start_time'], reverse=True) + volume['LastSnapshotDate'] = sorted_snapshots[0]['start_time'] if len( sorted_snapshots) > 0 else None def add_security_group_name_to_ec2_grants_callback(self, current_config, path, current_path, ec2_grant, diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index b8d5ad3e0..633c78f64 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -15,13 +15,26 @@ async def fetch_all(self): self[name] = resource def _parse_snapshot(self, raw_snapshot): - raw_snapshot['id'] = raw_snapshot.pop('SnapshotId') - raw_snapshot['name'] = get_name(raw_snapshot, raw_snapshot, 'id') - raw_snapshot['public'] = self._is_public(raw_snapshot) - raw_snapshot['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), - raw_snapshot.get('OwnerId'), - raw_snapshot.get('name')) - return raw_snapshot['id'], raw_snapshot + snapshot_dict = {} + snapshot_dict['id'] = raw_snapshot.get('SnapshotId') + snapshot_dict['name'] = get_name(raw_snapshot, raw_snapshot, 'SnapshotId') + snapshot_dict['description'] = raw_snapshot.get('Description') + snapshot_dict['public'] = self._is_public(raw_snapshot) + snapshot_dict['encrypted'] = raw_snapshot.get('Encrypted') + snapshot_dict['kms_key_id'] = raw_snapshot.get('KmsKeyId') + snapshot_dict['owner_id'] = raw_snapshot.get('OwnerId') + snapshot_dict['progress'] = raw_snapshot.get('Progress') + snapshot_dict['start_time'] = raw_snapshot.get('StartTime') + snapshot_dict['state'] = raw_snapshot.get('State') + snapshot_dict['volume_id'] = raw_snapshot.get('VolumeId') + snapshot_dict['volume_size'] = raw_snapshot.get('VolumeSize') + snapshot_dict['create_volume_permissions'] = raw_snapshot.get('CreateVolumePermissions') + + snapshot_dict['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), + raw_snapshot.get('OwnerId'), + raw_snapshot.get('name')) + + return snapshot_dict['id'], snapshot_dict @staticmethod def _is_public(snapshot): diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json index 2d445f191..28545f459 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-not-encrypted.json @@ -9,9 +9,10 @@ "conditions": [ "and", [ - "Encrypted", + "encrypted", "false", "" ] - ] + ], + "id_suffix": "encrypted" } diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json index 31d79a162..740f84887 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-snapshot-public.json @@ -13,5 +13,6 @@ "true", "" ] - ] + ], + "id_suffix": "public" } From d9541de8f58e9e4e9b0ac13e7b8d66a3082e875b Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 12 Nov 2020 13:13:32 +0100 Subject: [PATCH 366/979] Fix region selection --- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 633c78f64..9e3bb7498 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -30,7 +30,7 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['volume_size'] = raw_snapshot.get('VolumeSize') snapshot_dict['create_volume_permissions'] = raw_snapshot.get('CreateVolumePermissions') - snapshot_dict['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.get('region'), + snapshot_dict['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.region, raw_snapshot.get('OwnerId'), raw_snapshot.get('name')) From 94b41dabe1e3c4b5aa8bf33d94d49f5ac705f49e Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 12 Nov 2020 13:31:27 +0100 Subject: [PATCH 367/979] Fix for https://github.com/nccgroup/ScoutSuite/issues/913 --- .../cloudtrail-no-encryption-with-kms.json | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json index c977c1941..17b25b19f 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-encryption-with-kms.json @@ -26,24 +26,33 @@ "display_path": "cloudtrail.regions.id.trails.id", "path": "cloudtrail.regions.id.trails.id", "conditions": [ - "or", + "and", [ "cloudtrail.regions.id.trails.id.", "withoutKey", - "KmsKeyId" + "scout_link" ], [ - "and", + "or", [ "cloudtrail.regions.id.trails.id.", - "withKey", + "withoutKey", "KmsKeyId" ], [ - "cloudtrail.regions.id.trails.id.KmsKeyId", - "null", - "" + "and", + [ + "cloudtrail.regions.id.trails.id.", + "withKey", + "KmsKeyId" + ], + [ + "cloudtrail.regions.id.trails.id.KmsKeyId", + "null", + "" + ] ] + ] ], "id_suffix": "cloudtrail-kms-key-unused" From 1c80303d8fb0308c76f2c74535edbe9842ea7f0d Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 12 Nov 2020 16:15:39 +0100 Subject: [PATCH 368/979] Fix for https://github.com/nccgroup/ScoutSuite-Proprietary/issues/227 --- .../aws/services.ec2.regions.id.vpcs.id.instances.html | 1 + ScoutSuite/providers/aws/provider.py | 10 ++++++++-- ScoutSuite/providers/aws/resources/ec2/instances.py | 5 +++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html index b5ef8561c..e02ee2857 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.vpcs.id.instances.html @@ -9,6 +9,7 @@

    Information

  • ARN: {{arn}}
  • ID: {{id}}
  • Region: {{region}}
    • +
  • Availability Zone: {{availability_zone}}
  • VPC: {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
  • Reservation ID: {{reservation_id}}
  • IAM role: {{value_or_none iam_role}}
    • diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 7723c4d36..5ce6ffe12 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -156,8 +156,14 @@ def check_security_group_rules(lb, index, traffic_type): def _check_ec2_zone_distribution(self): regions = self.services['ec2']['regions'].values() - self.services['ec2']['number_of_regions_with_instances'] = sum( - r['instances_count'] > 0 for r in regions) + self.services['ec2']['number_of_regions_with_instances'] = sum(r['instances_count'] > 0 for r in regions) + + for regions in self.services['ec2']['regions'].values(): + instances_availability_zones = set() + for vpcs in regions['vpcs'].values(): + for instance in vpcs['instances'].values(): + instances_availability_zones.add(instance.get('availability_zone')) + regions['instances_availability_zones'] = len(instances_availability_zones) def _add_last_snapshot_date_to_ec2_volumes(self): for region in self.services['ec2']['regions'].values(): diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index c0e385744..3418b40f8 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -22,9 +22,10 @@ async def _parse_instance(self, raw_instance): id = raw_instance['InstanceId'] instance['id'] = id instance['arn'] = 'arn:aws:ec2:{}.{}.instance/{}'.format(self.region, - raw_instance['OwnerId'], - raw_instance['InstanceId']) + raw_instance['OwnerId'], + raw_instance['InstanceId']) instance['reservation_id'] = raw_instance['ReservationId'] + instance['availability_zone'] = raw_instance.get('Placement', {}).get('AvailabilityZone') instance['monitoring_enabled'] = raw_instance['Monitoring']['State'] == 'enabled' instance['user_data'] = await self.facade.ec2.get_instance_user_data(self.region, id) instance['user_data_secrets'] = self._identify_user_data_secrets(instance['user_data']) From 8d692ea2195e5eda5f5c0f8db7086639f5347bac Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 13 Nov 2020 11:26:21 +0100 Subject: [PATCH 369/979] Minor changes --- ScoutSuite/providers/aws/facade/s3.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 2e4e75091..d82d57dc6 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -2,7 +2,7 @@ from botocore.exceptions import ClientError -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_debug from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently @@ -52,7 +52,7 @@ async def get_buckets(self): # Non-async post-processing for bucket in buckets: self._set_s3_bucket_secure_transport(bucket) - #Update CreationDate of all buckets with the correct values from 'us-east-1' + # Try to update CreationDate of all buckets with the correct values from 'us-east-1' self._get_and_set_s3_bucket_creationdate(buckets) return buckets @@ -195,17 +195,21 @@ async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}): print_exception('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e)) def _get_and_set_s3_bucket_creationdate(self, buckets): - #When using region other than 'us-east-1', the 'CreationDate' is the last modified time according to bucket's last replication in the respective region - #Source: https://github.com/aws/aws-cli/issues/3597#issuecomment-424167129 - #Fixes issue #858 + # When using region other than 'us-east-1', the 'CreationDate' is the last modified time according to bucket's + # last replication in the respective region + # Source: https://github.com/aws/aws-cli/issues/3597#issuecomment-424167129 + # Fixes issue https://github.com/nccgroup/ScoutSuite/issues/858 client = AWSFacadeUtils.get_client('s3', self.session, 'us-east-1') try: buckets_useast1 = client.list_buckets()['Buckets'] for bucket in buckets: - #Find the bucket with the same name and update 'CreationDate' from the 'us-east-1' region data, if doesn't exist keep the original value - bucket['CreationDate'] = next((buck['CreationDate'] for buck in buckets_useast1 if buck['Name'] == bucket['Name']), bucket['CreationDate']) + # Find the bucket with the same name and update 'CreationDate' from the 'us-east-1' region data, + # if doesn't exist keep the original value + bucket['CreationDate'] = next((b['CreationDate'] for b in buckets_useast1 if + b['Name'] == bucket['Name']), bucket['CreationDate']) except Exception as e: - print_exception('Failed to list buckets using region "us-east-1"') + # Only output exception when in debug mode + print_debug('Failed to get bucket creation date from "us-east-1" region') def _set_s3_bucket_secure_transport(self, bucket: {}): try: From 5d6587fab9bf188797ec01da85a8586bfe7eb881 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 13 Nov 2020 17:44:27 +0100 Subject: [PATCH 370/979] Add CloudFront --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index 2f8961f18..b1a1c15d6 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1196,6 +1196,8 @@ function makeTitle(title) { return 'CloudWatch' } else if (title === 'cloudformation') { return 'CloudFormation' + } else if (title === 'cloudfront') { + return 'CloudFront' } else if (title === 'config') { return 'Config' } else if (title === 'cognito') { From a519d0f2296772e3051848ace0f98ef4f67983be Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 13 Nov 2020 17:50:08 +0100 Subject: [PATCH 371/979] Handle empty distributions --- ScoutSuite/providers/aws/facade/cloudfront.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/cloudfront.py b/ScoutSuite/providers/aws/facade/cloudfront.py index 63fde3f01..093729114 100644 --- a/ScoutSuite/providers/aws/facade/cloudfront.py +++ b/ScoutSuite/providers/aws/facade/cloudfront.py @@ -6,6 +6,7 @@ from ScoutSuite.providers.utils import run_concurrently class CloudFront(AWSBaseFacade): + async def get_distributions(self): client = AWSFacadeUtils.get_client('cloudfront',self.session) # When no cloudfront distribution exists, we first need to initiate the creation @@ -29,7 +30,7 @@ async def get_distributions(self): return [] try: - return response['DistributionList']['Items'] + return response.get('DistributionList', {}).get('Items', []) except Exception as e: - print_exception('Failed to parse cloudfront distribution list: {}'.format(e)) + print_exception(f'Failed to get CloudFront distribution lists: {e}') return [] From 46f76cb7ab50e4f82d79caf8dd8f36b262ea5efa Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 13 Nov 2020 17:50:18 +0100 Subject: [PATCH 372/979] Add resource --- ScoutSuite/providers/aws/metadata.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index aa7b97e9f..8b20233be 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -147,6 +147,14 @@ "path": "services.directconnect.connections" } } + }, + "cloudfront": { + "resources": { + "distributions": { + "cols": 2, + "path": "services.cloudfront.distributions" + } + } } }, "compute": { From 48a15084e016f876ae38284d38df990f48f03587 Mon Sep 17 00:00:00 2001 From: xga Date: Fri, 13 Nov 2020 17:56:03 +0100 Subject: [PATCH 373/979] Improve formatting and add HTML partial --- .../services.cloudfront.distributions.html | 32 +++++++++++++++++ .../aws/resources/cloudfront/distributions.py | 34 ++++++++++++------- 2 files changed, 53 insertions(+), 13 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html new file mode 100644 index 000000000..6acbe0aa2 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html @@ -0,0 +1,32 @@ + + + + + + + + diff --git a/ScoutSuite/providers/aws/resources/cloudfront/distributions.py b/ScoutSuite/providers/aws/resources/cloudfront/distributions.py index c6f922455..fa387da67 100644 --- a/ScoutSuite/providers/aws/resources/cloudfront/distributions.py +++ b/ScoutSuite/providers/aws/resources/cloudfront/distributions.py @@ -10,18 +10,26 @@ async def fetch_all(self): id, distro = self._parse_distributions(distribution) self[id] = distro - def _parse_distributions(self, distribution): + def _parse_distributions(self, raw_distribution): distribution_dict = {} - distribution_dict['id'] = distribution.get('Id') - distribution_dict['arn'] = distribution.get('ARN') - distribution_dict['status'] = distribution.get('Status') - distribution_dict['last_modified_time'] = distribution.get('LastModifiedTime') - distribution_dict['aliases'] = distribution.get('Aliases') - distribution_dict['domain_name'] = distribution.get('DomainName') - distribution_dict['origins'] = distribution.get('Origins') - distribution_dict['viewer_protocol_policy'] = distribution.get('ViewerProtocolPolicy') - distribution_dict['allowed_methods'] = distribution.get('AllowedMethods') - distribution_dict['view_certificate'] = distribution.get('ViewerCertificate') - distribution_dict['restrictions'] = distribution.get('Restrictions') - distribution_dict['alias_icp_recordals'] = distribution.get('AliasICPRecordals') + distribution_dict['id'] = distribution_dict['name'] = raw_distribution.get('Id') + distribution_dict['arn'] = raw_distribution.get('ARN') + distribution_dict['aliases'] = raw_distribution.get('Aliases') + distribution_dict['status'] = raw_distribution.get('Status') + distribution_dict['cache_behaviors'] = raw_distribution.get('CacheBehaviors') + distribution_dict['restrictions'] = raw_distribution.get('Restrictions') + distribution_dict['origins'] = raw_distribution.get('Origins') + distribution_dict['domain_name'] = raw_distribution.get('DomainName') + distribution_dict['web_acl_id'] = raw_distribution.get('WebACLId') + distribution_dict['price_class'] = raw_distribution.get('PriceClass') + distribution_dict['enabled'] = raw_distribution.get('Enabled') + distribution_dict['default_cache_behavior'] = raw_distribution.get('DefaultCacheBehavior') + distribution_dict['is_ipv6_enabled'] = raw_distribution.get('IsIPV6Enabled') + distribution_dict['comment'] = raw_distribution.get('Comment') + distribution_dict['http_version'] = raw_distribution.get('HttpVersion') + distribution_dict['viewer_certificate'] = raw_distribution.get('ViewerCertificate') + distribution_dict['custom_error_responses'] = raw_distribution.get('CustomErrorResponses') + distribution_dict['last_modified_time'] = raw_distribution.get('LastModifiedTime') + distribution_dict['origin_groups'] = raw_distribution.get('OriginGroups') return distribution_dict['id'], distribution_dict + From 7c947415ef4a42272a27eb182fcf615138b5cdb6 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 16 Nov 2020 13:18:23 +0100 Subject: [PATCH 374/979] Fix bug in user data parsing --- ScoutSuite/providers/aws/facade/ec2.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index a5a78fb90..d50fb9835 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -34,17 +34,21 @@ async def get_instance_user_data(self, region: str, instance_id: str): else: try: return await self._decode_user_data(user_data_response['UserData']['Value']) - except base64.binascii.Error as e: - return await self._decode_user_data(base64.b64decode(user_data_response['UserData']['Value'] + "===")) except Exception as e: print_exception(f'Unable to decode EC2 instance user data: {e}') async def _decode_user_data(self, user_data): - value = base64.b64decode(user_data) + try: + value = base64.b64decode(user_data) + except base64.binascii.Error as e: + value = base64.b64decode(f'{user_data}===') if value[0:2] == b'\x1f\x8b': # GZIP magic number return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8') else: - return value.decode('utf-8') + try: + return value.decode('utf-8') + except UnicodeDecodeError: + return value.decode('latin-1') async def get_instances(self, region: str, vpc: str): filters = [{'Name': 'vpc-id', 'Values': [vpc]}] From 74d693dd7fb5a090b1109413aefcce99531edefc Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 16 Nov 2020 13:19:55 +0100 Subject: [PATCH 375/979] Fix bug in user data parsing --- ScoutSuite/providers/aws/facade/ec2.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index a5a78fb90..d50fb9835 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -34,17 +34,21 @@ async def get_instance_user_data(self, region: str, instance_id: str): else: try: return await self._decode_user_data(user_data_response['UserData']['Value']) - except base64.binascii.Error as e: - return await self._decode_user_data(base64.b64decode(user_data_response['UserData']['Value'] + "===")) except Exception as e: print_exception(f'Unable to decode EC2 instance user data: {e}') async def _decode_user_data(self, user_data): - value = base64.b64decode(user_data) + try: + value = base64.b64decode(user_data) + except base64.binascii.Error as e: + value = base64.b64decode(f'{user_data}===') if value[0:2] == b'\x1f\x8b': # GZIP magic number return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8') else: - return value.decode('utf-8') + try: + return value.decode('utf-8') + except UnicodeDecodeError: + return value.decode('latin-1') async def get_instances(self, region: str, vpc: str): filters = [{'Name': 'vpc-id', 'Values': [vpc]}] From bb8904bdee32217679cd2ea996b9e834fe639f00 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 16 Nov 2020 13:38:44 +0100 Subject: [PATCH 376/979] Improve user data decoding --- ScoutSuite/providers/aws/facade/ec2.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index d50fb9835..c265946c4 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -45,6 +45,12 @@ async def _decode_user_data(self, user_data): if value[0:2] == b'\x1f\x8b': # GZIP magic number return zlib.decompress(value, zlib.MAX_WBITS | 32).decode('utf-8') else: + # Try another run of b64 decoding + try: + value = base64.b64decode(value) + except Exception as e: + value = value + # Return a string, not a byte string try: return value.decode('utf-8') except UnicodeDecodeError: From 4589e9c112b03e65aaafaa70395f6edb9efaca43 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 16 Nov 2020 16:37:50 +0100 Subject: [PATCH 377/979] Address https://github.com/nccgroup/ScoutSuite/issues/929 --- ScoutSuite/providers/aws/resources/ec2/instances.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 3418b40f8..0c716df48 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -44,8 +44,7 @@ async def _parse_instance(self, raw_instance): get_keys(eni, nic, ['Association', 'Groups', 'PrivateIpAddresses', 'SubnetId', 'Ipv6Addresses']) instance['network_interfaces'][eni['NetworkInterfaceId']] = nic - instance['metadata_options'] = raw_instance['MetadataOptions'] - + instance['metadata_options'] = raw_instance.get('MetadataOptions', {}) if 'IamInstanceProfile' in raw_instance: instance['iam_role'] = raw_instance['IamInstanceProfile']['Arn'].split('/')[-1] From 7351dc5044427cd82ff37e3472040dd650a51341 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 09:55:06 +0100 Subject: [PATCH 378/979] Fix https://github.com/nccgroup/ScoutSuite/issues/916 --- ScoutSuite/providers/aws/facade/s3.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 924e513e8..be2359e6f 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -16,7 +16,7 @@ async def get_buckets(self): # This is required in case there's an IAM policy that denies access to APIs on a regional basis, # as per https://github.com/nccgroup/ScoutSuite/issues/727 buckets = [] - exception = '' + exception = None region_list = self.regions if self.regions else await run_concurrently(lambda: self.session.get_available_regions('s3')) for region in region_list: try: @@ -25,6 +25,7 @@ async def get_buckets(self): except Exception as e: exception = e else: + exception = None # Fix for https://github.com/nccgroup/ScoutSuite/issues/916#issuecomment-728783965 break if not buckets: if exception: From e11aa880ea71d063a7865ec6962f2213ad8df974 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 10:54:07 +0100 Subject: [PATCH 379/979] Add fetching and parsing for S3 encryption keys --- .../partials/aws/services.s3.buckets.html | 24 +++++++++++-------- ScoutSuite/providers/aws/facade/s3.py | 6 ++++- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html index 56537fa1d..b0d8fe3b6 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html @@ -5,16 +5,20 @@

    {{name}}

    -

    Information

    -
    ARN: {{arn}}
    -
    Region: {{region}}
    -
    Creation date: {{CreationDate}}
    -
    Logging: {{has_logging? logging}}
    -
    Default encryption: {{ convert_bool_to_enabled default_encryption_enabled}}
    -
    Versioning: {{convert_bool_to_enabled versioning_status_enabled}}
    -
    MFA Delete: {{convert_bool_to_enabled version_mfa_delete_enabled}}
    -
    Secure transport: {{convert_bool_to_enabled secure_transport_enabled}}
    -
    Static website hosting: {{convert_bool_to_enabled web_hosting_enabled}}
    +

    Information

    +
    ARN: {{arn}}
    +
    Region: {{region}}
    +
    Creation Date: {{CreationDate}}
    +
    Logging: {{has_logging? logging}}
    +
    Default Encryption: {{ convert_bool_to_enabled default_encryption_enabled}}
    + {{#if default_encryption_enabled}} +
    Encryption Algorithm: {{ value_or_none default_encryption_algorithm}}
    +
    Encryption Key: {{ value_or_none default_encryption_key}}
    + {{/if}} +
    Versioning: {{convert_bool_to_enabled versioning_status_enabled}}
    +
    MFA Delete: {{convert_bool_to_enabled version_mfa_delete_enabled}}
    +
    Secure Transport: {{convert_bool_to_enabled secure_transport_enabled}}
    +
    Static Website Hosting: {{convert_bool_to_enabled web_hosting_enabled}}
    {{> services.s3.public_access_block_configuration resource_type = 'bucket' resource_path = (concat 's3.buckets' @key)}}
    diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 1ea4e963b..b93cad5b4 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -117,8 +117,12 @@ async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): bucket_name = bucket['Name'] client = AWSFacadeUtils.get_client('s3', self.session, bucket['region']) try: - await run_concurrently(lambda: client.get_bucket_encryption(Bucket=bucket['Name'])) + config = await run_concurrently(lambda: client.get_bucket_encryption(Bucket=bucket['Name'])) bucket['default_encryption_enabled'] = True + bucket['default_encryption_algorithm'] = config.get('ServerSideEncryptionConfiguration', {})\ + .get('Rules', [{}])[0].get('ApplyServerSideEncryptionByDefault', {}).get('SSEAlgorithm') + bucket['default_encryption_key'] = config.get('ServerSideEncryptionConfiguration', {})\ + .get('Rules', [{}])[0].get('ApplyServerSideEncryptionByDefault', {}).get('KMSMasterKeyID') except ClientError as e: if 'ServerSideEncryptionConfigurationNotFoundError' in e.response['Error']['Code']: bucket['default_encryption_enabled'] = False From 9156e4c225508e62fd592fad4db2dc606ba47dcf Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 11:05:10 +0100 Subject: [PATCH 380/979] Add fetching and parsing for S3 encryption keys --- .../data/html/partials/aws/services.s3.buckets.html | 4 ++-- ScoutSuite/providers/aws/facade/s3.py | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html index b0d8fe3b6..48e2fbfed 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.s3.buckets.html @@ -12,8 +12,8 @@

    Information

    Logging: {{has_logging? logging}}
    Default Encryption: {{ convert_bool_to_enabled default_encryption_enabled}}
    {{#if default_encryption_enabled}} -
    Encryption Algorithm: {{ value_or_none default_encryption_algorithm}}
    -
    Encryption Key: {{ value_or_none default_encryption_key}}
    +
    Encryption Algorithm: {{ value_or_none default_encryption_algorithm}}
    +
    Encryption Key: {{ value_or_none default_encryption_key}}
    {{/if}}
    Versioning: {{convert_bool_to_enabled versioning_status_enabled}}
    MFA Delete: {{convert_bool_to_enabled version_mfa_delete_enabled}}
    diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index b93cad5b4..82d3f0f94 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -126,12 +126,18 @@ async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): except ClientError as e: if 'ServerSideEncryptionConfigurationNotFoundError' in e.response['Error']['Code']: bucket['default_encryption_enabled'] = False + bucket['default_encryption_algorithm'] = None + bucket['default_encryption_key'] = None else: bucket['default_encryption_enabled'] = None + bucket['default_encryption_algorithm'] = None + bucket['default_encryption_key'] = None print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') except Exception as e: - print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') bucket['default_encryption'] = 'Unknown' + bucket['default_encryption_algorithm'] = None + bucket['default_encryption_key'] = None + print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): bucket_name = bucket['Name'] From f17d41ecb4b372a9d7cbf25043ee1ab3503fb77c Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 11:15:43 +0100 Subject: [PATCH 381/979] Minor change --- .../partials/aws/services.rds.regions.id.vpcs.id.instances.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html index 2ec695bfd..6694e2ad0 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html +++ b/ScoutSuite/output/data/html/partials/aws/services.rds.regions.id.vpcs.id.instances.html @@ -12,7 +12,7 @@

    Information

  • Engine: {{Engine}}
  • Created: {{format_date InstanceCreateTime}}
  • Status: {{makeTitle DBInstanceStatus}}
    • -
  • Is read replica: {{is_read_replica}}
    • +
  • Is Read Replica: {{is_read_replica}}
  • Auto Minor Version Upgrade: {{convert_bool_to_enabled AutoMinorVersionUpgrade}}
  • Multi Availability Zones: {{convert_bool_to_enabled MultiAZ}}
  • Instance Class: {{DBInstanceClass}}
    • From 9e9e3549202d61ab0706e68afe5c3e16845c8caa Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 11:18:30 +0100 Subject: [PATCH 382/979] Improve rules --- .../aws/rules/findings/rds-instance-backup-disabled.json | 4 ++-- .../providers/aws/rules/findings/rds-snapshot-public.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json index 1188e891f..4fda05b1c 100755 --- a/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json @@ -1,6 +1,6 @@ { - "description": "Backup Disabled", - "rationale": "Backups should be enabled to enable disaster recovery.", + "description": "Instance Backups Disabled", + "rationale": "The backup retention period is a period of time between 0 and 35 days for which you can perform a point-in-time restore. Setting the backup retention period to 0 disables automated backups. Backups should be enabled to enable disaster recovery.", "references": [ "https://aws.amazon.com/rds/details/backup/" ], diff --git a/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json b/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json index 559b84160..f9cec3fed 100755 --- a/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json +++ b/ScoutSuite/providers/aws/rules/findings/rds-snapshot-public.json @@ -1,5 +1,5 @@ { - "description": "Publicly Accessible RDS Snapshot", + "description": "Publicly Accessible Snapshot", "rationale": "Snapshots should never be public, as this risks exposing sensitive data.", "references": [ "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html" From 5378da7a3b2db012943312544a2e08b26e26377d Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 11:19:47 +0100 Subject: [PATCH 383/979] Improve rules --- .../aws/rules/findings/rds-instance-backup-disabled.json | 4 +++- .../findings/rds-instance-short-backup-retention-period.json | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json index 4fda05b1c..7a47a8e59 100755 --- a/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/rds-instance-backup-disabled.json @@ -2,7 +2,9 @@ "description": "Instance Backups Disabled", "rationale": "The backup retention period is a period of time between 0 and 35 days for which you can perform a point-in-time restore. Setting the backup retention period to 0 disables automated backups. Backups should be enabled to enable disaster recovery.", "references": [ - "https://aws.amazon.com/rds/details/backup/" + "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html", + "https://aws.amazon.com/rds/details/backup/", + "https://aws.amazon.com/rds/faqs/" ], "dashboard_name": "Instances", "path": "rds.regions.id.vpcs.id.instances.id", diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json index ca2fb73a7..651b71e6c 100755 --- a/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json +++ b/ScoutSuite/providers/aws/rules/findings/rds-instance-short-backup-retention-period.json @@ -2,7 +2,9 @@ "description": "Short Backup Retention Period", "rationale": "The backup retention period is a period of time between 0 and 35 days for which you can perform a point-in-time restore. Setting the backup retention period to 0 disables automated backups.

    It is recommended that the retention period is set to at least 30 days. Having a short retention period will impact how far back in time the database can be restored to, and may affect integrity and availability of data.", "references": [ - "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html" + "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html", + "https://aws.amazon.com/rds/details/backup/", + "https://aws.amazon.com/rds/faqs/" ], "dashboard_name": "Instances", "path": "rds.regions.id.vpcs.id.instances.id", From 770b8e41e3919a8f206c61407e74d35976d0d181 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 11:53:11 +0100 Subject: [PATCH 384/979] Add condition --- ScoutSuite/core/conditions.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index c20f920e5..df9f7fbe2 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -277,6 +277,19 @@ def pass_condition(b, test, a): if c == a or re.match(r'arn:aws:iam:.*?:%s:.*' % a, c): result = True break + elif test == 'isAccountRoot': + result = False + if type(b) != list: + b = [b] + for c in b: + if type(c) == dict and 'AWS' in c: + c = c['AWS'] + if type(c) != list: + c = [c] + for i in c: + if i == a or re.match(r'arn:aws:iam:.*?:%s:root' % a, i): + result = True + break # Unknown test case else: From 935bf8948b8b4b20c5e72604ccdb7cb0d21ba74c Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 13:02:14 +0100 Subject: [PATCH 385/979] Improve formatting --- .../output/data/html/partials/aliyun/services.ram.users.html | 2 +- .../partials/aws/services.dynamodb.regions.id.tables.html | 2 +- .../html/partials/aws/services.ec2.regions.id.snapshots.html | 2 +- .../partials/aws/services.route53.regions.id.domains.html | 4 ++-- .../output/data/html/partials/azure/services.aad.groups.html | 4 ++-- .../html/partials/azure/services.aad.service_principals.html | 2 +- .../output/data/html/partials/azure/services.aad.users.html | 2 +- .../azure/services.appservice.subscriptions.id.web_apps.html | 4 ++-- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html b/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html index 5cb940f65..4fcc0566b 100755 --- a/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html +++ b/ScoutSuite/output/data/html/partials/aliyun/services.ram.users.html @@ -14,7 +14,7 @@

    Information

    Email: {{value_or_none email}}
    Mobile Phone: {{value_or_none mobile_phone}}
    -
    Console Access: {{convert_bool_to_enabled console_access}}
    +
    Console Access: {{convert_bool_to_enabled console_access}}
    MFA Configured: {{mfa_status}}
    diff --git a/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html index d72f7efdb..13476efe4 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html +++ b/ScoutSuite/output/data/html/partials/aws/services.dynamodb.regions.id.tables.html @@ -10,7 +10,7 @@

    Information

    ARN: {{value_or_none arn}}
    Status: {{value_or_none table_status}}
    Creation Date: {{format_date creation_date_time}}
    -
    Automatic Backups: {{convert_bool_to_enabled automatic_backups_enabled}}
    +
    Automatic Backups: {{convert_bool_to_enabled automatic_backups_enabled}}
    Item Count: {{value_or_none item_count}}
    {{#if tags}} diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html index eb5244ad4..6e7806719 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.snapshots.html @@ -15,7 +15,7 @@

    Information

    Start Time: {{value_or_none start_time}}
    Volume: {{> resource_link resource_path = (concat 'services.ec2.regions' region 'volumes' volume_id )}}
    Owner ID: {{value_or_none owner_id}}
    -
    Encryption: {{convert_bool_to_enabled encrypted}}
    +
    Encryption: {{convert_bool_to_enabled encrypted}}
    KMS Key ID: {{value_or_none kms_key_id}}
    diff --git a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html index 4aec7945a..0819bb0c5 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html +++ b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.domains.html @@ -7,10 +7,10 @@

    {{name}}

    Information

    ARN: {{value_or_none arn}}
    Auto Renew: {{convert_bool_to_enabled auto_renew}} + id="route53.regions.id.domains.{{@key}}.auto_renew">{{convert_bool_to_enabled auto_renew}}
    Transfer Lock: - {{convert_bool_to_enabled transfer_lock}} + {{convert_bool_to_enabled transfer_lock}} This domain's top-level domain (TLD) does not support domain locking. diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html b/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html index 713e4e579..df73bab39 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html +++ b/ScoutSuite/output/data/html/partials/azure/services.aad.groups.html @@ -9,9 +9,9 @@

    Information

    Name: {{value_or_none name}}
    Type: {{value_or_none object_type}}
    Mail Nickname: {{value_or_none mail_nickname}}
    -
    Mail Status: {{convert_bool_to_enabled mail_enabled}}
    +
    Mail Status: {{convert_bool_to_enabled mail_enabled}}
    Mail: {{value_or_none mail}}
    -
    Security Status: {{convert_bool_to_enabled security_enabled}}
    +
    Security Status: {{convert_bool_to_enabled security_enabled}}
    Deletion Timestamp: {{value_or_none deletion_timestamp}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html b/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html index d737dafb3..5548e21dd 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html +++ b/ScoutSuite/output/data/html/partials/azure/services.aad.service_principals.html @@ -17,7 +17,7 @@

    Information

    None
    {{/each}}
    -
    Status: {{convert_bool_to_enabled account_enabled}}
    +
    Status: {{convert_bool_to_enabled account_enabled}}
    {{#if app_name}}
    App: {{value_or_none app_name}}
    {{else}} diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.users.html b/ScoutSuite/output/data/html/partials/azure/services.aad.users.html index 30cf1a4d5..971c765a4 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.aad.users.html +++ b/ScoutSuite/output/data/html/partials/azure/services.aad.users.html @@ -14,7 +14,7 @@

    Information

    Mail: {{value_or_none mail}}
    Sign-In Names: {{value_or_none sign_in_names}}
    Type: {{value_or_none user_type}}
    -
    Status: {{convert_bool_to_enabled account_enabled}}
    +
    Status: {{convert_bool_to_enabled account_enabled}}
    Usage Location: {{value_or_none usage_location}}
    Deletion Timestamp: {{value_or_none deletion_timestamp}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html index a28e17413..0e0d7fa06 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html +++ b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html @@ -29,12 +29,12 @@

    Information

    Configuration

    -
    Authentication: {{convert_bool_to_enabled authentication_enabled}}
    +
    Authentication: {{convert_bool_to_enabled authentication_enabled}}
    HTTPS-Only Traffic: {{convert_bool_to_enabled https_only}}
    HTTPS 2.0 Support: {{convert_bool_to_enabled http_2_enabled}}
    HTTP Logging: {{convert_bool_to_enabled http_logging_enabled}}
    Minimum TLS Version Supported: {{value_or_none minimum_tls_version_supported}}
    -
    Client Certificates: {{convert_bool_to_enabled client_cert_enabled}}
    +
    Client Certificates: {{convert_bool_to_enabled client_cert_enabled}}
    {{#if identity}}
    From cd8e1ed8f998f3f2eadefea72ad377f414854658 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 17 Nov 2020 13:04:56 +0100 Subject: [PATCH 386/979] Improve fetching and parsing --- ...ces.secretsmanager.regions.id.secrets.html | 12 ++++++ .../providers/aws/facade/secretsmanager.py | 43 ++++++++++++++++++- .../aws/resources/secretsmanager/secrets.py | 11 ++++- 3 files changed, 64 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html b/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html index caab24cb8..c1864179c 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html +++ b/ScoutSuite/output/data/html/partials/aws/services.secretsmanager.regions.id.secrets.html @@ -9,7 +9,19 @@

    Information

    ARN: {{value_or_none arn}}
    Description: {{value_or_none description}}
    Last Changed Date: {{format_date last_changed_date}}
    +
    Last Accessed Date: {{format_date last_accessed_date}}
    +
    KMS Key: {{value_or_none kms}}
    +
    Rotation: {{convert_bool_to_enabled rotation}}
    + {{#if rotation}} +
    Rotation Lambda ARN: {{value_or_none rotation_lambda_arn}}
    +
    Rotation Interval: {{value_or_none rotation_interval}}
    + {{/if}}
    + {{#if policy}} +
    + {{> accordion_policy name = 'Resource Permissions ' policy_path = (concat 'secretsmanager.regions' region 'secrets' @key 'policy') document = policy}} +
    + {{/if}} diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json new file mode 100644 index 000000000..b48cbf1d5 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json @@ -0,0 +1,18 @@ +{ + "description": "Content Distribution with Clear-Text Origin TLS Policy", + "rationale": "Distributing content between AWS CloudFront distributions and their custom origins over clear-text HTTP, without using AWS encryption solutions, can potentially expose sensitive data.", + "references": [ + "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html" + ], + "dashboard_name": "Distributions", + "path": "cloudfront.distributions.id", + "conditions": [ + "and", + [ + "cloudfront.distributions.id.origins", + "containString", + "http-only" + ] + ], + "class_suffix": "config_policy" +} diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json index 271dbfcbc..088158113 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json @@ -1,17 +1,28 @@ { - "description": "CloudFront Insecure Content Distribution - Insecure Custom Origin Policy ", - "rationale": "Distributing insecure content between AWS CloudFront distributions and their custom origins, without using AWS encryption solutions. (Depends on the content data classification, this could be false-positive finding.)", + "description": "Content Distribution with Insecure Origin TLS Policy", + "rationale": "Distributing content between AWS CloudFront distributions and their custom origins over HTTPS using older SSL/TLS protocols can potentially expose sensitive data.", "references": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html" ], "dashboard_name": "Distributions", "path": "cloudfront.distributions.id", "conditions": [ - "and", + "or", [ "cloudfront.distributions.id.origins", "containString", "http-only" + ], + [ + "cloudfront.distributions.id.view_certificate.MinimumProtocolVersion.", + "containNoneOf", + [ + "TLSv1.1", + "TLSv1.1_2016", + "TLSv1.2_2018", + "TLSv1.2_2019" + ] ] - ] + ], + "class_suffix": "config_protocols" } diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json index c00ea990f..df84d29fb 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json @@ -1,6 +1,6 @@ { - "description": "CloudFront Insecure Content Distribution - Insufficient Viewer Security Policy ", - "rationale": "Distributing insecure content to the Internet viewers (browsers), without using AWS encryption solutions; or using an encyption standard prior to TLSv1.1. So that the content data may be easily sniffed when in transit. (Depends on the content data classification, this could be false-positive finding.)", + "description": "Content Distribution with Insufficient Viewer Security Policy", + "rationale": "Distributing content between AWS CloudFront distributions and their custom origins without the use of a valid certificate, can potentially expose sensitive data.", "references": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html" ], @@ -11,16 +11,8 @@ [ "this", "withoutKey", - "view_certificate" ], - [ - "cloudfront.distributions.id.view_certificate.MinimumProtocolVersion.", - "containNoneOf", - [ - "TLSv1.1", - "TLSv1.1_2016", - "TLSv1.2_2018", - "TLSv1.2_2019" - ] + "view_certificate" ] - ] + ], + "id_suffix": "certificate" } diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index 52c899e43..8142ee25b 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -1,6 +1,25 @@ { "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", "rules": { + "cloudfront-distribution-cleartext-origin.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudfront-distribution-insecure-origin.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudfront-distribution-insufficient-viewer-security.json": [ + { + "enabled": true, + "level": "warning" + } + + ], "acm-certificate-with-close-expiration-date.json": [ { "args": [ From c2c38459d2309321eea69592d2a8ab6ca538a912 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 29 Dec 2020 15:33:44 +0100 Subject: [PATCH 412/979] Add findings and sort rulesets --- .../providers/aws/rules/rulesets/default.json | 23 +++++++++---------- .../aws/rules/rulesets/detailed.json | 18 +++++++++++++++ 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index 8142ee25b..af10954c6 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -1,44 +1,43 @@ { "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", "rules": { - "cloudfront-distribution-cleartext-origin.json": [ + "acm-certificate-with-close-expiration-date.json": [ { + "args": [ + "7" + ], "enabled": true, "level": "warning" } ], - "cloudfront-distribution-insecure-origin.json": [ + "acm-certificate-with-transparency-logging-disabled.json": [ { "enabled": true, "level": "warning" } ], - "cloudfront-distribution-insufficient-viewer-security.json": [ + "cloudformation-stack-with-role.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } - ], - "acm-certificate-with-close-expiration-date.json": [ + "cloudfront-distribution-cleartext-origin.json": [ { - "args": [ - "7" - ], "enabled": true, "level": "warning" } ], - "acm-certificate-with-transparency-logging-disabled.json": [ + "cloudfront-distribution-insecure-origin.json": [ { "enabled": true, "level": "warning" } ], - "cloudformation-stack-with-role.json": [ + "cloudfront-distribution-insufficient-viewer-security.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], "cloudtrail-duplicated-global-services-logging.json": [ diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index 14f857177..d396afed5 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -22,6 +22,24 @@ "level": "danger" } ], + "cloudfront-distribution-cleartext-origin.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudfront-distribution-insecure-origin.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudfront-distribution-insufficient-viewer-security.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudtrail-duplicated-global-services-logging.json": [ { "enabled": true, From 89e74256fb9d784b6f5dc3ebc2555232fc836624 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 18 Jan 2021 11:46:22 +0100 Subject: [PATCH 413/979] Update README --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 024c9db1b..a3430db33 100755 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![Workflow](https://github.com/nccgroup/ScoutSuite/workflows/CI%20Workflow/badge.svg)](https://github.com/nccgroup/ScoutSuite/actions) [![CodeCov](https://codecov.io/gh/nccgroup/ScoutSuite/branch/master/graph/badge.svg)](https://codecov.io/gh/nccgroup/ScoutSuite) + [![PyPI version](https://badge.fury.io/py/ScoutSuite.svg)](https://badge.fury.io/py/ScoutSuite) [![PyPI downloads](https://img.shields.io/pypi/dm/scoutsuite)](https://img.shields.io/pypi/dm/scoutsuite) [![Docker Hub](https://img.shields.io/badge/Docker%20Hub-rossja%2Fncc--scoutsuite-blue)](https://hub.docker.com/r/rossja/ncc-scoutsuite/) @@ -47,3 +48,17 @@ The above report was generated by running Scout Suite against https://github.com Additional information can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki). There are also a number of handy [tools](https://github.com/nccgroup/ScoutSuite/tree/master/tools) for automation of common tasks. + +## NCC Scout + +Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice. + +It features: + +- Persistent monitoring - so you know about changes or issues as they arise +- One tool - all configuration checks in one place for speed and simplicity +- Multi-vendor support - AWS, Azure and GCP public cloud accounts +- Agnostic platform - a trusted third-party tool + +**NCC Scout now has a free tier under our "Freemium" offering**. +This offering provides access to NCC Group’s extended scanning rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring. From 088b30386a4d1b689618b120419603c874947dc2 Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Thu, 21 Jan 2021 07:06:03 -0500 Subject: [PATCH 414/979] updated tooling to current revs. pulling in current scout image also --- docker/Dockerfile | 42 +++++++++++-------- docker/bin/container-install-aws2.sh | 32 +++++++------- docker/bin/container-install-azure.sh | 5 +-- docker/bin/container-install-gcp.sh | 13 +++--- ...tional.sh => container-install-prereqs.sh} | 18 +++----- docker/bin/container-install-scoutsuite.sh | 4 -- docker/bin/container-set-init.sh | 7 ++++ docker/bin/container-set-motd.sh | 6 --- docker/build.sh | 29 ++++++------- docker/config/build.env | 8 +++- docker/docker-compose.yaml | 19 +++++---- 11 files changed, 92 insertions(+), 91 deletions(-) rename docker/bin/{container-install-additional.sh => container-install-prereqs.sh} (64%) create mode 100755 docker/bin/container-set-init.sh delete mode 100755 docker/bin/container-set-motd.sh diff --git a/docker/Dockerfile b/docker/Dockerfile index 53f5e86b3..9c49bcc40 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,33 +2,36 @@ FROM python:3.8 LABEL maintainer="Jason Ross " -ARG VCS_REF -ARG VCS_URL -ARG VERSION ARG BUILD_DATE -ARG VENDOR ARG NAME ARG DESCRIPTION +ARG VCS_REF +ARG VCS_URL +ARG VENDOR +ARG VERSION +ARG IMAGE_NAME + +ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} +ENV TERM=${TERM} +ENV IBMCLOUD_COLOR=${IBMCLOUD_COLOR} # Build-time metadata as defined at http://label-schema.org LABEL \ org.label-schema.schema-version="1.0" \ - org.label-schema.build-date=$BUILD_DATE \ - org.label-schema.name=$NAME \ - org.label-schema.description=$DESCRIPTION \ - org.label-schema.vcs-ref=$VCS_REF \ - org.label-schema.vcs-url=$VCS_URL \ - org.label-schema.vendor=$VENDOR \ - org.label-schema.version=$VERSION + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.name="${NAME}" \ + org.label-schema.description="${DESCRIPTION}" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${VCS_URL}" \ + org.label-schema.vendor="${VENDOR}" \ + org.label-schema.version="${VERSION}" \ + org.label.image-name="${IMAGE_NAME}" # Copy helper scripts to container -COPY bin /root/bin - -# Install any additional software -RUN ["/bin/bash", "-c", "/root/bin/container-install-additional.sh"] +ADD bin /root/bin -# Set a nice message -RUN ["/bin/bash", "-c", "/root/bin/container-set-motd.sh"] +# Install required software +RUN ["/bin/bash", "-c", "/root/bin/container-install-prereqs.sh"] # Install AWS CLI RUN ["/bin/bash", "-c", "/root/bin/container-install-aws2.sh"] @@ -42,8 +45,11 @@ RUN ["/bin/bash", "-c", "/root/bin/container-install-gcp.sh"] # Install ScoutSuite RUN ["/bin/bash", "-c", "/root/bin/container-install-scoutsuite.sh"] +# Set a nice message +RUN ["/bin/bash", "-c", "/root/bin/container-set-init.sh"] + # Remove scripts RUN ["rm", "-rf", "/root/bin"] # Command -CMD ["/bin/bash"] \ No newline at end of file +CMD ["/bin/bash"] diff --git a/docker/bin/container-install-aws2.sh b/docker/bin/container-install-aws2.sh index 253a84c2b..d8f9e521b 100755 --- a/docker/bin/container-install-aws2.sh +++ b/docker/bin/container-install-aws2.sh @@ -1,12 +1,9 @@ #!/bin/bash +export DEBIAN_FRONTEND=noninteractive # ===================================== -# container-scoutsuite-install.sh -# ===================================== -# AUTHOR: jason.ross@nccgroup.com -# VERSION: 0.1.0 +# install the AWS CLI Tools # ===================================== -export DEBIAN_FRONTEND=noninteractive WORKDIR=/root TMPDIR=/tmp @@ -35,16 +32,23 @@ rm -rf ${TMPDIR}/aws # if the aws config directory already exists # then we do nothing and leave it alone if [ ! -d ${AWSDIR} ]; then - mkdir ${AWSDIR} - - # create the config template - cat <<'EOF' >${AWSDIR}/config - [default] - region = us-east-1 - output = json - aws_access_key_id = - aws_secret_access_key = +mkdir ${AWSDIR} + +# create the config template +cat <<'EOF' >${AWSDIR}/config +[default] +region = us-east-1 +output = json EOF + +# create the credentials template +cat <<'EOF' >${AWSDIR}/credentials +[default] +aws_access_key_id = +aws_secret_access_key = +EOF + fi + echo -e "\n\nAWS2 CLI Installation Complete!\n\n" diff --git a/docker/bin/container-install-azure.sh b/docker/bin/container-install-azure.sh index 81057ae09..540308835 100755 --- a/docker/bin/container-install-azure.sh +++ b/docker/bin/container-install-azure.sh @@ -1,12 +1,9 @@ #!/bin/bash +export DEBIAN_FRONTEND=noninteractive # ===================================== # install the Azure CLI Tools # ===================================== -# AUTHOR: jason.ross@nccgroup.com -# VERSION: 0.1.0 -# ===================================== -export DEBIAN_FRONTEND=noninteractive WORKDIR=/root TMPDIR=/tmp diff --git a/docker/bin/container-install-gcp.sh b/docker/bin/container-install-gcp.sh index fd602e1fb..2d03a2418 100755 --- a/docker/bin/container-install-gcp.sh +++ b/docker/bin/container-install-gcp.sh @@ -1,12 +1,9 @@ #!/bin/bash +export DEBIAN_FRONTEND=noninteractive # ===================================== # install gCloud SDK CLI Tools # ===================================== -# AUTHOR: jason.ross@nccgroup.com -# VERSION: 0.1.0 -# ===================================== -export DEBIAN_FRONTEND=noninteractive WORKDIR=/root TMPDIR=/tmp @@ -15,13 +12,13 @@ cd ${TMPDIR} echo -e "\n\ngCloud SDK Installation Starting...\n\n" # add the gcp repo to apt -echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list +echo "deb [signed-by=/etc/apt/trusted.gpg.d/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list # add the gcp pubkey to apt -curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - +curl https://packages.cloud.google.com./apt/doc/apt-key.gpg > /etc/apt/trusted.gpg.d/cloud.google.gpg -# install the sdk + some extra python-related bits -apt-get update && apt-get install -y google-cloud-sdk google-cloud-sdk-app-engine-python google-cloud-sdk-app-engine-python-extras +# install the sdk + kubectl + some extra python-related bits +apt-get update && apt-get install -y google-cloud-sdk google-cloud-sdk-app-engine-python google-cloud-sdk-app-engine-python-extras kubectl # let folks know the install is done echo -e "\n\ngCloud SDK Installation Complete!\n\n" diff --git a/docker/bin/container-install-additional.sh b/docker/bin/container-install-prereqs.sh similarity index 64% rename from docker/bin/container-install-additional.sh rename to docker/bin/container-install-prereqs.sh index e603e0a15..af4173210 100755 --- a/docker/bin/container-install-additional.sh +++ b/docker/bin/container-install-prereqs.sh @@ -1,13 +1,10 @@ #!/bin/bash +export DEBIAN_FRONTEND=noninteractive # ===================================== # install software packages needed for # all the other components to run # ===================================== -# AUTHOR: jason.ross@nccgroup.com -# VERSION: 0.1.0 -# ===================================== -export DEBIAN_FRONTEND=noninteractive WORKDIR=/root TMPDIR=/tmp @@ -15,11 +12,6 @@ cd ${TMPDIR} echo -e "\n\nSoftware Pre-reqs Installation Starting...\n\n" -# ===================================== -# make sure the timezone gets set to UTC -# ===================================== -ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime - # ===================================== # set up the pre-reqs # ===================================== @@ -33,17 +25,17 @@ apt-get install -qy \ dialog \ gnupg \ groff \ + jq \ less \ lsb-release \ nano \ python3 \ python3-pip \ + tzdata \ unzip \ vim \ virtualenv \ - virtualenvwrapper - -# reconfigure the tzdata package to make sure it picks up the UTC bit -dpkg-reconfigure --frontend noninteractive tzdata + virtualenvwrapper \ + wget echo -e "\n\nSoftware Pre-reqs Installation Complete!\n\n" diff --git a/docker/bin/container-install-scoutsuite.sh b/docker/bin/container-install-scoutsuite.sh index 2ebe85785..cfe5311f1 100755 --- a/docker/bin/container-install-scoutsuite.sh +++ b/docker/bin/container-install-scoutsuite.sh @@ -3,10 +3,6 @@ # ===================================== # install ScoutSuite into a virtual env # ===================================== -# AUTHOR: jason.ross@nccgroup.com -# VERSION: 0.1.0 -# ===================================== -export DEBIAN_FRONTEND=noninteractive WORKDIR=/root TMPDIR=/tmp diff --git a/docker/bin/container-set-init.sh b/docker/bin/container-set-init.sh new file mode 100755 index 000000000..7f89131c7 --- /dev/null +++ b/docker/bin/container-set-init.sh @@ -0,0 +1,7 @@ +#!/bin/bash +cat <<'EOF' >> /root/.bashrc +export TERM=linux +cd ${HOME} +source ${HOME}/scoutsuite/bin/activate +echo -e "Welcome to Sscoutsuite!\nYou are already in the Scoutsuite virtual environment, so just type \`scout\` to run it!\n (for example: \`scout -h\` to see the help documentation).\n\nHave fun!\n\n" +EOF diff --git a/docker/bin/container-set-motd.sh b/docker/bin/container-set-motd.sh deleted file mode 100755 index 5ed02d14a..000000000 --- a/docker/bin/container-set-motd.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -cat <<'EOF' >> /root/.bashrc -cd ${HOME} -source ${HOME}/scoutsuite/bin/activate -echo -e "Welcome to ScoutSuite!\nTo run ScoutSuite, just type \`scout -h\` to see the help documentation.\nHave fun!\n\n" -EOF \ No newline at end of file diff --git a/docker/build.sh b/docker/build.sh index fd7a488ba..1ef82ac22 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -1,19 +1,20 @@ #!/bin/bash echo -e "\n\nbuild running...\n" -source ../config/build.env +source ./config/build.env BUILD_CMD="docker build \ - -t ${IMAGE_NAME} \ - -t ${VENDOR}/${NAME}:${VERSION} \ - --build-arg VCS_REF=${VCS_REF} \ - --build-arg VCS_URL=${VCS_URL} \ - --build-arg VERSION=${VERSION} \ - --build-arg BUILD_DATE=${BUILD_DATE} \ - --build-arg NAME=${NAME} \ - --build-arg VENDOR=${VENDOR} \ - --build-arg IMAGE_NAME=${IMAGE_NAME} \ - ." - # --build-arg DESCRIPTION=${DESCRIPTION} \ - +-t ${IMAGE_NAME} \ +-t ${IMAGE_NAME} \ +--build-arg BUILD_DATE=${BUILD_DATE} \ +--build-arg NAME=${NAME} \ +--build-arg VCS_REF=${VCS_REF} \ +--build-arg VCS_URL=${VCS_URL} \ +--build-arg VENDOR=${VENDOR} \ +--build-arg VERSION=${VERSION} \ +--build-arg IMAGE_NAME=${IMAGE_NAME} \ +." +# wtf. idk why this doesn't work +# --build-arg DESCRIPTION=\"${DESCRIPTION}\" \ + echo -e "\n\nbuilding image using:\n${BUILD_CMD}" -exec ${BUILD_CMD} \ No newline at end of file +exec ${BUILD_CMD} diff --git a/docker/config/build.env b/docker/config/build.env index e2175e243..cd22fe07a 100644 --- a/docker/config/build.env +++ b/docker/config/build.env @@ -1,9 +1,13 @@ VCS_REF=$(git rev-parse --short HEAD) VCS_URL='https://github.com/nccgroup/ScoutSuite' -VERSION='0.2.2' +VERSION='0.3.0' BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") VENDOR='nccgroup' NAME='scoutsuite' DESCRIPTION='A ready-to-go NCC Group ScoutSuite container based on Ubuntu.' IMAGE_NAME="${VENDOR}/${NAME}:${VERSION}" -MICROSCANNER_TOKEN="" + +# These are passed in as env vars to the container at runtime +IBMCLOUD_COLOR=true +DEBIAN_FRONTEND=noninteractive +TERM=linux \ No newline at end of file diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index cf79659e8..bf68f4814 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -1,4 +1,4 @@ -version: "3.7" +version: "3.8" services: ncc-scoutsuite: image: scoutsuite:latest @@ -8,10 +8,13 @@ services: context: . dockerfile: Dockerfile args: - - VCS_REF - - VCS_URL - - VERSION - - BUILD_DATE - - VENDOR - - NAME - - DESCRIPTION + - VCS_REF=${VCS_REF} + - VCS_URL=${VCS_URL} + - VERSION=${VERSION} + - BUILD_DATE=${BUILD_DATE} + - VENDOR=${VENDOR} + - NAME=${NAME} + - IMAGE_NAME=${IMAGE_NAME} + - DESCRIPTION=${DESCRIPTION} + env_file: + - config/build.env \ No newline at end of file From 56d071b7e44786d8f70f653c78f8bb6eefc4879e Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 25 Jan 2021 12:25:36 +0100 Subject: [PATCH 415/979] Fixed bug where returned path was incorrect after sanitizing --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index cdcc4c386..7d6a8258a 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1004,7 +1004,7 @@ function updateTitle(title) { * Updates the Document Object Model */ function showPageFromHash() { - myhash = location.hash.replace(/[^a-z|0-9|.]/gi,'') + myhash = location.hash.replace(/[^a-z|0-9|.#-]/gi,'') if (myhash) { updateDOM(myhash) } else { From c99e8637383f651e7125332b4cb54b69dd79a09d Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 26 Jan 2021 11:29:34 +0100 Subject: [PATCH 416/979] Update azure-mgmt-compute to 12.0.0 for accurate disk encryption reporting --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c761c03e6..659723227 100755 --- a/requirements.txt +++ b/requirements.txt @@ -45,7 +45,7 @@ azure-mgmt-keyvault==1.1.0 azure-mgmt-network==2.5.1 azure-mgmt-redis==6.0.0 azure-mgmt-web==0.47.0 -azure-mgmt-compute==5.0.0 +azure-mgmt-compute==12.0.0 azure-mgmt-authorization==0.60.0 # Aliyun / Alibaba Cloud Provider From 0c3d993605a1b0610f0545a9c2edcab9569d9296 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 26 Jan 2021 18:29:42 +0100 Subject: [PATCH 417/979] Fixed processing for: - Additional Capabilities - Plan - Zones - Hardware Profile - Diagnostics Profile - OS Profile - Storage Profile Added display information for: - Hardware Profile - Diagnostics Profile - OS Profile - Storage Profile --- ...almachines.subscriptions.id.instances.html | 45 +++++++++-- .../resources/virtualmachines/instances.py | 74 ++++++++++++++++--- 2 files changed, 103 insertions(+), 16 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html index ce32ba05a..014d704da 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html +++ b/ScoutSuite/output/data/html/partials/azure/services.virtualmachines.subscriptions.id.instances.html @@ -8,15 +8,50 @@

    Information

    Name: {{value_or_none name}}
    VM ID: {{value_or_none vm_id}}
    Location: {{value_or_none location}}
    +
    Zones: {{value_or_none zones}}
    +
    Proximity Placement Group: {{value_or_none proximity_placement_group}}
    +
    Availability Set: {{value_or_none availability_set}}
    Provisioning State: {{value_or_none provisioning_state}}
    Identity Principal ID: {{value_or_none identity.principal_id}}
    License Type: {{value_or_none license_type}}
    Plan: {{value_or_none plan}}
    -
    Zones: {{value_or_none zones}}
    -
    Instance View: {{value_or_none instance_view}}
    -
    Proximity Placement Group: {{value_or_none proximity_placement_group}}
    -
    Availability Set: {{value_or_none availability_set}}
    -
    Additional Capabilities: {{value_or_none additional_capabilities}}
    +
    Hardware Profile: {{value_or_none hardware_profile}}
    +
    Diagnostics Profile: + {{#each diagnostics_profile}} +
      +
    • {{@key}}: {{value_or_none this}}
      • +
    + {{else}} +
    None
    + {{/each}} +
    +
    OS Profile: + {{#each os_profile}} +
      +
    • {{@key}}: {{value_or_none this}}
      • +
    + {{else}} +
    None
    + {{/each}} +
    +
    Storage Profile: + {{#each storage_profile}} +
      +
    • {{@key}}: {{value_or_none this}}
      • +
    + {{else}} +
    None
    + {{/each}} +
    +
    Additional Capabilities: + {{#each additional_capabilities}} +
      +
    • {{this}}
      • +
    + {{else}} +
    None
    + {{/each}} +
    Tags: {{#each tags}}
    Date: Wed, 27 Jan 2021 11:09:03 +0100 Subject: [PATCH 418/979] Removed unused import that was added for testing --- .../providers/azure/resources/virtualmachines/instances.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index 42085967f..34c5a9e93 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -5,8 +5,6 @@ from ScoutSuite.providers.azure.utils import get_resource_group_name -from pydoc import locate - class Instances(AzureResources): def __init__(self, facade: AzureFacade, subscription_id: str): From 3320c0c711db058a4636d063bb12c30ba811466f Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 27 Jan 2021 13:34:10 +0100 Subject: [PATCH 419/979] Added best practices references to IAM findings --- .../rules/findings/iam-password-policy-minimum-length.json | 4 +++- .../findings/iam-password-policy-no-lowercase-required.json | 4 +++- .../findings/iam-password-policy-no-number-required.json | 4 +++- .../findings/iam-password-policy-no-symbol-required.json | 4 +++- .../findings/iam-password-policy-no-uppercase-required.json | 4 +++- .../rules/findings/iam-root-account-no-hardware-mfa.json | 3 ++- .../aws/rules/findings/iam-root-account-no-mfa.json | 3 ++- .../aws/rules/findings/iam-root-account-used-recently.json | 6 +++++- .../rules/findings/iam-root-account-with-active-certs.json | 3 ++- .../rules/findings/iam-root-account-with-active-keys.json | 6 +++++- .../providers/aws/rules/findings/iam-user-without-mfa.json | 3 ++- 11 files changed, 33 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json index df12565c0..06213d207 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-minimum-length.json @@ -20,7 +20,9 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.9" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.9", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password" ], "dashboard_name": "Password policy", "path": "iam.password_policy.MinimumPasswordLength", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json index 6a7507a67..6c18e3f93 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-lowercase-required.json @@ -20,7 +20,9 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.6" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.6", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password" ], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireLowercaseCharacters", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json index 048d63bbe..8d4619299 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-number-required.json @@ -20,7 +20,9 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.8" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.8", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password" ], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireNumbers", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json index bcfd2abe5..721131414 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-symbol-required.json @@ -20,7 +20,9 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.7" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.7", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password" ], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireSymbols", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json index 9ca4e33f5..41c399ffb 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-password-policy-no-uppercase-required.json @@ -20,7 +20,9 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.5" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.5", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_complex-password", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_complex-password" ], "dashboard_name": "Password policy", "path": "iam.password_policy.RequireUppercaseCharacters", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json index a25ef5da6..c1a8fe3ce 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json @@ -20,7 +20,8 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_mfa" ], "dashboard_name": "Accounts", "path": "iam.credential_reports.id", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json index 6e0a4da8e..9d6da2c60 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json @@ -15,7 +15,8 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-cis-controls-1.13", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_mfa" ], "dashboard_name": "Accounts", "path": "iam.credential_reports.id", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json index d3400043f..8115f53d8 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-used-recently.json @@ -21,7 +21,11 @@ ], "references": [ "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1", - "https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html" + "https://docs.aws.amazon.com/general/latest/gr/aws_tasks-that-require-root.html", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_review-access", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_document-processes", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_monitor-access" ], "dashboard_name": "Root account", "path": "iam.credential_reports.id", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json index df7a8ded5..1f637bbc0 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-certs.json @@ -2,7 +2,8 @@ "description": "Root Account Has Active X.509 Certs", "rationale": "Root account X.509 certificates should be deleted as they may be used to make SOAP-protocol requests in the context of the root account.", "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use" ], "dashboard_name": "Root account", "path": "iam.credential_reports.id", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json index baf4df44e..763cd05d0 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json @@ -20,7 +20,11 @@ } ], "references": [ - "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1" + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html#securityhub-standards-cis-controls-1.1", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_review-access", + "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_document-processes" + ], "dashboard_name": "Root account", "path": "iam.credential_reports.id", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json index 64e2c3bd6..e7333ce2f 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-without-mfa.json @@ -20,7 +20,8 @@ } ], "references": [ - "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users" + "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users", + "https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#best-practices_mbr-acct_mfa" ], "dashboard_name": "Users", "path": "iam.users.id", From e5f0e8ccc02d249067f02f1e05e1c4433c5613d7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 28 Jan 2021 14:25:08 +0100 Subject: [PATCH 420/979] Unified imports in AWS provider --- ScoutSuite/providers/aws/provider.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 5ce6ffe12..0018eebb1 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -4,11 +4,10 @@ from ScoutSuite.core.console import print_error, print_exception, print_debug from ScoutSuite.providers.aws.services import AWSServicesConfig from ScoutSuite.providers.aws.resources.vpc.base import put_cidr_name -from ScoutSuite.providers.aws.utils import ec2_classic, get_aws_account_id +from ScoutSuite.providers.aws.utils import ec2_classic, get_aws_account_id, get_partition_name from ScoutSuite.providers.base.configs.browser import combine_paths, get_object_at, get_value_at from ScoutSuite.providers.base.provider import BaseProvider from ScoutSuite.utils import manage_dictionary -from ScoutSuite.providers.aws.utils import get_partition_name class AWSProvider(BaseProvider): From 92343fb2a8417ca6f6abb92d1ac1068692add795 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 28 Jan 2021 14:25:46 +0100 Subject: [PATCH 421/979] Added a helper function to format resource ARNs --- ScoutSuite/providers/aws/utils.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index c4e762d30..9c426f2ba 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -111,3 +111,27 @@ def snake_keys(d): else: new_table[new_key] = d[k] return new_table + +def format_arn(partition, service, region, account_id, resource_id, resource_type=None): + """ + Formats a resource ARN based on the parameters + + :param partition: The partition where the resource is located + :param service: The service namespace that identified the AWS product + :param region: The corresponding region + :param account_id: The ID of the AWS account that owns the resource + :param resource_id: The resource identified + :param resource_type: (Optional) The resource type + :return: Resource ARN + """ + + try: + # If a resource type is specified + if resource_type is not None: + arn = 'arn:{}:{}:{}:{}:{}/{}'.format(partition, service, region, account_id, resource_type, resource_id) + else: + arn = 'arn:{}:{}:{}:{}:{}'.format(partition, service, region, account_id, resource_id) + except Exception as e: + print_exception(f'Failed to parse a resource ARN: {e}') + return None + return arn From c30323dcec26764a19b5917f1d0e5a5343480d14 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 29 Jan 2021 12:58:29 +0100 Subject: [PATCH 422/979] Changed ARN processing for resources implemented in #511 --- ScoutSuite/providers/aws/resources/ec2/ami.py | 8 +++++--- ScoutSuite/providers/aws/resources/ec2/instances.py | 11 ++++++----- .../providers/aws/resources/ec2/networkinterfaces.py | 8 +++++--- .../providers/aws/resources/ec2/securitygroups.py | 8 +++++--- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 11 +++++------ ScoutSuite/providers/aws/resources/ec2/volumes.py | 9 +++++---- .../providers/aws/resources/elasticache/cluster.py | 8 +++++--- .../providers/aws/resources/elb/load_balancers.py | 10 ++++++---- .../resources/redshift/cluster_parameter_groups.py | 8 +++++--- .../providers/aws/resources/redshift/clusters.py | 9 +++++---- .../providers/aws/resources/route53/domains.py | 8 +++++--- ScoutSuite/providers/aws/resources/s3/buckets.py | 9 ++++++--- ScoutSuite/providers/aws/resources/ses/identities.py | 9 +++++---- ScoutSuite/providers/aws/resources/vpcs.py | 12 +++++++----- 14 files changed, 75 insertions(+), 53 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index 266e18285..f65a897a5 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -1,11 +1,15 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class AmazonMachineImages(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'amazon-machine-image' async def fetch_all(self): raw_images = await self.facade.ec2.get_images(self.region) @@ -16,7 +20,5 @@ async def fetch_all(self): def _parse_image(self, raw_image): raw_image['id'] = raw_image.get('ImageId') raw_image['name'] = raw_image.get('Name') - raw_image['arn'] = 'arn:aws:ec2:{}:{}:ami/{}'.format(self.region, - raw_image.get('OwnerId'), - raw_image.get('ImageId')) + raw_image['arn'] = format_arn(self.partition, self.service, self.region, raw_image.get('OwnerId'), raw_image.get('ImageId'), self.resource_type) return raw_image['id'], raw_image diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 0e6070007..b8e0b9781 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -1,7 +1,7 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_name -from ScoutSuite.providers.aws.utils import get_keys +from ScoutSuite.providers.aws.utils import get_name, get_keys, get_partition_name, format_arn + import re @@ -10,6 +10,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'instance' async def fetch_all(self): raw_instances = await self.facade.ec2.get_instances(self.region, self.vpc) @@ -21,9 +24,7 @@ async def _parse_instance(self, raw_instance): instance = {} id = raw_instance['InstanceId'] instance['id'] = id - instance['arn'] = 'arn:aws:ec2:{}:{}:instance/{}'.format(self.region, - raw_instance['OwnerId'], - raw_instance['InstanceId']) + instance['arn'] = format_arn(self.partition, self.service, self.region, raw_instance['OwnerId'], raw_instance['InstanceId'], self.resource_type) instance['reservation_id'] = raw_instance['ReservationId'] instance['availability_zone'] = raw_instance.get('Placement', {}).get('AvailabilityZone') instance['monitoring_enabled'] = raw_instance['Monitoring']['State'] == 'enabled' diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py index 181d2e95c..1315ea96c 100755 --- a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py +++ b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class NetworkInterfaces(AWSResources): @@ -7,6 +8,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'network-interface' async def fetch_all(self): raw_security_groups = await self.facade.ec2.get_network_interfaces(self.region, self.vpc) @@ -16,7 +20,5 @@ async def fetch_all(self): def _parse_network_interface(self, raw_network_interface): raw_network_interface['name'] = raw_network_interface['NetworkInterfaceId'] - raw_network_interface['arn'] = 'arn:aws:ec2:{}:{}:network-interface/{}'.format(self.region, - raw_network_interface.get('OwnerId'), - raw_network_interface.get('NetworkInterfaceId')) + raw_network_interface['arn'] = format_arn(self.partition, self.service, self.region, raw_network_interface.get('OwnerId'), raw_network_interface.get('NetworkInterfaceId'), self.resource_type) return raw_network_interface['NetworkInterfaceId'], raw_network_interface diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index ce688a781..2890ed730 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn from ScoutSuite.utils import manage_dictionary from ScoutSuite.core.fs import load_data @@ -11,6 +12,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'security-group' async def fetch_all(self): raw_security_groups = await self.facade.ec2.get_security_groups(self.region, self.vpc) @@ -22,9 +26,7 @@ def _parse_security_group(self, raw_security_group): security_group = {} security_group['name'] = raw_security_group['GroupName'] security_group['id'] = raw_security_group['GroupId'] - security_group['arn'] = 'arn:aws:ec2:{}:{}:security-group/{}'.format(self.region, - raw_security_group.get('OwnerId'), - raw_security_group.get('GroupId')) + security_group['arn'] = format_arn(self.partition, self.service, self.region, raw_security_group.get('OwnerId'), raw_security_group.get('GroupId'), self.resource_type) security_group['description'] = raw_security_group['Description'] security_group['owner_id'] = raw_security_group['OwnerId'] diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 7e768f4e2..3f9111753 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -1,12 +1,15 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_name +from ScoutSuite.providers.aws.utils import get_name, get_partition_name, format_arn class Snapshots(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'snapshot' async def fetch_all(self): raw_snapshots = await self.facade.ec2.get_snapshots(self.region) @@ -29,11 +32,7 @@ def _parse_snapshot(self, raw_snapshot): snapshot_dict['volume_id'] = raw_snapshot.get('VolumeId') snapshot_dict['volume_size'] = raw_snapshot.get('VolumeSize') snapshot_dict['create_volume_permissions'] = raw_snapshot.get('CreateVolumePermissions') - - snapshot_dict['arn'] = 'arn:aws:ec2:{}:{}:snapshot/{}'.format(self.region, - raw_snapshot.get('OwnerId'), - raw_snapshot.get('SnapshotId')) - + snapshot_dict['arn'] = format_arn(self.partition, self.service, self.region, raw_snapshot.get('OwnerId'), raw_snapshot.get('SnapshotId'), self.resource_type) return snapshot_dict['id'], snapshot_dict @staticmethod diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index d7499bb9a..5f1ca0701 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -1,12 +1,15 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_name +from ScoutSuite.providers.aws.utils import get_name, get_partition_name, format_arn class Volumes(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'ec2' + self.resource_type = 'volume' async def fetch_all(self): raw_volumes = await self.facade.ec2.get_volumes(self.region) @@ -17,7 +20,5 @@ async def fetch_all(self): def _parse_volume(self, raw_volume): raw_volume['id'] = raw_volume.pop('VolumeId') raw_volume['name'] = get_name(raw_volume, raw_volume, 'id') - raw_volume['arn'] = 'arn:aws:ec2:{}:{}:volume/{}'.format(self.region, - self.facade.owner_id, - raw_volume.get('id')) + raw_volume['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_volume.get('id'), self.resource_type) return raw_volume['id'], raw_volume diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index 70af3ec43..adcc9c4f5 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Clusters(AWSResources): @@ -7,6 +8,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'elasticache' + self.resource_type = 'cluster' async def fetch_all(self): raw_clusters = await self.facade.elasticache.get_clusters(self.region, self.vpc) @@ -16,7 +20,5 @@ async def fetch_all(self): def _parse_cluster(self, raw_cluster): raw_cluster['name'] = raw_cluster.pop('CacheClusterId') - raw_cluster['arn'] = 'arn:aws:elasticache:{}:{}:cluster/{}'.format(self.region, - self.facade.owner_id, - raw_cluster.get('name')) + raw_cluster['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_cluster.get('name'), self.resource_type) return raw_cluster['name'], raw_cluster diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py index 28f6b3069..49bf16a20 100755 --- a/ScoutSuite/providers/aws/resources/elb/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elb/load_balancers.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_keys +from ScoutSuite.providers.aws.utils import get_keys, get_partition_name, format_arn from ScoutSuite.providers.utils import get_non_provider_id @@ -9,6 +9,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'elb' + self.resource_type = 'load-balancer' async def fetch_all(self): raw_load_balancers = await self.facade.elb.get_load_balancers(self.region, self.vpc) @@ -22,9 +25,8 @@ def _parse_load_balancer(self, raw_load_balancer): ['DNSName', 'CreatedTime', 'AvailabilityZones', 'Subnets', 'Scheme', 'attributes']) load_balancer['security_groups'] = [] - load_balancer['arn'] = 'arn:aws:elb:{}:{}:load-balancer/{}'.format(self.region, - self.facade.owner_id, - raw_load_balancer.get('LoadBalancerName')) + load_balancer['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_load_balancer.get('LoadBalancerName'), self.resource_type) + for sg in raw_load_balancer['SecurityGroups']: load_balancer['security_groups'].append({'GroupId': sg}) diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py index 9a24dda22..407e72880 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSCompositeResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn from .cluster_parameters import ClusterParameters @@ -13,6 +14,9 @@ class ClusterParameterGroups(AWSCompositeResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'redshift' + self.resource_type = 'parametergroup' async def fetch_all(self): raw_parameter_groups = await self.facade.redshift.get_cluster_parameter_groups(self.region) @@ -31,9 +35,7 @@ def _parse_parameter_group(self, raw_parameter_group): parameter_group = {} parameter_group['name'] = raw_parameter_group.get('ParameterGroupName') parameter_group['id'] = get_non_provider_id(parameter_group['name']) - parameter_group['arn'] = 'arn:aws:redshift:{}:{}:parametergroup:{}'.format(self.region, - self.facade.owner_id, - raw_parameter_group.get('ParameterGroupName')) + parameter_group['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, raw_parameter_group.get('ParameterGroupName'), self.resource_type) parameter_group['family'] = raw_parameter_group.get('ParameterGroupFamily') parameter_group['description'] = raw_parameter_group.get('Description') parameter_group['is_default'] = self._is_default(raw_parameter_group) diff --git a/ScoutSuite/providers/aws/resources/redshift/clusters.py b/ScoutSuite/providers/aws/resources/redshift/clusters.py index 4084c237a..c02425ffc 100755 --- a/ScoutSuite/providers/aws/resources/redshift/clusters.py +++ b/ScoutSuite/providers/aws/resources/redshift/clusters.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Clusters(AWSResources): @@ -7,6 +8,9 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc + self.partition = get_partition_name(facade.session) + self.service = 'redshift' + self.resource_type = 'cluster' async def fetch_all(self): raw_clusters = await self.facade.redshift.get_clusters(self.region, self.vpc) @@ -17,8 +21,5 @@ async def fetch_all(self): def _parse_cluster(self, raw_cluster): name = raw_cluster.pop('ClusterIdentifier') raw_cluster['name'] = name - raw_cluster['arn'] = 'arn:aws:redshift:{}:{}:cluster/{}'.format(self.region, - self.facade.owner_id, - name) - + raw_cluster['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, name, self.resource_type) return name, raw_cluster diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index 4cc342b84..833091dc4 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -1,12 +1,16 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Domains(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'route53' + self.resource_type = 'domain' async def fetch_all(self): raw_domains = await self.facade.route53.get_domains(self.region) @@ -21,7 +25,5 @@ def _parse_domain(self, raw_domain): domain_dict['auto_renew'] = raw_domain.get('AutoRenew') domain_dict['transfer_lock'] = raw_domain.get('TransferLock') domain_dict['expiry'] = raw_domain.get('Expiry') - domain_dict['arn'] = 'arn:aws:route53:{}:{}:domain/{}'.format(self.region, - self.facade.owner_id, - domain_dict.get('id')) + domain_dict['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, domain_dict.get('id'), self.resource_type) return domain_dict['id'], domain_dict diff --git a/ScoutSuite/providers/aws/resources/s3/buckets.py b/ScoutSuite/providers/aws/resources/s3/buckets.py index 779acb6fd..53bf9000c 100755 --- a/ScoutSuite/providers/aws/resources/s3/buckets.py +++ b/ScoutSuite/providers/aws/resources/s3/buckets.py @@ -1,10 +1,13 @@ from ScoutSuite.providers.aws.resources.base import AWSResources - +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn from ScoutSuite.providers.utils import get_non_provider_id class Buckets(AWSResources): async def fetch_all(self): + self.partition = get_partition_name(self.facade.session) + self.service = 's3' + raw_buckets = await self.facade.s3.get_buckets() for raw_bucket in raw_buckets: name, resource = self._parse_bucket(raw_bucket) @@ -27,7 +30,7 @@ def _parse_bucket(self, raw_bucket): raw_bucket['name'] = raw_bucket.pop('Name') raw_bucket['CreationDate'] = str(raw_bucket['CreationDate']) - # If requested, get key properties raw_bucket['id'] = get_non_provider_id(raw_bucket['name']) - raw_bucket['arn'] = 'arn:aws:s3:::{}/*'.format(raw_bucket['name']) + # Passing empty strings for 'region' and 'account-id' since S3 bucket ARNs omit them + raw_bucket['arns'] = format_arn(self.partition, self.service, '', '', '*', raw_bucket['name']) return raw_bucket['id'], raw_bucket diff --git a/ScoutSuite/providers/aws/resources/ses/identities.py b/ScoutSuite/providers/aws/resources/ses/identities.py index 7e735ddf9..be092195d 100755 --- a/ScoutSuite/providers/aws/resources/ses/identities.py +++ b/ScoutSuite/providers/aws/resources/ses/identities.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSCompositeResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn from .identity_policies import IdentityPolicies @@ -13,6 +14,9 @@ class Identities(AWSCompositeResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'ses' + self.resource_type = 'identity' async def fetch_all(self): raw_identities = await self.facade.ses.get_identities(self.region) @@ -32,8 +36,5 @@ def _parse_identity(self, raw_identity): identity['name'] = identity_name identity['DkimEnabled'] = dkim_attributes['DkimEnabled'] identity['DkimVerificationStatus'] = dkim_attributes['DkimVerificationStatus'] - identity['arn'] = 'arn:aws:ses:{}:{}:identity/{}'.format(self.region, - self.facade.owner_id, - identity_name) - + identity['arn'] = format_arn(self.partition, self.service, self.region, self.facade.owner_id, identity_name, self.resource_type) return get_non_provider_id(identity_name), identity diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py index 2f872dc7c..157a5b6c7 100755 --- a/ScoutSuite/providers/aws/resources/vpcs.py +++ b/ScoutSuite/providers/aws/resources/vpcs.py @@ -1,5 +1,5 @@ from ScoutSuite.providers.aws.resources.base import AWSCompositeResources - +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Vpcs(AWSCompositeResources): """ @@ -11,6 +11,9 @@ def __init__(self, facade, region: str, add_ec2_classic=False): super().__init__(facade) self.region = region self.add_ec2_classic = add_ec2_classic + self.partition = get_partition_name(facade.session) + self.service = 'vpc' + self.resource_type = 'virtual-private-cloud' async def fetch_all(self): raw_vpcs = await self.facade.ec2.get_vpcs(self.region) @@ -31,10 +34,9 @@ def _parse_vpc(self, raw_vpc): vpc['cidr_block'] = raw_vpc['CidrBlock'] vpc['default'] = raw_vpc['IsDefault'] vpc['state'] = raw_vpc['State'] - vpc['arn'] = 'arn:aws:vpc:{}:{}:virtual-private-cloud/{}'.format(self.region, - raw_vpc.get('OwnerId'), - raw_vpc.get('VpcId')) - # pull the name from tags + vpc['arn'] = format_arn(self.partition, self.service, self.region, raw_vpc.get('OwnerId'), raw_vpc.get('VpcId'), self.resource_type) + + # Pull the name from tags name_tag = next((d for i, d in enumerate(raw_vpc.get('Tags', [])) if d.get('Key') == 'Name'), None) if name_tag: vpc['name'] = name_tag.get('Value') From cef85538f2958fc5568ef98598028abd4729ddf5 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 29 Jan 2021 16:06:15 +0100 Subject: [PATCH 423/979] Fixed typo --- ScoutSuite/providers/aws/resources/s3/buckets.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/s3/buckets.py b/ScoutSuite/providers/aws/resources/s3/buckets.py index 53bf9000c..19760f51c 100755 --- a/ScoutSuite/providers/aws/resources/s3/buckets.py +++ b/ScoutSuite/providers/aws/resources/s3/buckets.py @@ -32,5 +32,5 @@ def _parse_bucket(self, raw_bucket): raw_bucket['id'] = get_non_provider_id(raw_bucket['name']) # Passing empty strings for 'region' and 'account-id' since S3 bucket ARNs omit them - raw_bucket['arns'] = format_arn(self.partition, self.service, '', '', '*', raw_bucket['name']) + raw_bucket['arn'] = format_arn(self.partition, self.service, '', '', '*', raw_bucket['name']) return raw_bucket['id'], raw_bucket From b36018edbecae783ffed2896a9d6777f8344dfc7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 29 Jan 2021 16:30:11 +0100 Subject: [PATCH 424/979] Fixed bug when sanitizing paths --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index 7d6a8258a..2ee13fe34 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1004,7 +1004,7 @@ function updateTitle(title) { * Updates the Document Object Model */ function showPageFromHash() { - myhash = location.hash.replace(/[^a-z|0-9|.#-]/gi,'') + myhash = location.hash.replace(/[^a-z|0-9|.#-_]/gi,'') if (myhash) { updateDOM(myhash) } else { From 7839c645bc93293d07ebeae6abfd473f27f60c10 Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 3 Feb 2021 10:02:49 -0500 Subject: [PATCH 425/979] Cloud Memorystore Support --- ...morystore.projects.id.redis_instances.html | 26 ++++++++++ ScoutSuite/providers/gcp/facade/base.py | 2 + .../gcp/facade/cloudmemorystoreredis.py | 19 ++++++++ .../resources/cloudmemorystore/__init__.py | 0 .../gcp/resources/cloudmemorystore/base.py | 7 +++ .../cloudmemorystore/redis_instances.py | 47 +++++++++++++++++++ ...store-redis-instance-auth-not-enabled.json | 19 ++++++++ ...store-redis-instance-ssl-not-required.json | 19 ++++++++ .../providers/gcp/rules/rulesets/default.json | 12 +++++ ScoutSuite/providers/gcp/services.py | 2 + ScoutSuite/utils.py | 1 + 11 files changed, 154 insertions(+) create mode 100755 ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html create mode 100755 ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py create mode 100755 ScoutSuite/providers/gcp/resources/cloudmemorystore/__init__.py create mode 100755 ScoutSuite/providers/gcp/resources/cloudmemorystore/base.py create mode 100755 ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py create mode 100755 ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json create mode 100755 ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html new file mode 100755 index 000000000..dc75a343c --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html @@ -0,0 +1,26 @@ + + + + + + + + diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 366a2a54a..94b9f61af 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -4,6 +4,7 @@ from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.cloudresourcemanager import CloudResourceManagerFacade from ScoutSuite.providers.gcp.facade.cloudsql import CloudSQLFacade +from ScoutSuite.providers.gcp.facade.cloudmemorystoreredis import CloudMemorystoreRedisFacade from ScoutSuite.providers.gcp.facade.cloudstorage import CloudStorageFacade from ScoutSuite.providers.gcp.facade.gce import GCEFacade from ScoutSuite.providers.gcp.facade.iam import IAMFacade @@ -29,6 +30,7 @@ def __init__(self, self.cloudresourcemanager = CloudResourceManagerFacade() self.cloudsql = CloudSQLFacade() self.cloudstorage = CloudStorageFacade() + self.cloudmemorystoreredis = CloudMemorystoreRedisFacade() self.gce = GCEFacade() self.iam = IAMFacade() self.kms = KMSFacade() diff --git a/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py b/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py new file mode 100755 index 000000000..407bfcb09 --- /dev/null +++ b/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py @@ -0,0 +1,19 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade +from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils +from ScoutSuite.providers.utils import run_concurrently + +class CloudMemorystoreRedisFacade(GCPBaseFacade): + def __init__(self): + super().__init__('redis', 'v1beta1') + + async def get_redis_instances(self, project_id: str): + try: + formatted_parent = f'projects/{project_id}/locations/-' + cloudmem_client = self._get_client() + instances_group = cloudmem_client.projects().locations().instances() + request = instances_group.list(parent=formatted_parent) + return await GCPFacadeUtils.get_all('instances', request, instances_group) + except Exception as e: + print_exception(f'Failed to retrieve redis instances: {e}') + return [] diff --git a/ScoutSuite/providers/gcp/resources/cloudmemorystore/__init__.py b/ScoutSuite/providers/gcp/resources/cloudmemorystore/__init__.py new file mode 100755 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/gcp/resources/cloudmemorystore/base.py b/ScoutSuite/providers/gcp/resources/cloudmemorystore/base.py new file mode 100755 index 000000000..f7ce438ac --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/cloudmemorystore/base.py @@ -0,0 +1,7 @@ +from ScoutSuite.providers.gcp.resources.projects import Projects +from ScoutSuite.providers.gcp.resources.cloudmemorystore.redis_instances import RedisInstances + +class CloudMemorystore(Projects): + _children = [ + (RedisInstances, 'redis_instances') + ] diff --git a/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py new file mode 100755 index 000000000..534974356 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py @@ -0,0 +1,47 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.gcp.resources.base import GCPCompositeResources +from ScoutSuite.providers.utils import get_non_provider_id + + +class RedisInstances(GCPCompositeResources): + + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_instances = await self.facade.cloudmemorystoreredis.get_redis_instances(self.project_id) + for raw_instance in raw_instances: + instance_id, instance = self._parse_instance(raw_instance) + self[instance_id] = instance + + def _parse_instance(self, raw_instance): + instance_dict = {} + + instance_dict['id'] = get_non_provider_id(raw_instance['name']) + instance_dict['project_id'] = self.project_id + instance_dict['name'] = raw_instance['name'] + instance_dict['display_name'] = raw_instance['displayName'] + instance_dict['location'] = raw_instance['locationId'] + instance_dict['redis_version'] = raw_instance['redisVersion'] + instance_dict['port'] = raw_instance['port'] + instance_dict['tier'] = raw_instance['tier'] + instance_dict['memory_size_gb'] = raw_instance['memorySizeGb'] + instance_dict['authorized_network'] = raw_instance['authorizedNetwork'] + instance_dict['connect_mode'] = raw_instance['connectMode'] + instance_dict['transit_encryption_mode'] = raw_instance['transitEncryptionMode'] + instance_dict['ssl_required'] = self._is_ssl_required(raw_instance) + instance_dict['auth_enabled'] = self._is_auth_required(raw_instance) + + return instance_dict['id'], instance_dict + + def _is_ssl_required(self, raw_instance): + is_ssl_required = raw_instance.get('transitEncryptionMode', False) + if is_ssl_required == 'SERVER_AUTHENTICATION': + return True + return False + + def _is_auth_required(self, raw_instance): + is_auth_enabled = raw_instance.get('authEnabled', False) + return is_auth_enabled diff --git a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json new file mode 100755 index 000000000..028c787dd --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json @@ -0,0 +1,19 @@ +{ + "description": "Memory Instance Allows Unauthenticated Connections", + "rationale": "All incoming connections to Cloud Memorystore databases should require the use of authentication and SSL.", + "compliance": [ + ], + "references": [ + "https://cloud.google.com/memorystore/docs/redis/managing-auth" + ], + "dashboard_name": "Instances", + "path": "cloudmemorystore.projects.id.redis_instances.id", + "conditions": [ + "and", + [ + "cloudmemorystore.projects.id.redis_instances.id.auth_enabled", + "false", + "" + ] + ] +} diff --git a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json new file mode 100755 index 000000000..1889b63e2 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json @@ -0,0 +1,19 @@ +{ + "description": "Memory Instance Not Requiring SSL for Incoming Connections", + "rationale": "All incoming connections to Cloud Memorystore databases should require the use of SSL.", + "compliance": [ + ], + "references": [ + "https://cloud.google.com/memorystore/docs/redis/securing-tls-connections" + ], + "dashboard_name": "Instances", + "path": "cloudmemorystore.projects.id.redis_instances.id", + "conditions": [ + "and", + [ + "cloudmemorystore.projects.id.redis_instances.id.ssl_required", + "false", + "" + ] + ] +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index d6b4532fa..8721c403e 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -308,6 +308,18 @@ "level": "warning" } ], + "memorystore-redis-instance-ssl-not-required.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "memorystore-redis-instance-auth-not-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "stackdriverlogging-no-export-sinks.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py index f90fbdc80..b6ad17559 100755 --- a/ScoutSuite/providers/gcp/services.py +++ b/ScoutSuite/providers/gcp/services.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.base.services import BaseServicesConfig from ScoutSuite.providers.gcp.facade.base import GCPFacade from ScoutSuite.providers.gcp.resources.cloudsql.base import CloudSQL +from ScoutSuite.providers.gcp.resources.cloudmemorystore.base import CloudMemorystore from ScoutSuite.providers.gcp.resources.cloudstorage.base import CloudStorage from ScoutSuite.providers.gcp.resources.gce.base import ComputeEngine from ScoutSuite.providers.gcp.resources.iam.base import IAM @@ -21,6 +22,7 @@ def __init__(self, credentials=None, default_project_id=None, facade = GCPFacade(default_project_id, project_id, folder_id, organization_id, all_projects) self.cloudsql = CloudSQL(facade) + self.cloudmemorystore = CloudMemorystore(facade) self.cloudstorage = CloudStorage(facade) self.computeengine = ComputeEngine(facade) self.iam = IAM(facade) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 0fd1c41e6..8534f514f 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -47,6 +47,7 @@ 'virtualmachines': 'Virtual Machines', # GCP 'cloudstorage': 'Cloud Storage', + 'cloudmemorystore': 'Cloud Memorystore', 'cloudsql': 'Cloud SQL', 'stackdriverlogging': 'Stackdriver Logging', 'stackdrivermonitoring': 'Stackdriver Monitoring', From 62aa120911b5b78fae78272cd7719717888831cd Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 3 Feb 2021 10:08:33 -0500 Subject: [PATCH 426/979] add newline --- .../providers/gcp/resources/cloudmemorystore/redis_instances.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py index 534974356..f31e1a6db 100755 --- a/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py @@ -45,3 +45,4 @@ def _is_ssl_required(self, raw_instance): def _is_auth_required(self, raw_instance): is_auth_enabled = raw_instance.get('authEnabled', False) return is_auth_enabled + From 5c824870fc9167e517702c7f2d2c30a369092ef6 Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 3 Feb 2021 10:11:15 -0500 Subject: [PATCH 427/979] two quick comments --- ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py | 1 + .../providers/gcp/resources/cloudmemorystore/redis_instances.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py b/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py index 407bfcb09..85ca97d0f 100755 --- a/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py +++ b/ScoutSuite/providers/gcp/facade/cloudmemorystoreredis.py @@ -8,6 +8,7 @@ def __init__(self): super().__init__('redis', 'v1beta1') async def get_redis_instances(self, project_id: str): + # Retrieves Redis Instances using the Cloud Memorystore API try: formatted_parent = f'projects/{project_id}/locations/-' cloudmem_client = self._get_client() diff --git a/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py index f31e1a6db..396a853fe 100755 --- a/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudmemorystore/redis_instances.py @@ -37,6 +37,8 @@ def _parse_instance(self, raw_instance): return instance_dict['id'], instance_dict def _is_ssl_required(self, raw_instance): + # Checks if transit encryption mode is SERVER_AUTHENTICATION. Otherwise, SSL + # is not enabled. is_ssl_required = raw_instance.get('transitEncryptionMode', False) if is_ssl_required == 'SERVER_AUTHENTICATION': return True From 27e399403f6b1aef30a7181e9bb7315ca06c2c80 Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 3 Feb 2021 10:12:29 -0500 Subject: [PATCH 428/979] rename variable in template --- .../services.cloudmemorystore.projects.id.redis_instances.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html index dc75a343c..9953bdcf8 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html @@ -22,5 +22,5 @@

    Information

    {{> modal-template template='services.cloudmemorystore.projects.id.redis_instances'}} From 0d3e85853a184e48bb36df7c4e3ab816c2f92342 Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 3 Feb 2021 12:31:07 -0500 Subject: [PATCH 429/979] Memorystore Rendering --- ...ices.cloudmemorystore.projects.id.redis_instances.html | 3 +-- ScoutSuite/providers/gcp/metadata.json | 8 ++++++++ .../memorystore-redis-instance-auth-not-enabled.json | 2 +- .../memorystore-redis-instance-ssl-not-required.json | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html index 9953bdcf8..8ba77fcfc 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudmemorystore.projects.id.redis_instances.html @@ -1,7 +1,6 @@ From 57828e7182da84db7df75a9a3d2b631636f7cb74 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:23:36 +0100 Subject: [PATCH 461/979] Route53 hosted zones ARN processing --- ScoutSuite/providers/aws/resources/route53/hosted_zones.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py index be1049849..d2a44d692 100755 --- a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py +++ b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py @@ -1,11 +1,15 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class HostedZones(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'route53' + self.resource_type = 'hosted-zone' async def fetch_all(self): raw_hosted_zones = await self.facade.route53.get_hosted_zones() @@ -21,4 +25,5 @@ async def _parse_hosted_zone(self, raw_hosted_zone): hosted_zone_dict['config'] = raw_hosted_zone.get('Config') hosted_zone_dict['resource_record_sets'] = await self.facade.route53.get_resource_records(hosted_zone_dict['id']) hosted_zone_dict['resource_record_set_count'] = raw_hosted_zone.get('ResourceRecordSetCount') + hosted_zone_dict['arn'] = format_arn(self.partition, self.service, self.region, '', raw_hosted_zone.get('Id'), self.resource_type) return hosted_zone_dict['id'], hosted_zone_dict From fb690c7d8896e28a737f40106c073238096475bc Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:24:18 +0100 Subject: [PATCH 462/979] Route53 hosted zones partial ARN display --- .../partials/aws/services.route53.regions.id.hosted_zones.html | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html index 52cd2d86e..194452745 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html +++ b/ScoutSuite/output/data/html/partials/aws/services.route53.regions.id.hosted_zones.html @@ -6,6 +6,7 @@

    {{name}}

    Information

    ID: {{value_or_none id}}
    +
    ARN: {{value_or_none arn}}
    Caller Reference: {{value_or_none caller_reference}}
    Resource Record Set Count: {{value_or_none resource_record_set_count}}
    From f3f691cfa0963c53f886e11fe53693c3191b8652 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:25:14 +0100 Subject: [PATCH 463/979] Redshift cluster parameters ARN processing --- .../providers/aws/resources/redshift/cluster_parameters.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py index c5ed6ece3..93d8bae34 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class ClusterParameters(AWSResources): @@ -7,6 +8,9 @@ def __init__(self, facade: AWSFacade, region: str, parameter_group_name: str): super().__init__(facade) self.region = region self.parameter_group_name = parameter_group_name + self.partition = get_partition_name(facade.session) + self.service = 'redshift' + self.resource_type = 'cluster-parameter' async def fetch_all(self): raw_parameters = await self.facade.redshift.get_cluster_parameters( @@ -18,4 +22,5 @@ async def fetch_all(self): def _parse_parameter(self, raw_parameter): parameter = {'value': raw_parameter['ParameterValue'], 'source': raw_parameter['Source']} + raw_parameter['arn'] = format_arn(self.partition, self.service, self.region, '', raw_parameter.get('ParameterName'), self.resource_type) return raw_parameter['ParameterName'], parameter From 06c84e6455ff0c9458cf300b0221f4bb1e8318ff Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:25:55 +0100 Subject: [PATCH 464/979] Redshift cluster parameter group partial ARN display --- .../aws/services.redshift.regions.id.parameter_groups.html | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html index 7877e2455..e3eac4528 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html +++ b/ScoutSuite/output/data/html/partials/aws/services.redshift.regions.id.parameter_groups.html @@ -15,6 +15,7 @@

    Information

    Parameters

      {{#each parameters}} +
      ARN: {{arn}}
    • {{@key}}: {{value}}
      • From d5de4aaece1d2c48a64455d04fb0d3bb8e473c13 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:26:37 +0100 Subject: [PATCH 465/979] RDS subnet groups ARN processing --- ScoutSuite/providers/aws/resources/rds/subnetgroups.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py index 9719429c0..c8b87642f 100755 --- a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py +++ b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py @@ -16,4 +16,5 @@ async def fetch_all(self): def _parse_subnet_group(self, raw_subnet_group): raw_subnet_group['name'] = raw_subnet_group['DBSubnetGroupName'] + raw_subnet_group['ARN'] = raw_subnet_group.pop('DBSubnetGroupArn') return raw_subnet_group['name'], raw_subnet_group From b8b676da399b0ad4b1abf21bc84579f27f147aa9 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:27:47 +0100 Subject: [PATCH 466/979] Cloudwatch metric filters ARN processing --- .../providers/aws/resources/cloudwatch/metric_filters.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py index e10b5396d..339b271fc 100644 --- a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py @@ -1,12 +1,16 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class MetricFilters(AWSResources): def __init__(self, facade: AWSFacade, region: str): super(MetricFilters, self).__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'cloudwatch' + self.resource_type = 'metric-filter' async def fetch_all(self): for raw_metric_filter in await self.facade.cloudwatch.get_metric_filters(self.region): @@ -22,6 +26,7 @@ def _parse_metric_filter(self, raw_metric_filter): metric_filter_dict['pattern'] = raw_metric_filter.get('filterPattern') metric_filter_dict['metric_transformations'] = raw_metric_filter.get('metricTransformations') metric_filter_dict['log_group_name'] = raw_metric_filter.get('logGroupName') + metric_filter_dict['arn'] = format_arn(self.partition, self.service, self.region, '', raw_metric_filter.get('filterName'), self.resource_type) return metric_filter_dict['id'], metric_filter_dict From 6d57b66ac43f95da0663efa66ba1784eb343e872 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:28:19 +0100 Subject: [PATCH 467/979] Cloudwatch metric filters partial ARN display --- .../aws/services.cloudwatch.regions.id.metric_filters.html | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html index 0ed5443e8..ea8c469f3 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudwatch.regions.id.metric_filters.html @@ -6,6 +6,7 @@

      {{name}}

      Information

      Name: {{value_or_none name}}
      +
      ARN: {{value_or_none arn}}
      Creation Time: {{format_date creation_time}}
      Log Group Name: {{value_or_none log_group_name}}
      Pattern: {{value_or_none pattern}}
      From 6fb1159eb72f6f4250129de724d1d3182d1b7a72 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:29:12 +0100 Subject: [PATCH 468/979] EMR clusters ARN processing --- ScoutSuite/providers/aws/resources/emr/clusters.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/aws/resources/emr/clusters.py b/ScoutSuite/providers/aws/resources/emr/clusters.py index 9708bc415..8de18f03d 100755 --- a/ScoutSuite/providers/aws/resources/emr/clusters.py +++ b/ScoutSuite/providers/aws/resources/emr/clusters.py @@ -16,4 +16,5 @@ async def fetch_all(self): def _parse_cluster(self, raw_cluster): raw_cluster['id'] = raw_cluster.pop('Id') raw_cluster['name'] = raw_cluster.pop('Name') + raw_cluster['arn'] = raw_cluster.pop('ClusterArn') return raw_cluster['id'], raw_cluster From 246f716eda7f4a2467376a9f237230963355c730 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:29:47 +0100 Subject: [PATCH 469/979] EMR clusters partial ARN display --- .../services.emr.regions.id.vpcs.id.clusters.html | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html b/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html index 40fd32370..e62398df5 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html +++ b/ScoutSuite/output/data/html/partials/aws/services.emr.regions.id.vpcs.id.clusters.html @@ -7,13 +7,14 @@

      {{name}}

      Information

        -
      • Region: {{region}}
        • -
      • VPC: {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{vpc}})
        • -
      • Id: {{id}}
        • -
      • Availability zone: {{Ec2InstanceAttributes.Ec2AvailabilityZone}}
        • -
      • Status: {{Status.State}}
        • -
      • Instance profile: {{Ec2InstanceAttributes.IamInstanceProfile}}
        • -
      • Visible to all users: {{VisibleToAllUsers}}
        • +
      • Region: {{region}}
        • +
      • ARN: {{arn}}
        • +
      • VPC: {{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'name'}} ({{getValueAt 'services.ec2.regions' region 'vpcs' vpc 'arn'}})
        • +
      • Id: {{id}}
        • +
      • Availability zone: {{Ec2InstanceAttributes.Ec2AvailabilityZone}}
        • +
      • Status: {{Status.State}}
        • +
      • Instance profile: {{Ec2InstanceAttributes.IamInstanceProfile}}
        • +
      • Visible to all users: {{VisibleToAllUsers}}
      From 0c58edd56bc0507bfe332829594b0cea9610a3d7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:30:37 +0100 Subject: [PATCH 470/979] KMS grants ARN processing --- ScoutSuite/providers/aws/resources/kms/grants.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py index 4684979f1..54cc20c56 100755 --- a/ScoutSuite/providers/aws/resources/kms/grants.py +++ b/ScoutSuite/providers/aws/resources/kms/grants.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Grants(AWSResources): @@ -7,6 +8,9 @@ def __init__(self, facade: AWSFacade, region: str, key_id: str): super().__init__(facade) self.region = region self.key_id = key_id + self.partition = get_partition_name(facade.session) + self.service = 'kms' + self.resource_type = 'grant' async def fetch_all(self): raw_grants = await self.facade.kms.get_grants(self.region, self.key_id) @@ -24,6 +28,7 @@ def _parse_grant(self, raw_grant): 'retiring_principal': raw_grant.get('ReitirngPrincipal'), 'issuing_account': raw_grant.get('IssuingAccount'), 'operations': raw_grant.get('Operations'), - 'constraints': raw_grant.get('Constraints') + 'constraints': raw_grant.get('Constraints'), + 'arn': format_arn(self.partition, self.service, self.region, raw_grant.get('IssuingAccount').split(':')[4], raw_grant.get('GrantId'), self.resource_type) if ':' in raw_grant.get('IssuingAccount') else format_arn(self.partition, self.service, self.region, raw_grant.get('IssuingAccount'), raw_grant.get('GrantId'), self.resource_type) } return grant_dict['grant_id'], grant_dict From b4a4611357bf22915ef69cf51a30bdc4d395c110 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:31:20 +0100 Subject: [PATCH 471/979] KMS keys with grant ARNs display --- .../html/partials/aws/services.kms.regions.id.keys.html | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html index a6d1cd8e4..579b8bb07 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html +++ b/ScoutSuite/output/data/html/partials/aws/services.kms.regions.id.keys.html @@ -30,6 +30,15 @@

      Aliases

      Aliases

      {{/if}}
      +
      +

      Grants

      +
        + {{#each grants}} +
      • Name: {{value_or_none name}}
        • + {{> generic_object this}} + {{/each}} +
      +
      {{#if policy}} {{> accordion_policy name = 'Key Policy' document = policy policy_path = (concat 'kms.regions' region 'keys' @key 'policy')}} From b4028d83abdc3023c69138f46994bff9a203c867 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:31:50 +0100 Subject: [PATCH 472/979] ELB policies ARN processing --- ScoutSuite/providers/aws/resources/elb/policies.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/elb/policies.py b/ScoutSuite/providers/aws/resources/elb/policies.py index 3f808166b..d461e5ad2 100755 --- a/ScoutSuite/providers/aws/resources/elb/policies.py +++ b/ScoutSuite/providers/aws/resources/elb/policies.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn from ScoutSuite.providers.utils import get_non_provider_id @@ -7,6 +8,9 @@ class Policies(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'elb' + self.resource_type = 'policy' async def fetch_all(self): raw_policies = await self.facade.elb.get_policies(self.region) @@ -17,4 +21,5 @@ async def fetch_all(self): def _parse_policy(self, raw_policy): raw_policy['name'] = raw_policy.pop('PolicyName') policy_id = get_non_provider_id(raw_policy['name']) + raw_policy['arn'] = format_arn(self.partition, self.service, self.region, '', raw_policy['name'], self.resource_type) return policy_id, raw_policy From e5434f96ae7c5c8490c149c9d6d7da7c5ce8eec1 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:32:16 +0100 Subject: [PATCH 473/979] ELB policies partial ARN display --- .../partials/aws/services.elb.regions.id.elb_policies.html | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html index 0cac00d38..c1b4eb4ae 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html +++ b/ScoutSuite/output/data/html/partials/aws/services.elb.regions.id.elb_policies.html @@ -3,6 +3,10 @@

      {{name}}

      +
      +

      Information

      +
      ARN: {{value_or_none arn}}
      +
      {{#ifEqual PolicyTypeName 'SSLNegotiationPolicyType'}}

      Protocols

      From 2f4cbce39cdb9f0c97ffd352a150fc8c251f4aa2 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:33:03 +0100 Subject: [PATCH 474/979] EFS filesystems ARN processing --- ScoutSuite/providers/aws/resources/efs/filesystems.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/efs/filesystems.py b/ScoutSuite/providers/aws/resources/efs/filesystems.py index 8c1b157b8..f416be827 100755 --- a/ScoutSuite/providers/aws/resources/efs/filesystems.py +++ b/ScoutSuite/providers/aws/resources/efs/filesystems.py @@ -1,11 +1,15 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class FileSystems(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'elasticfilesystem' + self.resource_type = 'file-system' async def fetch_all(self): raw_file_systems = await self.facade.efs.get_file_systems(self.region) @@ -17,5 +21,5 @@ def _parse_file_system(self, raw_file_system): fs_id = raw_file_system.pop('FileSystemId') raw_file_system['name'] = raw_file_system.pop('Name') if 'Name' in raw_file_system else None raw_file_system['tags'] = raw_file_system.pop('Tags') - + raw_file_system['arn'] = format_arn(self.partition, self.service, self.region, raw_file_system.get('OwnerId'), fs_id, self.resource_type) return fs_id, raw_file_system From f5bbf7e85baa1fcfe7a0842af9c5654020e9971e Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:33:33 +0100 Subject: [PATCH 475/979] Directconnect connections ARN processing --- .../providers/aws/resources/directconnect/connections.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/directconnect/connections.py b/ScoutSuite/providers/aws/resources/directconnect/connections.py index 82de5af90..6884b296d 100755 --- a/ScoutSuite/providers/aws/resources/directconnect/connections.py +++ b/ScoutSuite/providers/aws/resources/directconnect/connections.py @@ -1,11 +1,15 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.utils import get_partition_name, format_arn class Connections(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region + self.partition = get_partition_name(facade.session) + self.service = 'directconnect' + self.resource_type = 'connection' async def fetch_all(self): raw_connections = await self.facade.directconnect.get_connections(self.region) @@ -16,4 +20,5 @@ async def fetch_all(self): def _parse_connection(self, raw_connection): raw_connection['id'] = raw_connection.pop('connectionId') raw_connection['name'] = raw_connection.pop('connectionName') + raw_connection['arn'] = format_arn(self.partition, self.service, self.region, raw_connection.get('ownerAccount'), raw_connection.get('id'), self.resource_type) return raw_connection['id'], raw_connection From 5d782b48d5f37e75673d43c8876451e98e184355 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 9 Feb 2021 17:34:38 +0100 Subject: [PATCH 476/979] Changed Handlebars accordion_policy partial headers from h4 to h5 --- ScoutSuite/output/data/html/partials/accordion_policy.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/accordion_policy.html b/ScoutSuite/output/data/html/partials/accordion_policy.html index ce571485a..e146da4ab 100755 --- a/ScoutSuite/output/data/html/partials/accordion_policy.html +++ b/ScoutSuite/output/data/html/partials/accordion_policy.html @@ -1,11 +1,11 @@ + + + + + + diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 0eae7571e..51e296648 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -150,3 +150,11 @@ async def get_applications(self): print_exception(f'Failed to retrieve applications: {e}') return [] + async def get_security_defaults(self): + try: + security_default_response = await self._get_microsoft_graph_response( + 'identitySecurityDefaultsEnforcementPolicy') + return security_default_response + except Exception as e: + print_exception(f'Failed to retrieve applications: {e}') + return [] diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index e2466b24a..62742289c 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -67,6 +67,10 @@ "applications": { "cols": 2, "path": "services.aad.applications" + }, + "security_defaults": { + "cols": 2, + "path": "services.aad.security_defaults" } } }, diff --git a/ScoutSuite/providers/azure/resources/aad/base.py b/ScoutSuite/providers/azure/resources/aad/base.py index cb17ccfb2..2f53a3b7b 100755 --- a/ScoutSuite/providers/azure/resources/aad/base.py +++ b/ScoutSuite/providers/azure/resources/aad/base.py @@ -5,6 +5,7 @@ from .groups import Groups from .serviceprincipals import ServicePrincipals from .applications import Applications +from .securitydefaults import SecurityDefaults class AAD(AzureCompositeResources): @@ -13,6 +14,7 @@ class AAD(AzureCompositeResources): (Groups, 'groups'), (ServicePrincipals, 'service_principals'), (Applications, 'applications'), + (SecurityDefaults, 'security_defaults') ] async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/aad/securitydefaults.py b/ScoutSuite/providers/azure/resources/aad/securitydefaults.py new file mode 100644 index 000000000..6203601cb --- /dev/null +++ b/ScoutSuite/providers/azure/resources/aad/securitydefaults.py @@ -0,0 +1,18 @@ +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class SecurityDefaults(AzureResources): + async def fetch_all(self): + raw_security_default = await self.facade.aad.get_security_defaults() + id, security_default = await self._parse_security_default(raw_security_default) + self[id] = security_default + + async def _parse_security_default(self, raw_security_default): + + security_default_dict = {} + + security_default_dict['id'] = raw_security_default.get('id') + security_default_dict['name'] = raw_security_default.get('displayName') + security_default_dict['is_enabled'] = raw_security_default.get('isEnabled') + + return security_default_dict['id'], security_default_dict diff --git a/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json b/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json new file mode 100644 index 000000000..96f50a7c5 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json @@ -0,0 +1,27 @@ +{ + "description": "Security Defaults Is Enabled", + "rationale": "Security defaults provide secure default settings that we manage on behalf of organizations to keep customers safe until they are ready to manage their own identity security story. Security defaults contain preconfigured security settings for common attacks.", + "remediation": "To enable security defaults in your directory:
      1. Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
      2. Browse to Azure Active Directory > Properties.
      3. Select Manage security defaults.
      4. Set the Enable security defaults toggle to Yes.
      ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "1.22" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults", + "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414" + ], + "dashboard_name": "Security Defaults", + "path": "aad.security_defaults.id", + "conditions": [ + "and", + [ + "aad.security_defaults.id.is_enabled", + "false", + "" + ] + ], + "id_suffix": "is_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index bcac9e514..6b65b709a 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -7,6 +7,12 @@ "level": "warning" } ], + "aad-security-default-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "appservice-authentication-disabled.json": [ { "enabled": true, From 5cb5c4267a3f1501d5306209a3ef910029369d2b Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 9 Feb 2021 17:06:01 -0500 Subject: [PATCH 479/979] Update refresh token --- .../azure/authentication_strategy.py | 46 +++++++++---------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index f05fc3ad0..65122419b 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -13,10 +13,9 @@ import adal from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException - AUTHORITY_HOST_URI = 'https://login.microsoftonline.com/' AZURE_CLI_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" -DIRECTORY_TENANT_ID= '0cc90829-0d8e-40d6-ba9c-aea092ba7de5' + class AzureCredentials: @@ -61,11 +60,12 @@ def get_fresh_credentials(self, credentials): """ Check if credentials are outdated and if so refresh them. """ + if self.context and hasattr(credentials, 'token'): expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) current_datetime = datetime.now() expiration_delta = expiration_datetime - current_datetime - if expiration_delta < timedelta(minutes=5): + if expiration_delta < timedelta(minutes=50000): return self.refresh_credential(credentials) return credentials @@ -74,16 +74,16 @@ def refresh_credential(self, credentials): Refresh credentials """ print_debug('Refreshing credentials') - authority_uri = AUTHORITY_HOST_URI + '/' + self.get_tenant_id() + authority_uri = AUTHORITY_HOST_URI + self.get_tenant_id() existing_cache = self.context.cache - # cont = msal.PublicClientApplication(self.get_tenant_id(), cache=existing_cache) - # scopes = [authority_uri + "/.default"] - # new_token = cont.acquire_token_silent(scopes) - context = adal.AuthenticationContext(authority_uri, cache=existing_cache) - new_token = context.acquire_token(credentials.token['resource'], - credentials.token['user_id'], - credentials.token['_client_id']) + client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, token_cache=existing_cache, + authority=authority_uri) + + scopes = [credentials.resource+ "/.default"] + + new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'],scopes) + new_credentials = AADTokenCredentials(new_token, credentials.token.get('_client_id')) return new_credentials @@ -124,52 +124,48 @@ def authenticate(self, if not (username and password and tenant_id): if not programmatic_execution: - tenant_id= tenant_id if tenant_id else input("Tenant ID: ") + tenant_id = tenant_id if tenant_id else input("Tenant ID: ") username = username if username else input("Username: ") password = password if password else getpass("Password: ") else: raise AuthenticationException('Username, Tenant ID and/or password not set') - cont = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) + client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) # Resource Manager resource_uri = 'https://management.core.windows.net/' scopes = [resource_uri + "/.default"] - arm_token = cont.acquire_token_by_username_password(username, password, scopes) + arm_token = client.acquire_token_by_username_password(username, password, scopes) arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) # AAD Graph resource_uri = 'https://graph.microsoft.com' scopes = [resource_uri + "/.default"] - aad_graph_token = cont.acquire_token_by_username_password(username, password, scopes) + aad_graph_token = client.acquire_token_by_username_password(username, password, scopes) aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - - elif user_account_browser: - # authority_uri = AUTHORITY_HOST_URI + '/' + tenant_id - # context = adal.AuthenticationContext(authority_uri, ) - cont = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID) + client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID) # Resource Manager resource_uri = 'https://management.core.windows.net/' scopes = [resource_uri + "/.default"] - code = cont.initiate_device_flow(scopes) + code = client.initiate_device_flow(scopes) print_info('To authenticate to the Resource Manager API, use a web browser to ' 'access {} and enter the {} code.'.format(code['verification_uri'], code['user_code'])) - arm_token = cont.acquire_token_by_device_flow(code) + arm_token = client.acquire_token_by_device_flow(code) arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) # AAD Graph resource_uri = 'https://graph.microsoft.com' scopes = [resource_uri + "/.default"] - code = cont.initiate_device_flow(scopes) + code = client.initiate_device_flow(scopes) print_info('To authenticate to the microsoft Graph API, use a web browser to ' 'access {} and enter the {} code.'.format(code['verification_uri'], code['user_code'])) - aad_graph_token = cont.acquire_token_by_device_flow(code) + aad_graph_token = client.acquire_token_by_device_flow(code) aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) elif service_principal: @@ -245,4 +241,4 @@ def authenticate(self, 'You are likely authenticating with a Microsoft Account. ' 'This authentication mode only support Azure Active Directory principal authentication.') - raise AuthenticationException(e) \ No newline at end of file + raise AuthenticationException(e) From 60854c5ab14a28f078cdccf2a9b18c44b6cdbc98 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 9 Feb 2021 17:49:44 -0500 Subject: [PATCH 480/979] Update requirements --- ScoutSuite/providers/azure/authentication_strategy.py | 1 - requirements.txt | 3 +-- scout.py | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index faaeb5a54..1f08a41bc 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -10,7 +10,6 @@ from msrestazure.azure_active_directory import MSIAuthentication from ScoutSuite.core.console import print_info, print_debug, print_exception from msrestazure.azure_active_directory import AADTokenCredentials -import adal from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException AUTHORITY_HOST_URI = 'https://login.microsoftonline.com/' diff --git a/requirements.txt b/requirements.txt index 395f14aad..92136d502 100755 --- a/requirements.txt +++ b/requirements.txt @@ -34,9 +34,8 @@ httplib2shim>=0.0.3 azure-cli-core==2.12.0 ## for RBAC in AAD azure-graphrbac==0.61.1 -adal==1.2.6 msal==1.8.0 -PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL +PyJWT==1.7.1 ## for resources azure-mgmt-storage==7.1.0 azure-mgmt-monitor==0.5.2 diff --git a/scout.py b/scout.py index 953940528..dca3f793f 100755 --- a/scout.py +++ b/scout.py @@ -5,8 +5,8 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - sys.argv = ['scout.py', 'azure', '--cli', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] + # sys.argv = ['scout.py', 'azure', '--cli', '--force'] + sys.argv = ['scout.py', 'azure', '--user-account', '--force'] # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] From 358da66ed29ffe73e169210e03b70a03cb501474 Mon Sep 17 00:00:00 2001 From: Sophie Date: Tue, 9 Feb 2021 23:10:52 -0500 Subject: [PATCH 481/979] update librairies and modified functions get_client in facade to implement azure-identity which is now supported for almost all the libraries in Scout Suite --- .../azure/authentication_strategy.py | 12 ++--- ScoutSuite/providers/azure/facade/aad.py | 8 +-- .../providers/azure/facade/appservice.py | 7 +-- .../facade/azureidentitycredentialadapter.py | 52 +++++++++++++++++++ ScoutSuite/providers/azure/facade/keyvault.py | 7 +-- ScoutSuite/providers/azure/facade/network.py | 7 +-- ScoutSuite/providers/azure/facade/rbac.py | 8 +-- .../providers/azure/facade/securitycenter.py | 8 +-- .../providers/azure/facade/sqldatabase.py | 20 ++++--- .../providers/azure/facade/storageaccounts.py | 18 +++---- .../providers/azure/facade/virtualmachines.py | 12 +++-- .../azure/resources/rbac/role_assignments.py | 10 ++-- requirements.txt | 22 ++++---- scout.py | 5 +- 14 files changed, 132 insertions(+), 64 deletions(-) create mode 100644 ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index d395e7381..e8f4d82b0 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -13,7 +13,6 @@ import adal from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException - AUTHORITY_HOST_URI = 'https://login.microsoftonline.com' AZURE_CLI_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" @@ -76,9 +75,10 @@ def refresh_credential(self, credentials): print_debug('Refreshing credentials') authority_uri = AUTHORITY_HOST_URI + '/' + self.get_tenant_id() existing_cache = self.context.cache - # cont = msal.PublicClientApplication(self.get_tenant_id(), cache=existing_cache) - # scopes = [authority_uri + "/.default"] - # new_token = cont.acquire_token_silent(scopes) + # context = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, cache=existing_cache, + # authority=authority_uri) + # scopes = ["https://graph.microsoft.com/.default"] + # new_token = context.acquire_token_silent(scopes, account=None) context = adal.AuthenticationContext(authority_uri, cache=existing_cache) new_token = context.acquire_token(credentials.token['resource'], @@ -145,7 +145,7 @@ def authenticate(self, # arm_credentials = UserPassCredentials(username, password) # aad_graph_credentials = UserPassCredentials(username, password, - #resource='https://graph.microsoft.com') + # resource='https://graph.microsoft.com') elif user_account_browser: @@ -246,4 +246,4 @@ def authenticate(self, 'You are likely authenticating with a Microsoft Account. ' 'This authentication mode only support Azure Active Directory principal authentication.') - raise AuthenticationException(e) \ No newline at end of file + raise AuthenticationException(e) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 51e296648..077ee3d94 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -1,9 +1,7 @@ -from azure.graphrbac import GraphRbacManagementClient from msgraphcore import GraphSession from ScoutSuite.core.console import print_exception -from ScoutSuite.providers.utils import run_concurrently -from ScoutSuite.utils import get_user_agent +from azure.identity import DeviceCodeCredential, DefaultAzureCredential, AzureCliCredential, ManagedIdentityCredential class AADFacade: @@ -76,7 +74,9 @@ def __init__(self, credentials): async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - client = GraphSession(self.credentials.get_credentials('aad_graph'), scopes) + default_credential = AzureCliCredential() + device_credential = DeviceCodeCredential() + client = GraphSession(default_credential, scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) try: response = client.get(endpoint) diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py index d74ad690e..97c62ef92 100755 --- a/ScoutSuite/providers/azure/facade/appservice.py +++ b/ScoutSuite/providers/azure/facade/appservice.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from azure.mgmt.web import WebSiteManagementClient from ScoutSuite.core.console import print_exception @@ -12,9 +13,9 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = WebSiteManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = WebSiteManagementClient(default_cli_credential, + subscription_id=subscription_id, user_agent=get_user_agent()) return client async def get_web_apps(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py new file mode 100644 index 000000000..ffc7328f8 --- /dev/null +++ b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py @@ -0,0 +1,52 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ + +# Adapt credentials from azure-identity to be compatible with SDK that needs msrestazure or azure.common.credentials +# Need msrest >= 0.6.0 +# See also https://pypi.org/project/azure-identity/ + +from msrest.authentication import BasicTokenAuthentication +from azure.core.pipeline.policies import BearerTokenCredentialPolicy +from azure.core.pipeline import PipelineRequest, PipelineContext +from azure.core.pipeline.transport import HttpRequest + +from azure.identity import DefaultAzureCredential + +class AzureIdentityCredentialAdapter(BasicTokenAuthentication): + def __init__(self, credential=None, resource_id="https://management.azure.com/.default", **kwargs): + """Adapt any azure-identity credential to work with SDK that needs azure.common.credentials or msrestazure. + Default resource is ARM (syntax of endpoint v2) + :param credential: Any azure-identity credential (DefaultAzureCredential by default) + :param str resource_id: The scope to use to get the token (default ARM) + """ + super(AzureIdentityCredentialAdapter, self).__init__(None) + if credential is None: + credential = DefaultAzureCredential() + self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs) + + def _make_request(self): + return PipelineRequest( + HttpRequest( + "AzureIdentityCredentialAdapter", + "https://fakeurl" + ), + PipelineContext(None) + ) + + def set_token(self): + """Ask the azure-core BearerTokenCredentialPolicy policy to get a token. + Using the policy gives us for free the caching system of azure-core. + We could make this code simpler by using private method, but by definition + I can't assure they will be there forever, so mocking a fake call to the policy + to extract the token, using 100% public API.""" + request = self._make_request() + self._policy.on_request(request) + # Read Authorization, and get the second part after Bearer + token = request.http_request.headers["Authorization"].split(" ", 1)[1] + self.token = {"access_token": token} + + def signed_session(self, session=None): + self.set_token() + return super(AzureIdentityCredentialAdapter, self).signed_session(session) \ No newline at end of file diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py index 301bc0920..1f74bcfd6 100755 --- a/ScoutSuite/providers/azure/facade/keyvault.py +++ b/ScoutSuite/providers/azure/facade/keyvault.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from azure.mgmt.keyvault import KeyVaultManagementClient from ScoutSuite.core.console import print_exception @@ -11,9 +12,9 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = KeyVaultManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = KeyVaultManagementClient(default_cli_credential, + subscription_id=subscription_id, user_agent=get_user_agent()) return client async def get_key_vaults(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py index 56d3a6666..a1412681d 100755 --- a/ScoutSuite/providers/azure/facade/network.py +++ b/ScoutSuite/providers/azure/facade/network.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from azure.mgmt.network import NetworkManagementClient from ScoutSuite.core.console import print_exception @@ -11,9 +12,9 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = NetworkManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = NetworkManagementClient(default_cli_credential, + subscription_id=subscription_id) return client async def get_network_watchers(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index bae28ae05..652dfbb15 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from azure.mgmt.authorization import AuthorizationManagementClient from ScoutSuite.core.console import print_exception @@ -11,9 +12,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = AuthorizationManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = AuthorizationManagementClient(default_cli_credential, + subscription_id=subscription_id, + user_agent=get_user_agent()) return client async def get_roles(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index c49870816..72cf106ee 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from azure.mgmt.security import SecurityCenter from ScoutSuite.core.console import print_exception, print_debug @@ -11,9 +12,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = SecurityCenter(self.credentials.get_credentials('arm'), - subscription_id, '') - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = SecurityCenter(default_cli_credential, + subscription_id, '', + user_agent=get_user_agent()) return client async def get_pricings(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 9a9e580e5..c2f6c79e9 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -1,3 +1,4 @@ +from azure.identity import AzureCliCredential from msrestazure.azure_exceptions import CloudError from azure.mgmt.sql import SqlManagementClient @@ -12,12 +13,14 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = SqlManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = SqlManagementClient(default_cli_credential, + subscription_id=subscription_id, + user_agent=get_user_agent()) return client - async def get_database_blob_auditing_policies(self, resource_group_name, server_name, database_name, subscription_id: str): + async def get_database_blob_auditing_policies(self, resource_group_name, server_name, database_name, + subscription_id: str): try: client = self.get_client(subscription_id) return await run_concurrently( @@ -28,7 +31,8 @@ async def get_database_blob_auditing_policies(self, resource_group_name, server_ print_exception(f'Failed to retrieve database blob auditing policies: {e}') return [] - async def get_database_threat_detection_policies(self, resource_group_name, server_name, database_name, subscription_id: str): + async def get_database_threat_detection_policies(self, resource_group_name, server_name, database_name, + subscription_id: str): try: client = self.get_client(subscription_id) return await run_concurrently( @@ -49,7 +53,8 @@ async def get_databases(self, resource_group_name, server_name, subscription_id: print_exception(f'Failed to retrieve databases: {e}') return [] - async def get_database_replication_links(self, resource_group_name, server_name, database_name, subscription_id: str): + async def get_database_replication_links(self, resource_group_name, server_name, database_name, + subscription_id: str): try: client = self.get_client(subscription_id) return await run_concurrently( @@ -105,7 +110,8 @@ async def get_servers(self, subscription_id: str): print_exception(f'Failed to retrieve servers: {e}') return [] - async def get_database_transparent_data_encryptions(self, resource_group_name, server_name, database_name, subscription_id: str): + async def get_database_transparent_data_encryptions(self, resource_group_name, server_name, database_name, + subscription_id: str): try: client = self.get_client(subscription_id) return await run_concurrently( diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 2e051e56f..9d90f8e34 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -1,12 +1,13 @@ import datetime +from azure.identity import AzureCliCredential from azure.mgmt.monitor import MonitorManagementClient from azure.mgmt.storage import StorageManagementClient from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently from ScoutSuite.utils import get_user_agent -from azure.mgmt.resource import ResourceManagementClient + class StorageAccountsFacade: @@ -14,12 +15,10 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = StorageManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - # client._client.config.add_user_agent(get_user_agent()) - - cli = ResourceManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) + default_cli_credential = AzureCliCredential() + client = StorageManagementClient(default_cli_credential, + subscription_id=subscription_id, + user_agent=get_user_agent()) return client async def get_storage_accounts(self, subscription_id: str): @@ -49,8 +48,8 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s return containers async def _get_and_set_activity_logs(self, storage_account, subscription_id: str): - client = MonitorManagementClient(self.credentials.arm_credentials, subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + client = MonitorManagementClient(default_cli_credential, subscription_id, user_agent=get_user_agent()) # Time format used by Azure API: time_format = "%Y-%m-%dT%H:%M:%S.%f" @@ -90,4 +89,3 @@ async def _get_and_set_activity_logs(self, storage_account, subscription_id: str # else: # return None # # return queues - diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 217c67ba8..84873ad9e 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -1,8 +1,9 @@ +from azure.identity import AzureCliCredential, DefaultAzureCredential from azure.mgmt.compute import ComputeManagementClient from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.azure.facade.azureidentitycredentialadapter import AzureIdentityCredentialAdapter from ScoutSuite.providers.utils import run_concurrently -from ScoutSuite.utils import get_user_agent class VirtualMachineFacade: @@ -11,9 +12,12 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = ComputeManagementClient(self.credentials.get_credentials('arm'), - subscription_id=subscription_id) - client._client.config.add_user_agent(get_user_agent()) + default_cli_credential = AzureCliCredential() + # this wrapper removes the error 'AzureCliCredential' object has no attribute 'signed_session' + # should not be used --> even though azure.mgmt.compute does support azure-identity it still causes an error + wrapped_credentials = AzureIdentityCredentialAdapter(default_cli_credential) + client = ComputeManagementClient(wrapped_credentials, + subscription_id=subscription_id) return client async def get_instances(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py index f5eafbd52..c92a4d650 100755 --- a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py +++ b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py @@ -17,11 +17,11 @@ def _parse_role_assignment(self, raw_role_assignment): role_assignment_dict = {} role_assignment_dict['id'] = raw_role_assignment.name role_assignment_dict['name'] = raw_role_assignment.name - role_assignment_dict['role_definition_id'] = raw_role_assignment.role_definition_id + role_assignment_dict['role_definition_id'] = raw_role_assignment.properties.role_definition_id role_assignment_dict['type'] = raw_role_assignment.type - role_assignment_dict['scope'] = raw_role_assignment.scope - role_assignment_dict['principal_id'] = raw_role_assignment.principal_id - role_assignment_dict['principal_type'] = raw_role_assignment.principal_type - role_assignment_dict['can_delegate'] = raw_role_assignment.can_delegate + role_assignment_dict['scope'] = raw_role_assignment.properties.scope + role_assignment_dict['principal_id'] = raw_role_assignment.properties.principal_id + role_assignment_dict['principal_type'] = "None" + role_assignment_dict['can_delegate'] = "None" role_assignment_dict['additional_properties'] = raw_role_assignment.additional_properties return role_assignment_dict['id'], role_assignment_dict diff --git a/requirements.txt b/requirements.txt index 395f14aad..b21e0d3bf 100755 --- a/requirements.txt +++ b/requirements.txt @@ -31,23 +31,23 @@ httplib2shim>=0.0.3 # Azure Provider ## core requirements -azure-cli-core==2.12.0 +azure-cli-core==2.19.0 ## for RBAC in AAD azure-graphrbac==0.61.1 adal==1.2.6 -msal==1.8.0 +msal==1.9.0 PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources -azure-mgmt-storage==7.1.0 -azure-mgmt-monitor==0.5.2 -azure-mgmt-sql==0.11.0 -azure-mgmt-security==0.4.1 -azure-mgmt-keyvault==1.1.0 -azure-mgmt-network==2.5.1 +azure-mgmt-storage==16.0.0 +azure-mgmt-monitor==2.0.0 +azure-mgmt-sql==1.0.0 +azure-mgmt-security==1.0.0 +azure-mgmt-keyvault==8.0.0 +azure-mgmt-network==17.1.0 azure-mgmt-redis==6.0.0 -azure-mgmt-web==0.47.0 -azure-mgmt-compute==12.0.0 -azure-mgmt-authorization==0.60.0 +azure-mgmt-web==1.0.0 +azure-mgmt-compute==18.2.0 +azure-mgmt-authorization==1.0.0 azure-identity==1.5.0 msgraphcore==0.0.2 diff --git a/scout.py b/scout.py index f466b5e0f..0f06335bd 100755 --- a/scout.py +++ b/scout.py @@ -5,6 +5,7 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - sys.argv = ['scout.py', 'azure', '--cli', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] + # sys.argv = ['scout.py', 'azure', '--cli', '--force'] + sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From 01c8937e00d310b547f976a9b1496e0bc56908d4 Mon Sep 17 00:00:00 2001 From: Sophie Date: Tue, 9 Feb 2021 23:52:53 -0500 Subject: [PATCH 482/979] refactor aad.py --- ScoutSuite/providers/azure/facade/aad.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 077ee3d94..21179c6d2 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -1,7 +1,10 @@ +import os + from msgraphcore import GraphSession from ScoutSuite.core.console import print_exception -from azure.identity import DeviceCodeCredential, DefaultAzureCredential, AzureCliCredential, ManagedIdentityCredential +from azure.identity import DeviceCodeCredential, DefaultAzureCredential, AzureCliCredential, ManagedIdentityCredential, \ + ClientSecretCredential class AADFacade: @@ -74,10 +77,10 @@ def __init__(self, credentials): async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - default_credential = AzureCliCredential() - device_credential = DeviceCodeCredential() - client = GraphSession(default_credential, scopes) + default_cli_credentials = AzureCliCredential() + client = GraphSession(default_cli_credentials, scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) + try: response = client.get(endpoint) if response.status_code == 200: From 948a0765ecf31c1a90ed4ba00e4472e9704b03b0 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 10 Feb 2021 11:31:14 +0100 Subject: [PATCH 483/979] Add *.prof to .gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 1dd20a453..9612ab3a8 100755 --- a/.gitignore +++ b/.gitignore @@ -69,4 +69,7 @@ report-* /private*/ /**/private*/ +#Profiling output +*.prof + !docker/bin From f990de71c54a5e18d1dc52740bdd41b258089a3e Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 10 Feb 2021 13:58:44 +0100 Subject: [PATCH 484/979] Add callback to match VPC and EC2 instances --- ScoutSuite/providers/aws/metadata.json | 6 ++---- ScoutSuite/providers/aws/provider.py | 10 ++++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 145c964d7..65548b270 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -182,10 +182,8 @@ "cols": 2, "path": "services.ec2.regions.id.vpcs.id.instances", "callbacks": [ - [ - "match_instances_and_subnets_callback", - { } - ] + [ "match_instances_and_subnets_callback", { } ], + [ "match_instances_and_vpcs_callback", { } ] ] }, "security_groups": { diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 5ce6ffe12..1a29bb4bc 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -410,6 +410,16 @@ def match_instances_and_subnets_callback(self, current_config, path, current_pat if instance_id not in subnet['instances']: subnet['instances'].append(instance_id) + def match_instances_and_vpcs_callback(self, current_config, path, current_path, instance_id, callback_args): + if 'ec2' in self.service_list and 'vpc' in self.service_list: # validate both services were included in run + subnet_id = current_config['SubnetId'] # get the subnet ID + if subnet_id: + vpc_data = self.subnet_map[subnet_id] # get the corresponding VPC ID and region + vpc = self.services['vpc']['regions'][vpc_data['region']]['vpcs'][vpc_data['vpc_id']] # find the VPC reference + manage_dictionary(vpc, 'instances', []) # initialize instances list for the VPC (if not already set) + if instance_id not in vpc['instances']: # if instance is not already mapped to the VPC + vpc['instances'].append(instance_id) # append EC2 instance ID to instance list in VPC + def _match_instances_and_roles(self): if 'ec2' in self.service_list and 'iam' in self.service_list: # validate both services were included in run ec2_config = self.services['ec2'] From e8e8297a39f620becfd68ca77d905e610c1b1499 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Wed, 10 Feb 2021 13:59:49 +0100 Subject: [PATCH 485/979] Fixed display issue of EC2 instances per VPC --- .../partials/aws/services.vpc.regions.id.vpcs.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html index fbfb119d0..829beaabd 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html +++ b/ScoutSuite/output/data/html/partials/aws/services.vpc.regions.id.vpcs.html @@ -35,13 +35,13 @@

      Instances {{> count_badge count=(count_vpc_instances instances) target=(concat '#services.vpc.regions' region 'vpcs' @key 'instances')}}

      -
      -
        - {{#each instances}} -
      • {{@key}}
        • - {{/each}} -
      -
      +
      From b6fa588ebe4d5f5f93d5a407f5d762e8d5d0d523 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 10 Feb 2021 13:53:38 -0500 Subject: [PATCH 486/979] Use identity for auth strategy --- .../azure/authentication_strategy.py | 20 +++++- ScoutSuite/providers/azure/facade/aad.py | 65 +------------------ .../providers/azure/facade/storageaccounts.py | 6 +- 3 files changed, 21 insertions(+), 70 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 29f4b3e2d..e3e06c8f5 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -6,7 +6,8 @@ from getpass import getpass from datetime import datetime, timedelta -from azure.common.credentials import ServicePrincipalCredentials, UserPassCredentials, get_azure_cli_credentials +from azure.common.credentials import ServicePrincipalCredentials, get_azure_cli_credentials +from azure.identity import UsernamePasswordCredential from msrestazure.azure_active_directory import MSIAuthentication from ScoutSuite.core.console import print_info, print_debug, print_exception from msrestazure.azure_active_directory import AADTokenCredentials @@ -20,12 +21,14 @@ class AzureCredentials: def __init__(self, - arm_credentials, aad_graph_credentials, + arm_credentials, aad_graph_credentials,identity_credentials, tenant_id=None, default_subscription_id=None, context=None): self.arm_credentials = arm_credentials # Azure Resource Manager API credentials self.aad_graph_credentials = aad_graph_credentials # Azure AD Graph API credentials + self.identity_credentials = identity_credentials # Azure Resource Manager API credentials + self.tenant_id = tenant_id self.default_subscription_id = default_subscription_id self.context = context @@ -146,7 +149,17 @@ def authenticate(self, aad_graph_token = client.acquire_token_by_username_password(username, password, scopes) aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - + identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID,username,password,authority=AUTHORITY_HOST_URI) + # resource_uri = 'https://management.core.windows.net/' + # scopes = resource_uri + "/.default" + # arm_token = credential.get_token( scopes) + # arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) + # + # # AAD Graph + # resource_uri = 'https://graph.microsoft.com' + # scopes = resource_uri + "/.default" + # aad_graph_token = credential.get_token(scopes) + # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) elif user_account_browser: @@ -235,6 +248,7 @@ def authenticate(self, return AzureCredentials(arm_credentials, aad_graph_credentials, + identity_credentials, tenant_id, subscription_id, context) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 991ab4576..60dbb8798 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -12,74 +12,11 @@ class AADFacade: def __init__(self, credentials): self.credentials = credentials - # Azure active directory methods - - # def get_client(self): - # client = GraphRbacManagementClient(self.credentials.get_credentials('aad_graph'), - # tenant_id=self.credentials.get_tenant_id()) - # client._client.config.add_user_agent(get_user_agent()) - # return client - # - # async def get_users(self): - # try: - # # This filters down the users which are pulled from the directory, otherwise for large tenants this - # # gets out of hands. - # # See https://github.com/nccgroup/ScoutSuite/issues/698 - # user_filter = " and ".join([ - # 'userType eq \'Guest\'' - # ]) - # - # users = await run_concurrently(lambda: list(self.get_client().users.list(filter= user_filter))) - # return users - # except Exception as e: - # print_exception(f'Failed to retrieve users: {e}') - # return [] - # - # async def get_user(self, user_id): - # try: - # return await run_concurrently(lambda: self.get_client().users.get(user_id)) - # except Exception as e: - # print_exception(f'Failed to retrieve user {user_id}: {e}') - # return None - # - # async def get_groups(self): - # try: - # return await run_concurrently(lambda: list(self.get_client().groups.list())) - # except Exception as e: - # print_exception(f'Failed to retrieve groups: {e}') - # return [] - # - # async def get_user_groups(self, user_id): - # try: - # return await run_concurrently(lambda: list( - # self.get_client().users.get_member_groups(object_id=user_id, - # security_enabled_only=False)) - # ) - # except Exception as e: - # print_exception(f'Failed to retrieve user\'s groups: {e}') - # return [] - # - # async def get_service_principals(self): - # try: - # return await run_concurrently(lambda: list(self.get_client().service_principals.list())) - # except Exception as e: - # print_exception(f'Failed to retrieve service principals: {e}') - # return [] - # - # async def get_applications(self): - # try: - # return await run_concurrently(lambda: list(self.get_client().applications.list())) - # except Exception as e: - # print_exception(f'Failed to retrieve applications: {e}') - # return [] - - # Azure microsoft graph new methods async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - default_cli_credentials = AzureCliCredential() - client = GraphSession(default_cli_credentials, scopes) + client = GraphSession(self.credentials.identity_credentials, scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) try: diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 9d90f8e34..bfbdce65f 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -1,6 +1,6 @@ import datetime -from azure.identity import AzureCliCredential +from azure.identity import AzureCliCredential, DefaultAzureCredential, UsernamePasswordCredential from azure.mgmt.monitor import MonitorManagementClient from azure.mgmt.storage import StorageManagementClient @@ -15,8 +15,8 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = StorageManagementClient(default_cli_credential, + + client = StorageManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id, user_agent=get_user_agent()) return client From 2ea27683d316bb837b3a3ccead59dc5fb4ef3f0b Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 10 Feb 2021 14:15:25 -0500 Subject: [PATCH 487/979] Update facades --- .../azure/authentication_strategy.py | 125 +++++++++--------- .../providers/azure/facade/appservice.py | 3 +- .../facade/azureidentitycredentialadapter.py | 52 -------- ScoutSuite/providers/azure/facade/base.py | 3 +- ScoutSuite/providers/azure/facade/keyvault.py | 3 +- ScoutSuite/providers/azure/facade/network.py | 3 +- ScoutSuite/providers/azure/facade/rbac.py | 3 +- .../providers/azure/facade/securitycenter.py | 3 +- .../providers/azure/facade/sqldatabase.py | 3 +- .../providers/azure/facade/virtualmachines.py | 8 +- requirements.txt | 1 + 11 files changed, 72 insertions(+), 135 deletions(-) delete mode 100644 ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index e3e06c8f5..b84574f35 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -21,76 +21,76 @@ class AzureCredentials: def __init__(self, - arm_credentials, aad_graph_credentials,identity_credentials, + identity_credentials, tenant_id=None, default_subscription_id=None, context=None): - self.arm_credentials = arm_credentials # Azure Resource Manager API credentials - self.aad_graph_credentials = aad_graph_credentials # Azure AD Graph API credentials + # self.arm_credentials = arm_credentials # Azure Resource Manager API credentials + # self.aad_graph_credentials = aad_graph_credentials # Azure AD Graph API credentials self.identity_credentials = identity_credentials # Azure Resource Manager API credentials self.tenant_id = tenant_id self.default_subscription_id = default_subscription_id self.context = context - def get_tenant_id(self): - if self.tenant_id: - return self.tenant_id - elif 'tenant_id' in self.aad_graph_credentials.token: - return self.aad_graph_credentials.token['tenant_id'] - else: - # This is a last resort, e.g. for MSI authentication - try: - h = {'Authorization': 'Bearer {}'.format(self.arm_credentials.token['access_token'])} - r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) - r2 = r.json() - return r2.get('value')[0].get('tenantId') - except Exception as e: - print_exception('Unable to infer tenant ID: {}'.format(e)) - return None - - def get_credentials(self, resource): - if resource == 'arm': - self.arm_credentials = self.get_fresh_credentials(self.arm_credentials) - return self.arm_credentials - elif resource == 'aad_graph': - self.aad_graph_credentials = self.get_fresh_credentials(self.aad_graph_credentials) - return self.aad_graph_credentials - else: - raise AuthenticationException('Invalid credentials resource type') - - def get_fresh_credentials(self, credentials): - """ - Check if credentials are outdated and if so refresh them. - """ - - if self.context and hasattr(credentials, 'token'): - expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) - current_datetime = datetime.now() - expiration_delta = expiration_datetime - current_datetime - if expiration_delta < timedelta(minutes=50000): - return self.refresh_credential(credentials) - return credentials - - def refresh_credential(self, credentials): - """ - Refresh credentials - """ - print_debug('Refreshing credentials') - authority_uri = AUTHORITY_HOST_URI + self.get_tenant_id() - existing_cache = self.context.cache - - - client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, token_cache=existing_cache, - authority=authority_uri) - - scopes = [credentials.resource+ "/.default"] - - new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'],scopes) - - - new_credentials = AADTokenCredentials(new_token, credentials.token.get('_client_id')) - return new_credentials + # def get_tenant_id(self): + # if self.tenant_id: + # return self.tenant_id + # elif 'tenant_id' in self.aad_graph_credentials.token: + # return self.aad_graph_credentials.token['tenant_id'] + # else: + # # This is a last resort, e.g. for MSI authentication + # try: + # h = {'Authorization': 'Bearer {}'.format(self.arm_credentials.token['access_token'])} + # r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) + # r2 = r.json() + # return r2.get('value')[0].get('tenantId') + # except Exception as e: + # print_exception('Unable to infer tenant ID: {}'.format(e)) + # return None + # + # def get_credentials(self, resource): + # if resource == 'arm': + # self.arm_credentials = self.get_fresh_credentials(self.arm_credentials) + # return self.arm_credentials + # elif resource == 'aad_graph': + # self.aad_graph_credentials = self.get_fresh_credentials(self.aad_graph_credentials) + # return self.aad_graph_credentials + # else: + # raise AuthenticationException('Invalid credentials resource type') + # + # def get_fresh_credentials(self, credentials): + # """ + # Check if credentials are outdated and if so refresh them. + # """ + # + # if self.context and hasattr(credentials, 'token'): + # expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) + # current_datetime = datetime.now() + # expiration_delta = expiration_datetime - current_datetime + # if expiration_delta < timedelta(minutes=50000): + # return self.refresh_credential(credentials) + # return credentials + # + # def refresh_credential(self, credentials): + # """ + # Refresh credentials + # """ + # print_debug('Refreshing credentials') + # authority_uri = AUTHORITY_HOST_URI + self.get_tenant_id() + # existing_cache = self.context.cache + # + # + # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, token_cache=existing_cache, + # authority=authority_uri) + # + # scopes = [credentials.resource+ "/.default"] + # + # new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'],scopes) + # + # + # new_credentials = AADTokenCredentials(new_token, credentials.token.get('_client_id')) + # return new_credentials class AzureAuthenticationStrategy(AuthenticationStrategy): @@ -246,8 +246,7 @@ def authenticate(self, else: raise AuthenticationException('Unknown authentication method') - return AzureCredentials(arm_credentials, - aad_graph_credentials, + return AzureCredentials( identity_credentials, tenant_id, subscription_id, context) diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py index 97c62ef92..c51972ce4 100755 --- a/ScoutSuite/providers/azure/facade/appservice.py +++ b/ScoutSuite/providers/azure/facade/appservice.py @@ -13,8 +13,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = WebSiteManagementClient(default_cli_credential, + client = WebSiteManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py deleted file mode 100644 index ffc7328f8..000000000 --- a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py +++ /dev/null @@ -1,52 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ - -# Adapt credentials from azure-identity to be compatible with SDK that needs msrestazure or azure.common.credentials -# Need msrest >= 0.6.0 -# See also https://pypi.org/project/azure-identity/ - -from msrest.authentication import BasicTokenAuthentication -from azure.core.pipeline.policies import BearerTokenCredentialPolicy -from azure.core.pipeline import PipelineRequest, PipelineContext -from azure.core.pipeline.transport import HttpRequest - -from azure.identity import DefaultAzureCredential - -class AzureIdentityCredentialAdapter(BasicTokenAuthentication): - def __init__(self, credential=None, resource_id="https://management.azure.com/.default", **kwargs): - """Adapt any azure-identity credential to work with SDK that needs azure.common.credentials or msrestazure. - Default resource is ARM (syntax of endpoint v2) - :param credential: Any azure-identity credential (DefaultAzureCredential by default) - :param str resource_id: The scope to use to get the token (default ARM) - """ - super(AzureIdentityCredentialAdapter, self).__init__(None) - if credential is None: - credential = DefaultAzureCredential() - self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs) - - def _make_request(self): - return PipelineRequest( - HttpRequest( - "AzureIdentityCredentialAdapter", - "https://fakeurl" - ), - PipelineContext(None) - ) - - def set_token(self): - """Ask the azure-core BearerTokenCredentialPolicy policy to get a token. - Using the policy gives us for free the caching system of azure-core. - We could make this code simpler by using private method, but by definition - I can't assure they will be there forever, so mocking a fake call to the policy - to extract the token, using 100% public API.""" - request = self._make_request() - self._policy.on_request(request) - # Read Authorization, and get the second part after Bearer - token = request.http_request.headers["Authorization"].split(" ", 1)[1] - self.token = {"access_token": token} - - def signed_session(self, session=None): - self.set_token() - return super(AzureIdentityCredentialAdapter, self).signed_session(session) \ No newline at end of file diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index f97bdbc70..7862c338f 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -78,8 +78,7 @@ async def get_subscriptions(self): def _set_subscriptions(self): # Create the client - subscription_client = SubscriptionClient(self.credentials.arm_credentials) - subscription_client._client.config.add_user_agent(get_user_agent()) + subscription_client = SubscriptionClient(self.credentials.identity_credentials, user_agent=get_user_agent()) # Get all the accessible subscriptions accessible_subscriptions_list = list(subscription_client.subscriptions.list()) diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py index 1f74bcfd6..6ec5ec9b5 100755 --- a/ScoutSuite/providers/azure/facade/keyvault.py +++ b/ScoutSuite/providers/azure/facade/keyvault.py @@ -12,8 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = KeyVaultManagementClient(default_cli_credential, + client = KeyVaultManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py index a1412681d..4abf172fd 100755 --- a/ScoutSuite/providers/azure/facade/network.py +++ b/ScoutSuite/providers/azure/facade/network.py @@ -12,8 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = NetworkManagementClient(default_cli_credential, + client = NetworkManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id) return client diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index 652dfbb15..67fe9d149 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -12,8 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = AuthorizationManagementClient(default_cli_credential, + client = AuthorizationManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index 72cf106ee..cce6138a6 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -12,8 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = SecurityCenter(default_cli_credential, + client = SecurityCenter(self.credentials.identity_credentials, subscription_id, '', user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index c2f6c79e9..c50dc2d5e 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -13,8 +13,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = SqlManagementClient(default_cli_credential, + client = SqlManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 84873ad9e..828d8192a 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -2,7 +2,6 @@ from azure.mgmt.compute import ComputeManagementClient from ScoutSuite.core.console import print_exception -from ScoutSuite.providers.azure.facade.azureidentitycredentialadapter import AzureIdentityCredentialAdapter from ScoutSuite.providers.utils import run_concurrently @@ -12,11 +11,8 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - default_cli_credential = AzureCliCredential() - # this wrapper removes the error 'AzureCliCredential' object has no attribute 'signed_session' - # should not be used --> even though azure.mgmt.compute does support azure-identity it still causes an error - wrapped_credentials = AzureIdentityCredentialAdapter(default_cli_credential) - client = ComputeManagementClient(wrapped_credentials, + + client = ComputeManagementClient(self.credentials.identity_credentials, subscription_id=subscription_id) return client diff --git a/requirements.txt b/requirements.txt index 64c821ce3..ce63313c6 100755 --- a/requirements.txt +++ b/requirements.txt @@ -37,6 +37,7 @@ azure-graphrbac==0.61.1 msal==1.9.0 PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources +azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 azure-mgmt-monitor==2.0.0 azure-mgmt-sql==1.0.0 From cab6fe58a8b85f2dbd2b1a5e1a052f81f70c36dd Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 10 Feb 2021 14:26:40 -0500 Subject: [PATCH 488/979] refactor authentification with azure-identity instead of MSAL --- .../azure/authentication_strategy.py | 137 +++++++++--------- scout.py | 6 +- 2 files changed, 74 insertions(+), 69 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index b84574f35..103ec17a3 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -7,7 +7,8 @@ from datetime import datetime, timedelta from azure.common.credentials import ServicePrincipalCredentials, get_azure_cli_credentials -from azure.identity import UsernamePasswordCredential +from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ + ManagedIdentityCredential, InteractiveBrowserCredential from msrestazure.azure_active_directory import MSIAuthentication from ScoutSuite.core.console import print_info, print_debug, print_exception from msrestazure.azure_active_directory import AADTokenCredentials @@ -119,10 +120,11 @@ def authenticate(self, context = None if cli: - arm_credentials, subscription_id, tenant_id = \ - get_azure_cli_credentials(with_tenant=True) - aad_graph_credentials, placeholder_1, placeholder_2 = \ - get_azure_cli_credentials(with_tenant=True, resource='https://graph.microsoft.com') + identity_credentials = AzureCliCredential() + # arm_credentials, subscription_id, tenant_id = \ + # get_azure_cli_credentials(with_tenant=True) + # aad_graph_credentials, placeholder_1, placeholder_2 = \ + # get_azure_cli_credentials(with_tenant=True, resource='https://graph.microsoft.com') elif user_account: @@ -134,56 +136,49 @@ def authenticate(self, else: raise AuthenticationException('Username, Tenant ID and/or password not set') - client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) + #client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) # Resource Manager - resource_uri = 'https://management.core.windows.net/' - scopes = [resource_uri + "/.default"] - arm_token = client.acquire_token_by_username_password(username, password, scopes) - arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) - - # AAD Graph - resource_uri = 'https://graph.microsoft.com' - scopes = [resource_uri + "/.default"] - aad_graph_token = client.acquire_token_by_username_password(username, password, scopes) - aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - - identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID,username,password,authority=AUTHORITY_HOST_URI) # resource_uri = 'https://management.core.windows.net/' - # scopes = resource_uri + "/.default" - # arm_token = credential.get_token( scopes) + # scopes = [resource_uri + "/.default"] + # arm_token = client.acquire_token_by_username_password(username, password, scopes) # arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) # # # AAD Graph # resource_uri = 'https://graph.microsoft.com' - # scopes = resource_uri + "/.default" - # aad_graph_token = credential.get_token(scopes) + # scopes = [resource_uri + "/.default"] + # aad_graph_token = client.acquire_token_by_username_password(username, password, scopes) # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) + identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password, + authority=AUTHORITY_HOST_URI) + elif user_account_browser: - client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID) + # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID) # Resource Manager - resource_uri = 'https://management.core.windows.net/' - scopes = [resource_uri + "/.default"] - code = client.initiate_device_flow(scopes) - print_info('To authenticate to the Resource Manager API, use a web browser to ' - 'access {} and enter the {} code.'.format(code['verification_uri'], - code['user_code'])) - arm_token = client.acquire_token_by_device_flow(code) - arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) - - # AAD Graph - resource_uri = 'https://graph.microsoft.com' - scopes = [resource_uri + "/.default"] - code = client.initiate_device_flow(scopes) - print_info('To authenticate to the microsoft Graph API, use a web browser to ' - 'access {} and enter the {} code.'.format(code['verification_uri'], - code['user_code'])) - aad_graph_token = client.acquire_token_by_device_flow(code) - aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) + # resource_uri = 'https://management.core.windows.net/' + # scopes = [resource_uri + "/.default"] + # code = client.initiate_device_flow(scopes) + # print_info('To authenticate to the Resource Manager API, use a web browser to ' + # 'access {} and enter the {} code.'.format(code['verification_uri'], + # code['user_code'])) + # arm_token = client.acquire_token_by_device_flow(code) + # arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) + + # # AAD Graph + # resource_uri = 'https://graph.microsoft.com' + # scopes = [resource_uri + "/.default"] + # code = client.initiate_device_flow(scopes) + # print_info('To authenticate to the microsoft Graph API, use a web browser to ' + # 'access {} and enter the {} code.'.format(code['verification_uri'], + # code['user_code'])) + # aad_graph_token = client.acquire_token_by_device_flow(code) + # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) + + identity_credentials = InteractiveBrowserCredential() elif service_principal: @@ -205,18 +200,23 @@ def authenticate(self, else: raise AuthenticationException('No Client Secret set') - arm_credentials = ServicePrincipalCredentials( - client_id=client_id, - secret=client_secret, - tenant=tenant_id - ) - - aad_graph_credentials = ServicePrincipalCredentials( - client_id=client_id, - secret=client_secret, - tenant=tenant_id, - resource='https://graph.microsoft.com' - ) + identity_credentials = ClientSecretCredential( + client_id=client_id, + client_secret=client_secret, + tenant_id=tenant_id + ) + # arm_credentials = ServicePrincipalCredentials( + # client_id=client_id, + # secret=client_secret, + # tenant=tenant_id + # ) + # + # aad_graph_credentials = ServicePrincipalCredentials( + # client_id=client_id, + # secret=client_secret, + # tenant=tenant_id, + # resource='https://graph.microsoft.com' + # ) elif file_auth: @@ -225,23 +225,28 @@ def authenticate(self, client_id = data.get('clientId') client_secret = data.get('clientSecret') - arm_credentials = ServicePrincipalCredentials( + identity_credentials = ClientSecretCredential( client_id=client_id, - secret=client_secret, - tenant=tenant_id - ) - - aad_graph_credentials = ServicePrincipalCredentials( - client_id=client_id, - secret=client_secret, - tenant=tenant_id, - resource='https://graph.microsoft.com' + client_secret=client_secret, + tenant_id=tenant_id ) + # arm_credentials = ServicePrincipalCredentials( + # client_id=client_id, + # secret=client_secret, + # tenant=tenant_id + # ) + # + # aad_graph_credentials = ServicePrincipalCredentials( + # client_id=client_id, + # secret=client_secret, + # tenant=tenant_id, + # resource='https://graph.microsoft.com' + # ) elif msi: - - arm_credentials = MSIAuthentication() - aad_graph_credentials = MSIAuthentication(resource='https://graph.microsoft.com') + identity_credentials = ManagedIdentityCredential() + # arm_credentials = MSIAuthentication() + # aad_graph_credentials = MSIAuthentication(resource='https://graph.microsoft.com') else: raise AuthenticationException('Unknown authentication method') diff --git a/scout.py b/scout.py index b564e75e0..41bda8ffe 100755 --- a/scout.py +++ b/scout.py @@ -6,9 +6,9 @@ if __name__ == "__main__": # sys.argv = ['scout.py', 'azure', '--cli', '--force'] - sys.argv = ['scout.py', 'azure', '--user-account', '--force'] + # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From dfbfdc1dac0f07251cc8524ba55fcd5a5ef60782 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 10 Feb 2021 14:47:05 -0500 Subject: [PATCH 489/979] refactor authentification and storage using azure-identity --- ScoutSuite/providers/azure/facade/storageaccounts.py | 3 +-- ScoutSuite/providers/azure/facade/virtualmachines.py | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index bfbdce65f..8970ab9c2 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -48,8 +48,7 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s return containers async def _get_and_set_activity_logs(self, storage_account, subscription_id: str): - default_cli_credential = AzureCliCredential() - client = MonitorManagementClient(default_cli_credential, subscription_id, user_agent=get_user_agent()) + client = MonitorManagementClient(self.credentials.identity_credentials, subscription_id, user_agent=get_user_agent()) # Time format used by Azure API: time_format = "%Y-%m-%dT%H:%M:%S.%f" diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 828d8192a..d96f6fbc6 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -3,6 +3,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class VirtualMachineFacade: From 7b3d516e5a4635adce3e936dcd836606c97abe1a Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 10 Feb 2021 15:37:02 -0500 Subject: [PATCH 490/979] added a azure identity wrapper for azure-mgmt-compute since no attribute signed_session error keeps appearing with every type of azure-identity credentials --- .../azure/authentication_strategy.py | 41 ++++++-------- .../facade/azureidentitycredentialadapter.py | 53 +++++++++++++++++++ .../providers/azure/facade/virtualmachines.py | 4 +- ScoutSuite/providers/azure/provider.py | 4 +- 4 files changed, 74 insertions(+), 28 deletions(-) create mode 100644 ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 103ec17a3..f74d9ce03 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -8,7 +8,7 @@ from azure.common.credentials import ServicePrincipalCredentials, get_azure_cli_credentials from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ - ManagedIdentityCredential, InteractiveBrowserCredential + ManagedIdentityCredential, InteractiveBrowserCredential, ChainedTokenCredential from msrestazure.azure_active_directory import MSIAuthentication from ScoutSuite.core.console import print_info, print_debug, print_exception from msrestazure.azure_active_directory import AADTokenCredentials @@ -37,12 +37,12 @@ def __init__(self, # def get_tenant_id(self): # if self.tenant_id: # return self.tenant_id - # elif 'tenant_id' in self.aad_graph_credentials.token: - # return self.aad_graph_credentials.token['tenant_id'] + # elif 'tenant_id' in self.identity_credentials._tenant_id: + # return self.identity_credentials._tenant_id # else: # # This is a last resort, e.g. for MSI authentication # try: - # h = {'Authorization': 'Bearer {}'.format(self.arm_credentials.token['access_token'])} + # h = {'Authorization': 'Bearer {}'.format(self.identity_credentials._cache.CredentialType.ACCESS_TOKEN)} # r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) # r2 = r.json() # return r2.get('value')[0].get('tenantId') @@ -51,14 +51,8 @@ def __init__(self, # return None # # def get_credentials(self, resource): - # if resource == 'arm': - # self.arm_credentials = self.get_fresh_credentials(self.arm_credentials) - # return self.arm_credentials - # elif resource == 'aad_graph': - # self.aad_graph_credentials = self.get_fresh_credentials(self.aad_graph_credentials) - # return self.aad_graph_credentials - # else: - # raise AuthenticationException('Invalid credentials resource type') + # self.identity_credentials = self.get_fresh_credentials(self.identity_credentials) + # return self.identity_credentials # # def get_fresh_credentials(self, credentials): # """ @@ -81,14 +75,12 @@ def __init__(self, # authority_uri = AUTHORITY_HOST_URI + self.get_tenant_id() # existing_cache = self.context.cache # - # # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, token_cache=existing_cache, # authority=authority_uri) # - # scopes = [credentials.resource+ "/.default"] - # - # new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'],scopes) + # scopes = [credentials.resource + "/.default"] # + # new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'], scopes) # # new_credentials = AADTokenCredentials(new_token, credentials.token.get('_client_id')) # return new_credentials @@ -136,8 +128,7 @@ def authenticate(self, else: raise AuthenticationException('Username, Tenant ID and/or password not set') - #client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) - + # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) # Resource Manager # resource_uri = 'https://management.core.windows.net/' @@ -201,10 +192,10 @@ def authenticate(self, raise AuthenticationException('No Client Secret set') identity_credentials = ClientSecretCredential( - client_id=client_id, - client_secret=client_secret, - tenant_id=tenant_id - ) + client_id=client_id, + client_secret=client_secret, + tenant_id=tenant_id + ) # arm_credentials = ServicePrincipalCredentials( # client_id=client_id, # secret=client_secret, @@ -252,9 +243,9 @@ def authenticate(self, raise AuthenticationException('Unknown authentication method') return AzureCredentials( - identity_credentials, - tenant_id, subscription_id, - context) + identity_credentials, + tenant_id, subscription_id, + context) except Exception as e: if ', AdalError: Unsupported wstrust endpoint version. ' \ diff --git a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py new file mode 100644 index 000000000..a6e62ed08 --- /dev/null +++ b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py @@ -0,0 +1,53 @@ +# ------------------------------------ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# ------------------------------------ + +# Adapt credentials from azure-identity to be compatible with SDK that needs msrestazure or azure.common.credentials +# Need msrest >= 0.6.0 +# See also https://pypi.org/project/azure-identity/ + +from msrest.authentication import BasicTokenAuthentication +from azure.core.pipeline.policies import BearerTokenCredentialPolicy +from azure.core.pipeline import PipelineRequest, PipelineContext +from azure.core.pipeline.transport import HttpRequest + +from azure.identity import DefaultAzureCredential + + +class AzureIdentityCredentialAdapter(BasicTokenAuthentication): + def __init__(self, credential=None, resource_id="https://management.azure.com/.default", **kwargs): + """Adapt any azure-identity credential to work with SDK that needs azure.common.credentials or msrestazure. + Default resource is ARM (syntax of endpoint v2) + :param credential: Any azure-identity credential (DefaultAzureCredential by default) + :param str resource_id: The scope to use to get the token (default ARM) + """ + super(AzureIdentityCredentialAdapter, self).__init__(None) + if credential is None: + credential = DefaultAzureCredential() + self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs) + + def _make_request(self): + return PipelineRequest( + HttpRequest( + "AzureIdentityCredentialAdapter", + "https://fakeurl" + ), + PipelineContext(None) + ) + + def set_token(self): + """Ask the azure-core BearerTokenCredentialPolicy policy to get a token. + Using the policy gives us for free the caching system of azure-core. + We could make this code simpler by using private method, but by definition + I can't assure they will be there forever, so mocking a fake call to the policy + to extract the token, using 100% public API.""" + request = self._make_request() + self._policy.on_request(request) + # Read Authorization, and get the second part after Bearer + token = request.http_request.headers["Authorization"].split(" ", 1)[1] + self.token = {"access_token": token} + + def signed_session(self, session=None): + self.set_token() + return super(AzureIdentityCredentialAdapter, self).signed_session(session) diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index d96f6fbc6..219363e8c 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -2,6 +2,7 @@ from azure.mgmt.compute import ComputeManagementClient from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.azure.facade.azureidentitycredentialadapter import AzureIdentityCredentialAdapter from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.utils import get_user_agent @@ -13,7 +14,8 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): - client = ComputeManagementClient(self.credentials.identity_credentials, + credential_wrapper = AzureIdentityCredentialAdapter(self.credentials.identity_credentials) + client = ComputeManagementClient(credential_wrapper, subscription_id=subscription_id) return client diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index 4da8d9ed8..54107d5aa 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -37,7 +37,7 @@ def __init__(self, self.all_subscriptions = all_subscriptions try: - self.account_id = self.credentials.get_tenant_id() + self.account_id = self.credentials.get_tenant_id except Exception as e: self.account_id = 'undefined' @@ -56,7 +56,7 @@ def get_report_name(self): Returns the name of the report using the provider's configuration """ try: - return f'azure-tenant-{self.credentials.get_tenant_id()}' + return f'azure-tenant-{self.credentials.get_tenant_id}' except Exception as e: print_exception(f'Unable to define report name: {e}') return 'azure' From af030444b18bf9f79b25d9be7bda9ade9e1451b9 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 10 Feb 2021 15:37:41 -0500 Subject: [PATCH 491/979] added comment to azure-identity wrapper --- ScoutSuite/providers/azure/facade/virtualmachines.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 219363e8c..9a8ea6346 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -14,6 +14,8 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): + # this wrapper removes the error 'AzureCliCredential' object has no attribute 'signed_session' + # should not be used --> even though azure.mgmt.compute does support azure-identity it still causes an error credential_wrapper = AzureIdentityCredentialAdapter(self.credentials.identity_credentials) client = ComputeManagementClient(credential_wrapper, subscription_id=subscription_id) From 3e3d11c8c57338c05c0c538d02454b2bfe693141 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 10 Feb 2021 18:53:29 -0500 Subject: [PATCH 492/979] Uncomment --- .../azure/authentication_strategy.py | 98 ++++++++----------- scout.py | 1 + 2 files changed, 44 insertions(+), 55 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index f74d9ce03..dd3cb1b40 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -8,10 +8,8 @@ from azure.common.credentials import ServicePrincipalCredentials, get_azure_cli_credentials from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ - ManagedIdentityCredential, InteractiveBrowserCredential, ChainedTokenCredential -from msrestazure.azure_active_directory import MSIAuthentication + ManagedIdentityCredential, InteractiveBrowserCredential, ChainedTokenCredential, SharedTokenCacheCredential from ScoutSuite.core.console import print_info, print_debug, print_exception -from msrestazure.azure_active_directory import AADTokenCredentials from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException AUTHORITY_HOST_URI = 'https://login.microsoftonline.com/' @@ -34,56 +32,46 @@ def __init__(self, self.default_subscription_id = default_subscription_id self.context = context - # def get_tenant_id(self): - # if self.tenant_id: - # return self.tenant_id - # elif 'tenant_id' in self.identity_credentials._tenant_id: - # return self.identity_credentials._tenant_id - # else: - # # This is a last resort, e.g. for MSI authentication - # try: - # h = {'Authorization': 'Bearer {}'.format(self.identity_credentials._cache.CredentialType.ACCESS_TOKEN)} - # r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) - # r2 = r.json() - # return r2.get('value')[0].get('tenantId') - # except Exception as e: - # print_exception('Unable to infer tenant ID: {}'.format(e)) - # return None - # - # def get_credentials(self, resource): - # self.identity_credentials = self.get_fresh_credentials(self.identity_credentials) - # return self.identity_credentials - # - # def get_fresh_credentials(self, credentials): - # """ - # Check if credentials are outdated and if so refresh them. - # """ - # - # if self.context and hasattr(credentials, 'token'): - # expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) - # current_datetime = datetime.now() - # expiration_delta = expiration_datetime - current_datetime - # if expiration_delta < timedelta(minutes=50000): - # return self.refresh_credential(credentials) - # return credentials - # - # def refresh_credential(self, credentials): - # """ - # Refresh credentials - # """ - # print_debug('Refreshing credentials') - # authority_uri = AUTHORITY_HOST_URI + self.get_tenant_id() - # existing_cache = self.context.cache - # - # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, token_cache=existing_cache, - # authority=authority_uri) - # - # scopes = [credentials.resource + "/.default"] - # - # new_token = client.acquire_token_by_refresh_token(credentials.token['refresh_token'], scopes) - # - # new_credentials = AADTokenCredentials(new_token, credentials.token.get('_client_id')) - # return new_credentials + def get_tenant_id(self): + if self.tenant_id: + return self.tenant_id + elif 'tenant_id' in self.identity_credentials['tenant_id']: + return self.identity_credentials['tenant_id'] + # else: + # # This is a last resort, e.g. for MSI authentication + # try: + # h = {'Authorization': 'Bearer {}'.format(self.identity_credentials._cache.CredentialType.ACCESS_TOKEN)} + # r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) + # r2 = r.json() + # return r2.get('value')[0].get('tenantId') + # except Exception as e: + # print_exception('Unable to infer tenant ID: {}'.format(e)) + # return None + + def get_credentials(self, resource): + self.identity_credentials = self.get_fresh_credentials(self.identity_credentials) + return self.identity_credentials + + def get_fresh_credentials(self, credentials): + """ + Check if credentials are outdated and if so refresh them. + """ + + if self.context and hasattr(credentials, 'token'): + expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) + current_datetime = datetime.now() + expiration_delta = expiration_datetime - current_datetime + if expiration_delta < timedelta(minutes=50000): + return self.refresh_credential(credentials) + return credentials + + def refresh_credential(self, credentials): + """ + Refresh credentials + """ + print_debug('Refreshing credentials') + new_credentials = SharedTokenCacheCredential() + return new_credentials class AzureAuthenticationStrategy(AuthenticationStrategy): @@ -143,7 +131,7 @@ def authenticate(self, # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password, - authority=AUTHORITY_HOST_URI) + authority=AUTHORITY_HOST_URI,tenant_id=tenant_id) elif user_account_browser: @@ -235,7 +223,7 @@ def authenticate(self, # ) elif msi: - identity_credentials = ManagedIdentityCredential() + identity_credentials = ManagedIdentityCredential(client_id=AZURE_CLI_CLIENT_ID) # arm_credentials = MSIAuthentication() # aad_graph_credentials = MSIAuthentication(resource='https://graph.microsoft.com') diff --git a/scout.py b/scout.py index 41bda8ffe..2c1607bd1 100755 --- a/scout.py +++ b/scout.py @@ -8,6 +8,7 @@ # sys.argv = ['scout.py', 'azure', '--cli', '--force'] # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] + # sys.argv = ['scout.py', 'azure', '--msi', '--force'] sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] From afc8bc6a4c05fd81437889f2196d166b7d719fce Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 10 Feb 2021 19:29:00 -0500 Subject: [PATCH 493/979] Remove refresh functiions since it is handled by library --- .../azure/authentication_strategy.py | 25 ++----------------- ScoutSuite/providers/azure/facade/aad.py | 2 +- .../providers/azure/facade/appservice.py | 2 +- ScoutSuite/providers/azure/facade/base.py | 2 +- ScoutSuite/providers/azure/facade/keyvault.py | 2 +- ScoutSuite/providers/azure/facade/network.py | 2 +- ScoutSuite/providers/azure/facade/rbac.py | 2 +- .../providers/azure/facade/securitycenter.py | 2 +- .../providers/azure/facade/sqldatabase.py | 2 +- .../providers/azure/facade/storageaccounts.py | 4 +-- .../providers/azure/facade/virtualmachines.py | 2 +- 11 files changed, 13 insertions(+), 34 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index dd3cb1b40..44783fd16 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -48,30 +48,9 @@ def get_tenant_id(self): # print_exception('Unable to infer tenant ID: {}'.format(e)) # return None - def get_credentials(self, resource): - self.identity_credentials = self.get_fresh_credentials(self.identity_credentials) + def get_credentials(self): return self.identity_credentials - def get_fresh_credentials(self, credentials): - """ - Check if credentials are outdated and if so refresh them. - """ - - if self.context and hasattr(credentials, 'token'): - expiration_datetime = datetime.fromtimestamp(credentials.token['expires_on']) - current_datetime = datetime.now() - expiration_delta = expiration_datetime - current_datetime - if expiration_delta < timedelta(minutes=50000): - return self.refresh_credential(credentials) - return credentials - - def refresh_credential(self, credentials): - """ - Refresh credentials - """ - print_debug('Refreshing credentials') - new_credentials = SharedTokenCacheCredential() - return new_credentials class AzureAuthenticationStrategy(AuthenticationStrategy): @@ -157,7 +136,7 @@ def authenticate(self, # aad_graph_token = client.acquire_token_by_device_flow(code) # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - identity_credentials = InteractiveBrowserCredential() + identity_credentials = InteractiveBrowserCredential(tenant_id=tenant_id) elif service_principal: diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 60dbb8798..621ded6ef 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -16,7 +16,7 @@ def __init__(self, credentials): async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - client = GraphSession(self.credentials.identity_credentials, scopes) + client = GraphSession(self.credentials.get_credentials(), scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) try: diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py index c51972ce4..c92873414 100755 --- a/ScoutSuite/providers/azure/facade/appservice.py +++ b/ScoutSuite/providers/azure/facade/appservice.py @@ -13,7 +13,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = WebSiteManagementClient(self.credentials.identity_credentials, + client = WebSiteManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index 7862c338f..829ed8d7d 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -78,7 +78,7 @@ async def get_subscriptions(self): def _set_subscriptions(self): # Create the client - subscription_client = SubscriptionClient(self.credentials.identity_credentials, user_agent=get_user_agent()) + subscription_client = SubscriptionClient(self.credentials.get_credentials(), user_agent=get_user_agent()) # Get all the accessible subscriptions accessible_subscriptions_list = list(subscription_client.subscriptions.list()) diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py index 6ec5ec9b5..e76d16a22 100755 --- a/ScoutSuite/providers/azure/facade/keyvault.py +++ b/ScoutSuite/providers/azure/facade/keyvault.py @@ -12,7 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = KeyVaultManagementClient(self.credentials.identity_credentials, + client = KeyVaultManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py index 4abf172fd..d8fd71478 100755 --- a/ScoutSuite/providers/azure/facade/network.py +++ b/ScoutSuite/providers/azure/facade/network.py @@ -12,7 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = NetworkManagementClient(self.credentials.identity_credentials, + client = NetworkManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id) return client diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index 67fe9d149..a90d9908d 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -12,7 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = AuthorizationManagementClient(self.credentials.identity_credentials, + client = AuthorizationManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index cce6138a6..c4d9a029b 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -12,7 +12,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = SecurityCenter(self.credentials.identity_credentials, + client = SecurityCenter(self.credentials.get_credentials(), subscription_id, '', user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index c50dc2d5e..8332c4e2b 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -13,7 +13,7 @@ def __init__(self, credentials): self.credentials = credentials def get_client(self, subscription_id: str): - client = SqlManagementClient(self.credentials.identity_credentials, + client = SqlManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id, user_agent=get_user_agent()) return client diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 8970ab9c2..42a2e6121 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -16,7 +16,7 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): - client = StorageManagementClient(self.credentials.identity_credentials, + client = StorageManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id, user_agent=get_user_agent()) return client @@ -48,7 +48,7 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s return containers async def _get_and_set_activity_logs(self, storage_account, subscription_id: str): - client = MonitorManagementClient(self.credentials.identity_credentials, subscription_id, user_agent=get_user_agent()) + client = MonitorManagementClient(self.credentials.get_credentials(), subscription_id, user_agent=get_user_agent()) # Time format used by Azure API: time_format = "%Y-%m-%dT%H:%M:%S.%f" diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 9a8ea6346..a042d1d1c 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -16,7 +16,7 @@ def get_client(self, subscription_id: str): # this wrapper removes the error 'AzureCliCredential' object has no attribute 'signed_session' # should not be used --> even though azure.mgmt.compute does support azure-identity it still causes an error - credential_wrapper = AzureIdentityCredentialAdapter(self.credentials.identity_credentials) + credential_wrapper = AzureIdentityCredentialAdapter(self.credentials.get_credentials()) client = ComputeManagementClient(credential_wrapper, subscription_id=subscription_id) return client From 7fb91021f709ab3cec5937e6bb16216d88ffb8c7 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 10 Feb 2021 21:24:40 -0500 Subject: [PATCH 494/979] remove rule 1.22 from authentification branch and remove wrapper for azure-identity --- .../azure/service.aad.security_defaults.html | 23 -------- ScoutSuite/providers/azure/facade/aad.py | 9 ---- .../facade/azureidentitycredentialadapter.py | 53 ------------------- .../providers/azure/facade/virtualmachines.py | 8 +-- ScoutSuite/providers/azure/metadata.json | 4 -- .../providers/azure/resources/aad/base.py | 2 - .../azure/resources/aad/securitydefaults.py | 18 ------- .../aad-security-default-enabled.json | 27 ---------- .../azure/rules/rulesets/default.json | 6 --- requirements.txt | 6 +-- 10 files changed, 4 insertions(+), 152 deletions(-) delete mode 100644 ScoutSuite/output/data/html/partials/azure/service.aad.security_defaults.html delete mode 100644 ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py delete mode 100644 ScoutSuite/providers/azure/resources/aad/securitydefaults.py delete mode 100644 ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/service.aad.security_defaults.html b/ScoutSuite/output/data/html/partials/azure/service.aad.security_defaults.html deleted file mode 100644 index 6eefe335c..000000000 --- a/ScoutSuite/output/data/html/partials/azure/service.aad.security_defaults.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 621ded6ef..e1361450e 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -90,12 +90,3 @@ async def get_applications(self): except Exception as e: print_exception(f'Failed to retrieve applications: {e}') return [] - - async def get_security_defaults(self): - try: - security_default_response = await self._get_microsoft_graph_response( - 'identitySecurityDefaultsEnforcementPolicy') - return security_default_response - except Exception as e: - print_exception(f'Failed to retrieve applications: {e}') - return [] diff --git a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py b/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py deleted file mode 100644 index a6e62ed08..000000000 --- a/ScoutSuite/providers/azure/facade/azureidentitycredentialadapter.py +++ /dev/null @@ -1,53 +0,0 @@ -# ------------------------------------ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT License. -# ------------------------------------ - -# Adapt credentials from azure-identity to be compatible with SDK that needs msrestazure or azure.common.credentials -# Need msrest >= 0.6.0 -# See also https://pypi.org/project/azure-identity/ - -from msrest.authentication import BasicTokenAuthentication -from azure.core.pipeline.policies import BearerTokenCredentialPolicy -from azure.core.pipeline import PipelineRequest, PipelineContext -from azure.core.pipeline.transport import HttpRequest - -from azure.identity import DefaultAzureCredential - - -class AzureIdentityCredentialAdapter(BasicTokenAuthentication): - def __init__(self, credential=None, resource_id="https://management.azure.com/.default", **kwargs): - """Adapt any azure-identity credential to work with SDK that needs azure.common.credentials or msrestazure. - Default resource is ARM (syntax of endpoint v2) - :param credential: Any azure-identity credential (DefaultAzureCredential by default) - :param str resource_id: The scope to use to get the token (default ARM) - """ - super(AzureIdentityCredentialAdapter, self).__init__(None) - if credential is None: - credential = DefaultAzureCredential() - self._policy = BearerTokenCredentialPolicy(credential, resource_id, **kwargs) - - def _make_request(self): - return PipelineRequest( - HttpRequest( - "AzureIdentityCredentialAdapter", - "https://fakeurl" - ), - PipelineContext(None) - ) - - def set_token(self): - """Ask the azure-core BearerTokenCredentialPolicy policy to get a token. - Using the policy gives us for free the caching system of azure-core. - We could make this code simpler by using private method, but by definition - I can't assure they will be there forever, so mocking a fake call to the policy - to extract the token, using 100% public API.""" - request = self._make_request() - self._policy.on_request(request) - # Read Authorization, and get the second part after Bearer - token = request.http_request.headers["Authorization"].split(" ", 1)[1] - self.token = {"access_token": token} - - def signed_session(self, session=None): - self.set_token() - return super(AzureIdentityCredentialAdapter, self).signed_session(session) diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index a042d1d1c..2b6229b0a 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -1,10 +1,7 @@ -from azure.identity import AzureCliCredential, DefaultAzureCredential from azure.mgmt.compute import ComputeManagementClient from ScoutSuite.core.console import print_exception -from ScoutSuite.providers.azure.facade.azureidentitycredentialadapter import AzureIdentityCredentialAdapter from ScoutSuite.providers.utils import run_concurrently -from ScoutSuite.utils import get_user_agent class VirtualMachineFacade: @@ -14,10 +11,7 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): - # this wrapper removes the error 'AzureCliCredential' object has no attribute 'signed_session' - # should not be used --> even though azure.mgmt.compute does support azure-identity it still causes an error - credential_wrapper = AzureIdentityCredentialAdapter(self.credentials.get_credentials()) - client = ComputeManagementClient(credential_wrapper, + client = ComputeManagementClient(self.credentials.get_credentials(), subscription_id=subscription_id) return client diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index 62742289c..e2466b24a 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -67,10 +67,6 @@ "applications": { "cols": 2, "path": "services.aad.applications" - }, - "security_defaults": { - "cols": 2, - "path": "services.aad.security_defaults" } } }, diff --git a/ScoutSuite/providers/azure/resources/aad/base.py b/ScoutSuite/providers/azure/resources/aad/base.py index 2f53a3b7b..cb17ccfb2 100755 --- a/ScoutSuite/providers/azure/resources/aad/base.py +++ b/ScoutSuite/providers/azure/resources/aad/base.py @@ -5,7 +5,6 @@ from .groups import Groups from .serviceprincipals import ServicePrincipals from .applications import Applications -from .securitydefaults import SecurityDefaults class AAD(AzureCompositeResources): @@ -14,7 +13,6 @@ class AAD(AzureCompositeResources): (Groups, 'groups'), (ServicePrincipals, 'service_principals'), (Applications, 'applications'), - (SecurityDefaults, 'security_defaults') ] async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/aad/securitydefaults.py b/ScoutSuite/providers/azure/resources/aad/securitydefaults.py deleted file mode 100644 index 6203601cb..000000000 --- a/ScoutSuite/providers/azure/resources/aad/securitydefaults.py +++ /dev/null @@ -1,18 +0,0 @@ -from ScoutSuite.providers.azure.resources.base import AzureResources - - -class SecurityDefaults(AzureResources): - async def fetch_all(self): - raw_security_default = await self.facade.aad.get_security_defaults() - id, security_default = await self._parse_security_default(raw_security_default) - self[id] = security_default - - async def _parse_security_default(self, raw_security_default): - - security_default_dict = {} - - security_default_dict['id'] = raw_security_default.get('id') - security_default_dict['name'] = raw_security_default.get('displayName') - security_default_dict['is_enabled'] = raw_security_default.get('isEnabled') - - return security_default_dict['id'], security_default_dict diff --git a/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json b/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json deleted file mode 100644 index 96f50a7c5..000000000 --- a/ScoutSuite/providers/azure/rules/findings/aad-security-default-enabled.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "description": "Security Defaults Is Enabled", - "rationale": "Security defaults provide secure default settings that we manage on behalf of organizations to keep customers safe until they are ready to manage their own identity security story. Security defaults contain preconfigured security settings for common attacks.", - "remediation": "To enable security defaults in your directory:
      1. Sign in to the Azure portal as a security administrator, Conditional Access administrator, or global administrator.
      2. Browse to Azure Active Directory > Properties.
      3. Select Manage security defaults.
      4. Set the Enable security defaults toggle to Yes.
      ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "1.22" - } - ], - "references": [ - "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults", - "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414" - ], - "dashboard_name": "Security Defaults", - "path": "aad.security_defaults.id", - "conditions": [ - "and", - [ - "aad.security_defaults.id.is_enabled", - "false", - "" - ] - ], - "id_suffix": "is_enabled" -} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 6b65b709a..bcac9e514 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -7,12 +7,6 @@ "level": "warning" } ], - "aad-security-default-enabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], "appservice-authentication-disabled.json": [ { "enabled": true, diff --git a/requirements.txt b/requirements.txt index ce63313c6..8fc43fd82 100755 --- a/requirements.txt +++ b/requirements.txt @@ -31,11 +31,11 @@ httplib2shim>=0.0.3 # Azure Provider ## core requirements -azure-cli-core==2.19.0 +azure-cli-core==2.19.1 ## for RBAC in AAD azure-graphrbac==0.61.1 msal==1.9.0 -PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL +PyJWT==2.0.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 @@ -44,7 +44,7 @@ azure-mgmt-sql==1.0.0 azure-mgmt-security==1.0.0 azure-mgmt-keyvault==8.0.0 azure-mgmt-network==17.1.0 -azure-mgmt-redis==6.0.0 +azure-mgmt-redis==12.0.0 azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 From ab3100b51927fd3d1e0366b9d8137b0fa45e5c18 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Feb 2021 11:59:24 +0100 Subject: [PATCH 495/979] Use f-strings instead of .format --- ScoutSuite/providers/aws/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 9c426f2ba..cc0f24c4d 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -128,9 +128,9 @@ def format_arn(partition, service, region, account_id, resource_id, resource_typ try: # If a resource type is specified if resource_type is not None: - arn = 'arn:{}:{}:{}:{}:{}/{}'.format(partition, service, region, account_id, resource_type, resource_id) + arn = f"arn:{partition}:{service}:{region}:{account_id}:{resource_type}/{resource_id}" else: - arn = 'arn:{}:{}:{}:{}:{}'.format(partition, service, region, account_id, resource_id) + arn = f"arn:{partition}:{service}:{region}:{account_id}:{resource_id}" except Exception as e: print_exception(f'Failed to parse a resource ARN: {e}') return None From 0f1f81a25615d4d8e141608702728068df296f8a Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Thu, 11 Feb 2021 09:26:18 -0500 Subject: [PATCH 496/979] Cleanup --- .../azure/authentication_strategy.py | 83 +------------------ ScoutSuite/providers/azure/facade/aad.py | 2 - .../providers/azure/facade/appservice.py | 1 - ScoutSuite/providers/azure/facade/keyvault.py | 1 - ScoutSuite/providers/azure/facade/network.py | 4 +- ScoutSuite/providers/azure/facade/rbac.py | 1 - .../providers/azure/facade/securitycenter.py | 1 - .../providers/azure/facade/sqldatabase.py | 1 - .../providers/azure/facade/storageaccounts.py | 1 - .../providers/azure/facade/virtualmachines.py | 4 +- requirements.txt | 2 +- scout.py | 4 +- 12 files changed, 13 insertions(+), 92 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 44783fd16..49037117f 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,19 +1,12 @@ import json import logging - -import msal -import requests from getpass import getpass -from datetime import datetime, timedelta -from azure.common.credentials import ServicePrincipalCredentials, get_azure_cli_credentials from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ - ManagedIdentityCredential, InteractiveBrowserCredential, ChainedTokenCredential, SharedTokenCacheCredential -from ScoutSuite.core.console import print_info, print_debug, print_exception + ManagedIdentityCredential, InteractiveBrowserCredential from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException AUTHORITY_HOST_URI = 'https://login.microsoftonline.com/' - AZURE_CLI_CLIENT_ID = "04b07795-8ddb-461a-bbee-02f9e1bf7b46" @@ -24,10 +17,7 @@ def __init__(self, tenant_id=None, default_subscription_id=None, context=None): - # self.arm_credentials = arm_credentials # Azure Resource Manager API credentials - # self.aad_graph_credentials = aad_graph_credentials # Azure AD Graph API credentials self.identity_credentials = identity_credentials # Azure Resource Manager API credentials - self.tenant_id = tenant_id self.default_subscription_id = default_subscription_id self.context = context @@ -52,7 +42,6 @@ def get_credentials(self): return self.identity_credentials - class AzureAuthenticationStrategy(AuthenticationStrategy): def authenticate(self, @@ -80,10 +69,6 @@ def authenticate(self, if cli: identity_credentials = AzureCliCredential() - # arm_credentials, subscription_id, tenant_id = \ - # get_azure_cli_credentials(with_tenant=True) - # aad_graph_credentials, placeholder_1, placeholder_2 = \ - # get_azure_cli_credentials(with_tenant=True, resource='https://graph.microsoft.com') elif user_account: @@ -95,47 +80,11 @@ def authenticate(self, else: raise AuthenticationException('Username, Tenant ID and/or password not set') - # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID, authority=AUTHORITY_HOST_URI + tenant_id) - - # Resource Manager - # resource_uri = 'https://management.core.windows.net/' - # scopes = [resource_uri + "/.default"] - # arm_token = client.acquire_token_by_username_password(username, password, scopes) - # arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) - # - # # AAD Graph - # resource_uri = 'https://graph.microsoft.com' - # scopes = [resource_uri + "/.default"] - # aad_graph_token = client.acquire_token_by_username_password(username, password, scopes) - # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password, - authority=AUTHORITY_HOST_URI,tenant_id=tenant_id) + authority=AUTHORITY_HOST_URI, tenant_id=tenant_id) elif user_account_browser: - # client = msal.PublicClientApplication(AZURE_CLI_CLIENT_ID) - - # Resource Manager - # resource_uri = 'https://management.core.windows.net/' - # scopes = [resource_uri + "/.default"] - # code = client.initiate_device_flow(scopes) - # print_info('To authenticate to the Resource Manager API, use a web browser to ' - # 'access {} and enter the {} code.'.format(code['verification_uri'], - # code['user_code'])) - # arm_token = client.acquire_token_by_device_flow(code) - # arm_credentials = AADTokenCredentials(arm_token, AZURE_CLI_CLIENT_ID) - - # # AAD Graph - # resource_uri = 'https://graph.microsoft.com' - # scopes = [resource_uri + "/.default"] - # code = client.initiate_device_flow(scopes) - # print_info('To authenticate to the microsoft Graph API, use a web browser to ' - # 'access {} and enter the {} code.'.format(code['verification_uri'], - # code['user_code'])) - # aad_graph_token = client.acquire_token_by_device_flow(code) - # aad_graph_credentials = AADTokenCredentials(aad_graph_token, AZURE_CLI_CLIENT_ID) - identity_credentials = InteractiveBrowserCredential(tenant_id=tenant_id) elif service_principal: @@ -163,18 +112,7 @@ def authenticate(self, client_secret=client_secret, tenant_id=tenant_id ) - # arm_credentials = ServicePrincipalCredentials( - # client_id=client_id, - # secret=client_secret, - # tenant=tenant_id - # ) - # - # aad_graph_credentials = ServicePrincipalCredentials( - # client_id=client_id, - # secret=client_secret, - # tenant=tenant_id, - # resource='https://graph.microsoft.com' - # ) + elif file_auth: @@ -188,23 +126,10 @@ def authenticate(self, client_secret=client_secret, tenant_id=tenant_id ) - # arm_credentials = ServicePrincipalCredentials( - # client_id=client_id, - # secret=client_secret, - # tenant=tenant_id - # ) - # - # aad_graph_credentials = ServicePrincipalCredentials( - # client_id=client_id, - # secret=client_secret, - # tenant=tenant_id, - # resource='https://graph.microsoft.com' - # ) + elif msi: identity_credentials = ManagedIdentityCredential(client_id=AZURE_CLI_CLIENT_ID) - # arm_credentials = MSIAuthentication() - # aad_graph_credentials = MSIAuthentication(resource='https://graph.microsoft.com') else: raise AuthenticationException('Unknown authentication method') diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index e1361450e..7167e39de 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -3,8 +3,6 @@ from msgraphcore import GraphSession from ScoutSuite.core.console import print_exception -from azure.identity import DeviceCodeCredential, DefaultAzureCredential, AzureCliCredential, ManagedIdentityCredential, \ - ClientSecretCredential class AADFacade: diff --git a/ScoutSuite/providers/azure/facade/appservice.py b/ScoutSuite/providers/azure/facade/appservice.py index c92873414..3038375b4 100755 --- a/ScoutSuite/providers/azure/facade/appservice.py +++ b/ScoutSuite/providers/azure/facade/appservice.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from azure.mgmt.web import WebSiteManagementClient from ScoutSuite.core.console import print_exception diff --git a/ScoutSuite/providers/azure/facade/keyvault.py b/ScoutSuite/providers/azure/facade/keyvault.py index e76d16a22..65f8099bc 100755 --- a/ScoutSuite/providers/azure/facade/keyvault.py +++ b/ScoutSuite/providers/azure/facade/keyvault.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from azure.mgmt.keyvault import KeyVaultManagementClient from ScoutSuite.core.console import print_exception diff --git a/ScoutSuite/providers/azure/facade/network.py b/ScoutSuite/providers/azure/facade/network.py index d8fd71478..82aa5b353 100755 --- a/ScoutSuite/providers/azure/facade/network.py +++ b/ScoutSuite/providers/azure/facade/network.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from azure.mgmt.network import NetworkManagementClient from ScoutSuite.core.console import print_exception @@ -13,7 +12,8 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): client = NetworkManagementClient(self.credentials.get_credentials(), - subscription_id=subscription_id) + subscription_id=subscription_id, + user_agent=get_user_agent()) return client async def get_network_watchers(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index a90d9908d..9c43571f9 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from azure.mgmt.authorization import AuthorizationManagementClient from ScoutSuite.core.console import print_exception diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index c4d9a029b..c2b2677a2 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from azure.mgmt.security import SecurityCenter from ScoutSuite.core.console import print_exception, print_debug diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 8332c4e2b..45be13263 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -1,4 +1,3 @@ -from azure.identity import AzureCliCredential from msrestazure.azure_exceptions import CloudError from azure.mgmt.sql import SqlManagementClient diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 42a2e6121..05a37d310 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -1,6 +1,5 @@ import datetime -from azure.identity import AzureCliCredential, DefaultAzureCredential, UsernamePasswordCredential from azure.mgmt.monitor import MonitorManagementClient from azure.mgmt.storage import StorageManagementClient diff --git a/ScoutSuite/providers/azure/facade/virtualmachines.py b/ScoutSuite/providers/azure/facade/virtualmachines.py index 2b6229b0a..d7adc3617 100755 --- a/ScoutSuite/providers/azure/facade/virtualmachines.py +++ b/ScoutSuite/providers/azure/facade/virtualmachines.py @@ -2,6 +2,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent class VirtualMachineFacade: @@ -12,7 +13,8 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): client = ComputeManagementClient(self.credentials.get_credentials(), - subscription_id=subscription_id) + subscription_id=subscription_id, + user_agent=get_user_agent()) return client async def get_instances(self, subscription_id: str): diff --git a/requirements.txt b/requirements.txt index 8fc43fd82..867d04280 100755 --- a/requirements.txt +++ b/requirements.txt @@ -35,7 +35,7 @@ azure-cli-core==2.19.1 ## for RBAC in AAD azure-graphrbac==0.61.1 msal==1.9.0 -PyJWT==2.0.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL +PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 diff --git a/scout.py b/scout.py index 2c1607bd1..934905b87 100755 --- a/scout.py +++ b/scout.py @@ -9,7 +9,9 @@ # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] # sys.argv = ['scout.py', 'azure', '--msi', '--force'] - sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + sys.argv = ['scout.py', 'azure', '-s', '--tenant', '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From 2a5f431adf69eb3019751dd46437582c2bbcefd5 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Feb 2021 17:03:12 +0100 Subject: [PATCH 497/979] Removed match instances and vpcs callback in metadata --- ScoutSuite/providers/aws/metadata.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index 65548b270..c5e2187c1 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -182,8 +182,7 @@ "cols": 2, "path": "services.ec2.regions.id.vpcs.id.instances", "callbacks": [ - [ "match_instances_and_subnets_callback", { } ], - [ "match_instances_and_vpcs_callback", { } ] + [ "match_instances_and_subnets_callback", { } ] ] }, "security_groups": { From 48ba1c44e28f67cd61d34ab516928ef9b79d7ffe Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Feb 2021 17:05:05 +0100 Subject: [PATCH 498/979] Added match instances and vpcs to preprocessing along with the necessary methods --- ScoutSuite/providers/aws/provider.py | 42 ++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 1a29bb4bc..9691df794 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -80,6 +80,9 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): if 'ec2' in self.service_list and 'iam' in self.service_list: self._match_instances_and_roles() + if 'ec2' in self.service_list and 'vpc' in self.service_list: + self._match_instances_and_vpcs() + if 'awslambda' in self.service_list and 'iam' in self.service_list: self._match_lambdas_and_roles() @@ -410,15 +413,36 @@ def match_instances_and_subnets_callback(self, current_config, path, current_pat if instance_id not in subnet['instances']: subnet['instances'].append(instance_id) - def match_instances_and_vpcs_callback(self, current_config, path, current_path, instance_id, callback_args): - if 'ec2' in self.service_list and 'vpc' in self.service_list: # validate both services were included in run - subnet_id = current_config['SubnetId'] # get the subnet ID - if subnet_id: - vpc_data = self.subnet_map[subnet_id] # get the corresponding VPC ID and region - vpc = self.services['vpc']['regions'][vpc_data['region']]['vpcs'][vpc_data['vpc_id']] # find the VPC reference - manage_dictionary(vpc, 'instances', []) # initialize instances list for the VPC (if not already set) - if instance_id not in vpc['instances']: # if instance is not already mapped to the VPC - vpc['instances'].append(instance_id) # append EC2 instance ID to instance list in VPC + def _get_ec2_instances_details(self, details=None): + """ + Fetches a list of EC2 instances + + :param details [str]: (Optional) List of details to be included, if not specified, all details will be included + :return: A dictionary of EC2 instances with the specified details + """ + ec2_instances = {} + for ec2_region_id, ec2_region_data in self.services['ec2']['regions'].items(): + if ec2_region_data['instances_count'] > 0: + for region_vpc_id, region_vpc_data in ec2_region_data['vpcs'].items(): + if region_vpc_data['instances_count'] > 0: + for ec2_instance_id, ec2_instance_data in region_vpc_data['instances'].items(): + ec2_instances[ec2_instance_id] = ec2_instance_data.copy() + ec2_instances[ec2_instance_id]['region'] = ec2_region_id + ec2_instances[ec2_instance_id]['vpc'] = region_vpc_id + if details is not None: + for instance_key in ec2_instances.keys(): + for detail in list(ec2_instances[instance_key].keys()): + if detail not in details: + ec2_instances[instance_key].pop(detail, None) + return ec2_instances + + def _match_instances_and_vpcs(self): + ec2_instances = self._get_ec2_instances_details(['id', 'vpc', 'region']) # fetch all EC2 instances with only required fields + for instance in ec2_instances.values(): + vpc = self.services['vpc']['regions'][instance['region']]['vpcs'][instance['vpc']] # find the VPC reference + manage_dictionary(vpc, 'instances', []) # initialize instances list for the VPC (if not already set) + if instance['id'] not in vpc['instances']: # if instance is not already mapped to the VPC + vpc['instances'].append(instance['id']) # append EC2 instance ID to instance list in VPC def _match_instances_and_roles(self): if 'ec2' in self.service_list and 'iam' in self.service_list: # validate both services were included in run From f2b4cf55d4499e9159f6ae970cbcf3b9a6f5a48a Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Feb 2021 17:27:03 +0100 Subject: [PATCH 499/979] Removed match instances and subnets callback in metadata --- ScoutSuite/providers/aws/metadata.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index c5e2187c1..efd223944 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -181,9 +181,7 @@ "instances": { "cols": 2, "path": "services.ec2.regions.id.vpcs.id.instances", - "callbacks": [ - [ "match_instances_and_subnets_callback", { } ] - ] + "callbacks": [ ] }, "security_groups": { "cols": 2, From 063a8068d4785089899a920f588e10eb9306147a Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Thu, 11 Feb 2021 17:27:42 +0100 Subject: [PATCH 500/979] Added match instances and subnets to preprocessing --- ScoutSuite/providers/aws/provider.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 9691df794..8478cd426 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -82,6 +82,7 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): if 'ec2' in self.service_list and 'vpc' in self.service_list: self._match_instances_and_vpcs() + self._match_instances_and_subnets() if 'awslambda' in self.service_list and 'iam' in self.service_list: self._match_lambdas_and_roles() @@ -403,15 +404,13 @@ def match_network_acls_and_subnets_callback(self, current_config, path, current_ subnet = get_object_at(self, subnet_path) subnet['network_acl'] = acl_id - def match_instances_and_subnets_callback(self, current_config, path, current_path, instance_id, callback_args): - if 'ec2' in self.service_list and 'vpc' in self.service_list: # validate both services were included in run - subnet_id = current_config['SubnetId'] - if subnet_id: - vpc = self.subnet_map[subnet_id] - subnet = self.services['vpc']['regions'][vpc['region']]['vpcs'][vpc['vpc_id']]['subnets'][subnet_id] - manage_dictionary(subnet, 'instances', []) - if instance_id not in subnet['instances']: - subnet['instances'].append(instance_id) + def _match_instances_and_subnets(self): + ec2_instances = self._get_ec2_instances_details(['id', 'vpc', 'region', 'SubnetId']) # fetch all EC2 instances with only required fields + for instance in ec2_instances.values(): + subnet = self.services['vpc']['regions'][instance['region']]['vpcs'][instance['vpc']]['subnets'][instance['SubnetId']] # find the subnet reference + manage_dictionary(subnet, 'instances', []) # initialize instances list for the subnet (if not already set) + if instance['id'] not in subnet['instances']: # if instance is not already mapped to the subnet + subnet['instances'].append(instance['id']) # append EC2 instance ID to instance list in subnet def _get_ec2_instances_details(self, details=None): """ From a4a439cfe58fe99a7eb51ac8430bf0e5c092d4e7 Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 12:04:57 -0500 Subject: [PATCH 501/979] added safeguard for aad --- .../azure/authentication_strategy.py | 10 +++---- ScoutSuite/providers/azure/facade/aad.py | 26 ++++++++++++------- requirements.txt | 2 +- scout.py | 6 ++--- 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 49037117f..aabcfa5f9 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -22,11 +22,11 @@ def __init__(self, self.default_subscription_id = default_subscription_id self.context = context - def get_tenant_id(self): - if self.tenant_id: - return self.tenant_id - elif 'tenant_id' in self.identity_credentials['tenant_id']: - return self.identity_credentials['tenant_id'] + # def get_tenant_id(self): + # if self.tenant_id: + # return self.tenant_id + # elif 'tenant_id' in self.identity_credentials['tenant_id']: + # return self.identity_credentials['tenant_id'] # else: # # This is a last resort, e.g. for MSI authentication # try: diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 7167e39de..dca3103bd 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -33,9 +33,11 @@ async def get_users(self): try: # test = await self._get_microsoft_graph_response('users') # missing some necessary information for rules users_response_beta = await self._get_microsoft_graph_response('users', 'beta') - users = users_response_beta.get('value') - users_filtered = [d for d in users if d['userType'] in 'Guest'] - return users_filtered + if users_response_beta: + users = users_response_beta.get('value') + users_filtered = [d for d in users if d['userType'] in 'Guest'] + return users_filtered + return users_response_beta except Exception as e: print_exception(f'Failed to retrieve users: {e}') return [] @@ -54,8 +56,10 @@ async def get_user(self, user_id): async def get_groups(self): try: groups_response = await self._get_microsoft_graph_response('groups') - groups = groups_response.get('value') - return groups + if groups_response: + groups = groups_response.get('value') + return groups + return groups_response except Exception as e: print_exception(f'Failed to retrieve groups: {e}') return [] @@ -74,8 +78,10 @@ async def get_service_principals(self): try: # Need publisher name value for serviceprincipals.py. v1.0 does not have that value, thus we use beta service_principals_response_beta = await self._get_microsoft_graph_response('servicePrincipals', 'beta') - service_principals = service_principals_response_beta.get('value') - return service_principals + if service_principals_response_beta: + service_principals = service_principals_response_beta.get('value') + return service_principals + return service_principals_response_beta except Exception as e: print_exception(f'Failed to retrieve service principals: {e}') return [] @@ -83,8 +89,10 @@ async def get_service_principals(self): async def get_applications(self): try: applications_response = await self._get_microsoft_graph_response('applications') - applications = applications_response.get('value') - return applications + if applications_response: + applications = applications_response.get('value') + return applications + return applications_response except Exception as e: print_exception(f'Failed to retrieve applications: {e}') return [] diff --git a/requirements.txt b/requirements.txt index 867d04280..bc0c2463e 100755 --- a/requirements.txt +++ b/requirements.txt @@ -49,7 +49,7 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 azure-identity==1.5.0 -msgraphcore==0.0.2 +#msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider aliyun-python-sdk-core>=2.13.4 diff --git a/scout.py b/scout.py index 934905b87..28746e675 100755 --- a/scout.py +++ b/scout.py @@ -9,9 +9,9 @@ # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] # sys.argv = ['scout.py', 'azure', '--msi', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] - sys.argv = ['scout.py', 'azure', '-s', '--tenant', + sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + # sys.argv = ['scout.py', 'azure', '-s', '--tenant', + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From 5adc43fc0cdf451dc9323bf5b812ee9d5de2912d Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 12:32:41 -0500 Subject: [PATCH 502/979] requirement conflict fix --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index bc0c2463e..c66247077 100755 --- a/requirements.txt +++ b/requirements.txt @@ -34,7 +34,7 @@ httplib2shim>=0.0.3 azure-cli-core==2.19.1 ## for RBAC in AAD azure-graphrbac==0.61.1 -msal==1.9.0 +msal>=1.0.0 PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources azure-mgmt-resource==15.0.0 From b569f0d2a875a527f7b486ed4d9f10ec9002a2f4 Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 12:35:51 -0500 Subject: [PATCH 503/979] added safeguard for aad --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index c66247077..594dbf087 100755 --- a/requirements.txt +++ b/requirements.txt @@ -49,6 +49,7 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 azure-identity==1.5.0 +msal-extensions>=0.1.3 #msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider From 0e0b62063a062972729d87bca604daf676f3b90a Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 12:38:22 -0500 Subject: [PATCH 504/979] remove requirements to try and fix dependency conflicts --- requirements.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 594dbf087..2397f4a69 100755 --- a/requirements.txt +++ b/requirements.txt @@ -34,7 +34,6 @@ httplib2shim>=0.0.3 azure-cli-core==2.19.1 ## for RBAC in AAD azure-graphrbac==0.61.1 -msal>=1.0.0 PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources azure-mgmt-resource==15.0.0 @@ -49,7 +48,6 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 azure-identity==1.5.0 -msal-extensions>=0.1.3 #msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider From 7b7c276fe5b721109414ea889472e095496de533 Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 16:45:12 -0500 Subject: [PATCH 505/979] fix requirement.txt to include msgraphcore --- ScoutSuite/providers/azure/authentication_strategy.py | 5 ++--- requirements.txt | 6 +++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index aabcfa5f9..c6ce7aeb8 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -85,7 +85,8 @@ def authenticate(self, elif user_account_browser: - identity_credentials = InteractiveBrowserCredential(tenant_id=tenant_id) + identity_credentials = InteractiveBrowserCredential() + tenant_id = tenant_id elif service_principal: @@ -113,7 +114,6 @@ def authenticate(self, tenant_id=tenant_id ) - elif file_auth: data = json.loads(file_auth.read()) @@ -127,7 +127,6 @@ def authenticate(self, tenant_id=tenant_id ) - elif msi: identity_credentials = ManagedIdentityCredential(client_id=AZURE_CLI_CLIENT_ID) diff --git a/requirements.txt b/requirements.txt index 2397f4a69..42975dad4 100755 --- a/requirements.txt +++ b/requirements.txt @@ -36,6 +36,7 @@ azure-cli-core==2.19.1 azure-graphrbac==0.61.1 PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL ## for resources + azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 azure-mgmt-monitor==2.0.0 @@ -48,7 +49,10 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 azure-identity==1.5.0 -#msgraphcore==0.0.2 + +# Microsoft Graph client library still in test pypi not in production pypi +-i https://test.pypi.org/simple +msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider aliyun-python-sdk-core>=2.13.4 From fe4eb6889023ad530e7c6233875a87b4da36607c Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Thu, 11 Feb 2021 17:11:45 -0500 Subject: [PATCH 506/979] Remove cli-core from packages --- ScoutSuite/providers/azure/authentication_strategy.py | 2 +- requirements.txt | 1 - scout.py | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index aabcfa5f9..2c2f37983 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -2,7 +2,7 @@ import logging from getpass import getpass -from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ +from azure.identity import UsernamePasswordCredential,AzureCliCredential, ClientSecretCredential, \ ManagedIdentityCredential, InteractiveBrowserCredential from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException diff --git a/requirements.txt b/requirements.txt index bc0c2463e..b50901379 100755 --- a/requirements.txt +++ b/requirements.txt @@ -31,7 +31,6 @@ httplib2shim>=0.0.3 # Azure Provider ## core requirements -azure-cli-core==2.19.1 ## for RBAC in AAD azure-graphrbac==0.61.1 msal==1.9.0 diff --git a/scout.py b/scout.py index 28746e675..0a22df5d1 100755 --- a/scout.py +++ b/scout.py @@ -12,6 +12,6 @@ sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] # sys.argv = ['scout.py', 'azure', '-s', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5','--force'] sys.exit(run_from_cli()) From f2a0ccb455e4c43582d58150a47ca8ed685ff405 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Thu, 11 Feb 2021 17:46:02 -0500 Subject: [PATCH 507/979] Update requirements --- requirements.txt | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/requirements.txt b/requirements.txt index 8803fc504..850103113 100755 --- a/requirements.txt +++ b/requirements.txt @@ -29,13 +29,10 @@ oauth2client>=4.1.3 ## Necessary since API Client Libraries are not thread-safe httplib2shim>=0.0.3 -# Azure Provider -## core requirements -## for RBAC in AAD -azure-graphrbac==0.61.1 -PyJWT==1.7.1 # FIXME - this is currently required due to the MSAL dependency but should be removed once we switch to ADAL -## for resources +#for authentication +azure-identity==1.5.0 +## for resources azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 azure-mgmt-monitor==2.0.0 @@ -47,7 +44,6 @@ azure-mgmt-redis==12.0.0 azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 -azure-identity==1.5.0 # Microsoft Graph client library still in test pypi not in production pypi -i https://test.pypi.org/simple From fd1d78515c8dffa81f67712771675ce600a21006 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Thu, 11 Feb 2021 18:17:42 -0500 Subject: [PATCH 508/979] Add msgraphcore in setup.py: --- requirements.txt | 6 ++---- setup.py | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/requirements.txt b/requirements.txt index 850103113..2eafb4bde 100755 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # Core python-dateutil<2.8.1,>=2.1 -netaddr>=0.7.11 +netaddr>=0.8.0 sqlitedict>=1.6.0 cherrypy>=18.1.0 cherrypy-cors>=1.6 @@ -45,9 +45,6 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 -# Microsoft Graph client library still in test pypi not in production pypi --i https://test.pypi.org/simple -msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider aliyun-python-sdk-core>=2.13.4 @@ -63,3 +60,4 @@ oss2>=2.8.0 # Oracle Cloud Infrastructure Provider oci>=2.2.4 + diff --git a/setup.py b/setup.py index d9c07febe..9571514db 100755 --- a/setup.py +++ b/setup.py @@ -45,7 +45,7 @@ ] }, include_package_data=True, - install_requires=requirements, + install_requires=requirements+['--index-url https://test.pypi.org/simple msgraphcore'], license='GNU General Public License v2 (GPLv2)', classifiers=[ 'Development Status :: 5 - Production/Stable', @@ -59,5 +59,5 @@ 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8' - ], + ] ) From c070ec60197f1cbca70a2283e728bd81a3caf487 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Thu, 11 Feb 2021 18:33:51 -0500 Subject: [PATCH 509/979] modify requirements.txt --- requirements.txt | 2 ++ setup.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2eafb4bde..492679b3f 100755 --- a/requirements.txt +++ b/requirements.txt @@ -45,6 +45,8 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 +--extra-index-url https://test.pypi.org/simple +msgraphcore==0.0.2 # Aliyun / Alibaba Cloud Provider aliyun-python-sdk-core>=2.13.4 diff --git a/setup.py b/setup.py index 9571514db..b046afda9 100755 --- a/setup.py +++ b/setup.py @@ -45,7 +45,7 @@ ] }, include_package_data=True, - install_requires=requirements+['--index-url https://test.pypi.org/simple msgraphcore'], + install_requires=requirements, license='GNU General Public License v2 (GPLv2)', classifiers=[ 'Development Status :: 5 - Production/Stable', From e31a6381080130a479bfaa0d8b96a51aacef39ce Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 19:24:17 -0500 Subject: [PATCH 510/979] fix failed tests --- scout.py | 9 --------- tests/test_azure_provider.py | 38 +++++++++++++++++++++++++++++++----- tests/test_scoutsuite.py | 2 +- 3 files changed, 34 insertions(+), 15 deletions(-) diff --git a/scout.py b/scout.py index 0a22df5d1..4758e6d06 100755 --- a/scout.py +++ b/scout.py @@ -5,13 +5,4 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - # sys.argv = ['scout.py', 'azure', '--cli', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] - - # sys.argv = ['scout.py', 'azure', '--msi', '--force'] - sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] - # sys.argv = ['scout.py', 'azure', '-s', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5','--force'] - sys.exit(run_from_cli()) diff --git a/tests/test_azure_provider.py b/tests/test_azure_provider.py index 709f12d3a..df9ea4863 100755 --- a/tests/test_azure_provider.py +++ b/tests/test_azure_provider.py @@ -10,18 +10,46 @@ # Test methods for Azure Provider class TestAzureProviderClass(unittest.TestCase): - @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UserPassCredentials") - def test_authenticate(self, mock_UserPassCredentials): + @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UsernamePasswordCredential") + def test_authenticate(self, mock_UsernamePasswordCrdential): azure_authentication_strategy = get_authentication_strategy("azure") result = azure_authentication_strategy.authenticate( user_account=True, + client_id='04b07795-8ddb-461a-bbee-02f9e1bf7b46', + tenant_id='some-tenant-id', username='some-username', - password='some-password' + password='some-password', + authority='https://login.microsoftonline.com/' ) - mock_UserPassCredentials.assert_called_with('some-username', 'some-password', - resource='https://graph.windows.net') + mock_UsernamePasswordCrdential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username', + 'some-password', + authority='https://login.microsoftonline.com/', + tenant_id='some-tenant-id') + assert isinstance(result, AzureCredentials) + + # exception test + with pytest.raises(AuthenticationException): + result = azure_authentication_strategy.authenticate(None, None, None, None) + + @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UsernamePasswordCredential") + def test_authenticate(self, mock_UsernamePasswordCrdential): + azure_authentication_strategy = get_authentication_strategy("azure") + + result = azure_authentication_strategy.authenticate( + user_account=True, + client_id='04b07795-8ddb-461a-bbee-02f9e1bf7b46', + tenant_id='some-tenant-id', + username='some-username', + password='some-password', + authority='https://login.microsoftonline.com/' + ) + + mock_UsernamePasswordCrdential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username', + 'some-password', + authority='https://login.microsoftonline.com/', + tenant_id='some-tenant-id') assert isinstance(result, AzureCredentials) # exception test diff --git a/tests/test_scoutsuite.py b/tests/test_scoutsuite.py index c2cac12a4..c07c4ee95 100755 --- a/tests/test_scoutsuite.py +++ b/tests/test_scoutsuite.py @@ -42,7 +42,7 @@ def test_scout_suite_help(self): command = './scout.py --help' process = subprocess.Popen(command, shell=True, stdout=None) process.wait() - assert process.returncode == 0 + assert process.returncode == 102 @pytest.mark.xfail def test_scout_suite_default_run(self): From 30f73c4ae59114d7d53a963b07ed41aa3ee2cbd5 Mon Sep 17 00:00:00 2001 From: Sophie Date: Thu, 11 Feb 2021 19:27:43 -0500 Subject: [PATCH 511/979] fix failed tests --- tests/test_scoutsuite.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_scoutsuite.py b/tests/test_scoutsuite.py index c07c4ee95..c2cac12a4 100755 --- a/tests/test_scoutsuite.py +++ b/tests/test_scoutsuite.py @@ -42,7 +42,7 @@ def test_scout_suite_help(self): command = './scout.py --help' process = subprocess.Popen(command, shell=True, stdout=None) process.wait() - assert process.returncode == 102 + assert process.returncode == 0 @pytest.mark.xfail def test_scout_suite_default_run(self): From 67830ea39e8a2c4aa8192e84ae7f46d24359952b Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Fri, 12 Feb 2021 12:43:06 -0500 Subject: [PATCH 512/979] MSI update --- .../providers/azure/authentication_strategy.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 9b496b11e..c74f6dedd 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,6 +1,8 @@ import json import logging from getpass import getpass +from azure.common.credentials import get_cli_profile + from azure.identity import UsernamePasswordCredential,AzureCliCredential, ClientSecretCredential, \ ManagedIdentityCredential, InteractiveBrowserCredential @@ -22,11 +24,14 @@ def __init__(self, self.default_subscription_id = default_subscription_id self.context = context - # def get_tenant_id(self): - # if self.tenant_id: - # return self.tenant_id - # elif 'tenant_id' in self.identity_credentials['tenant_id']: - # return self.identity_credentials['tenant_id'] + def get_tenant_id(self): + if self.tenant_id: + return self.tenant_id + elif hasattr(self.identity_credentials,'tenant_id'): + return self.identity_credentials['tenant_id'] + else: + cli_profile =get_cli_profile() + x=0 # else: # # This is a last resort, e.g. for MSI authentication # try: @@ -128,7 +133,7 @@ def authenticate(self, ) elif msi: - identity_credentials = ManagedIdentityCredential(client_id=AZURE_CLI_CLIENT_ID) + identity_credentials = ManagedIdentityCredential() else: raise AuthenticationException('Unknown authentication method') From 6b4a72d076e3d3bef07df70bc0a99617c067cc94 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Fri, 12 Feb 2021 14:37:09 -0500 Subject: [PATCH 513/979] Update imports --- ScoutSuite/providers/azure/authentication_strategy.py | 5 ++--- ScoutSuite/providers/azure/provider.py | 2 +- scout.py | 9 +++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index c74f6dedd..76f8c88e6 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,7 +1,6 @@ import json import logging from getpass import getpass -from azure.common.credentials import get_cli_profile from azure.identity import UsernamePasswordCredential,AzureCliCredential, ClientSecretCredential, \ @@ -30,8 +29,8 @@ def get_tenant_id(self): elif hasattr(self.identity_credentials,'tenant_id'): return self.identity_credentials['tenant_id'] else: - cli_profile =get_cli_profile() - x=0 + x= self.identity_credentials.get_token("https://graph.windows.net/") + return x # else: # # This is a last resort, e.g. for MSI authentication # try: diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index 54107d5aa..6f4c11b58 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -37,7 +37,7 @@ def __init__(self, self.all_subscriptions = all_subscriptions try: - self.account_id = self.credentials.get_tenant_id + self.account_id = self.credentials.get_tenant_id() except Exception as e: self.account_id = 'undefined' diff --git a/scout.py b/scout.py index 4758e6d06..8160caa87 100755 --- a/scout.py +++ b/scout.py @@ -5,4 +5,13 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": + sys.argv = ['scout.py', 'azure', '--cli', '--force'] + # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] + + # sys.argv = ['scout.py', 'azure', '--msi', '--force'] + # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + # sys.argv = ['scout.py', 'azure', '-s', '--tenant', + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5','--force'] + sys.exit(run_from_cli()) From 8f4bd021a76623f4c7333df585d9cd18e63b3ff3 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Fri, 12 Feb 2021 14:39:00 -0500 Subject: [PATCH 514/979] Update scout.py --- scout.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/scout.py b/scout.py index 8160caa87..315f58da1 100755 --- a/scout.py +++ b/scout.py @@ -5,13 +5,5 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - sys.argv = ['scout.py', 'azure', '--cli', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account', '--force'] - - # sys.argv = ['scout.py', 'azure', '--msi', '--force'] - # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] - # sys.argv = ['scout.py', 'azure', '-s', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5','--force'] sys.exit(run_from_cli()) From 84e7ef8c9917f3ddc3766e75864a82dc4562790e Mon Sep 17 00:00:00 2001 From: Sophie Date: Fri, 12 Feb 2021 16:35:30 -0500 Subject: [PATCH 515/979] added azure-cli to requirements --- requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/requirements.txt b/requirements.txt index 492679b3f..4d3f47abc 100755 --- a/requirements.txt +++ b/requirements.txt @@ -45,6 +45,8 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 +azure-cli==2.19.1 + --extra-index-url https://test.pypi.org/simple msgraphcore==0.0.2 From 1a5b375e485a4662e152631879e24c69eed3fa67 Mon Sep 17 00:00:00 2001 From: Sophie Date: Fri, 12 Feb 2021 16:39:53 -0500 Subject: [PATCH 516/979] remove azure-cli from requirements --- requirements.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 4d3f47abc..492679b3f 100755 --- a/requirements.txt +++ b/requirements.txt @@ -45,8 +45,6 @@ azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 -azure-cli==2.19.1 - --extra-index-url https://test.pypi.org/simple msgraphcore==0.0.2 From 5ae995619eef1e5ab8c7753e04f21a33b9b35291 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 15 Feb 2021 12:04:41 +0100 Subject: [PATCH 517/979] Wording change --- ScoutSuite/providers/gcp/facade/base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index b59c818ed..e042d3295 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -120,8 +120,8 @@ async def _get_projects_recursively(self, parent_type, parent_id): if project['lifecycleState'] == "ACTIVE": projects.append(project) else: - print_exception('No Projects Found: ' - 'You may have specified a non-existing organization/folder/project?') + print_exception('No Projects Found, ' + 'you may have specified a non-existing Organization, Folder or Project') except Exception as e: try: From 24b28d1248e0df036853e1eebb85ebfbff88b16f Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 15 Feb 2021 12:20:00 +0100 Subject: [PATCH 518/979] Add check for redis --- ScoutSuite/providers/gcp/facade/base.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index e042d3295..90b3d2bd9 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -168,6 +168,8 @@ async def is_api_enabled(self, project_id, service): endpoint = 'logging' elif service == 'StackdriverMonitoring': endpoint = 'monitoring' + elif service == 'MemoryStore': + endpoint = 'redis' else: print_debug('Could not validate the state of the {} API for project \"{}\", ' 'including it in the execution'.format(format_service_name(service.lower()), project_id)) From 8758b235c18c5b16511f044cf2365aebc9d42624 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 15 Feb 2021 12:23:16 +0100 Subject: [PATCH 519/979] Improve error output --- ScoutSuite/providers/gcp/facade/gce.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index c725f96ae..ed220176d 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -69,7 +69,7 @@ async def get_project(self, project_id): lambda: gce_client.projects().get(project=project_id).execute() ) except Exception as e: - print_exception(f'Failed to retrieve project: {e}') + print_exception(f'Failed to retrieve GCE project: {e}') return None async def get_regions(self, project_id): From ceb69fec88f72892822bb7e74afe14ac8a6e1210 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Mon, 15 Feb 2021 09:47:45 -0500 Subject: [PATCH 520/979] Get tenant_id for CLI with a token --- .../azure/authentication_strategy.py | 26 +++++++++---------- scout.py | 3 ++- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 76f8c88e6..c4ce321e6 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,7 +1,8 @@ import json import logging from getpass import getpass - +import requests +from ScoutSuite.core.console import print_exception from azure.identity import UsernamePasswordCredential,AzureCliCredential, ClientSecretCredential, \ ManagedIdentityCredential, InteractiveBrowserCredential @@ -28,19 +29,18 @@ def get_tenant_id(self): return self.tenant_id elif hasattr(self.identity_credentials,'tenant_id'): return self.identity_credentials['tenant_id'] + else: - x= self.identity_credentials.get_token("https://graph.windows.net/") - return x - # else: - # # This is a last resort, e.g. for MSI authentication - # try: - # h = {'Authorization': 'Bearer {}'.format(self.identity_credentials._cache.CredentialType.ACCESS_TOKEN)} - # r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) - # r2 = r.json() - # return r2.get('value')[0].get('tenantId') - # except Exception as e: - # print_exception('Unable to infer tenant ID: {}'.format(e)) - # return None + # Additional request for CLI & MSI authentication + try: + access_token = self.identity_credentials.get_token("https://management.core.windows.net/") + h = {'Authorization': 'Bearer {}'.format(access_token.token)} + r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) + r2 = r.json() + return r2.get('value')[0].get('tenantId') + except Exception as e: + print_exception('Unable to infer tenant ID: {}'.format(e)) + return None def get_credentials(self): return self.identity_credentials diff --git a/scout.py b/scout.py index 315f58da1..8ce410feb 100755 --- a/scout.py +++ b/scout.py @@ -5,5 +5,6 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - + sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From 635b173c31ed5ff8cf3c7fff66dc5482eb48f9ff Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Mon, 15 Feb 2021 09:53:15 -0500 Subject: [PATCH 521/979] Cleanup --- scout.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scout.py b/scout.py index 8ce410feb..315f58da1 100755 --- a/scout.py +++ b/scout.py @@ -5,6 +5,5 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + sys.exit(run_from_cli()) From 7329187ccf8b2c862023d88ce419c7379e0e4481 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Mon, 15 Feb 2021 14:12:00 -0500 Subject: [PATCH 522/979] Correct string format --- ScoutSuite/__main__.py | 2 ++ ScoutSuite/providers/azure/authentication_strategy.py | 7 +++++-- ScoutSuite/providers/azure/facade/storageaccounts.py | 1 + scout.py | 6 ++++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index f9a879973..8cab6a9f9 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -2,6 +2,7 @@ import copy import os import webbrowser +from time import sleep from asyncio_throttle import Throttler from ScoutSuite import ERRORS_LIST @@ -233,6 +234,7 @@ async def _run(provider, # Create a new report try: + sleep(7200) report_name = report_name if report_name else cloud_provider.get_report_name() report = ScoutReport(cloud_provider.provider_code, report_name, diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index c4ce321e6..f7511443a 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,6 +1,8 @@ import json import logging from getpass import getpass +from time import sleep + import requests from ScoutSuite.core.console import print_exception @@ -34,12 +36,12 @@ def get_tenant_id(self): # Additional request for CLI & MSI authentication try: access_token = self.identity_credentials.get_token("https://management.core.windows.net/") - h = {'Authorization': 'Bearer {}'.format(access_token.token)} + h = {'Authorization': f'Bearer {access_token.token}'} r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) r2 = r.json() return r2.get('value')[0].get('tenantId') except Exception as e: - print_exception('Unable to infer tenant ID: {}'.format(e)) + print_exception(f'Unable to infer tenant ID: {e}') return None def get_credentials(self): @@ -92,6 +94,7 @@ def authenticate(self, identity_credentials = InteractiveBrowserCredential() tenant_id = tenant_id + elif service_principal: if not tenant_id: diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 05a37d310..7d4886d9d 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -1,4 +1,5 @@ import datetime +from time import sleep from azure.mgmt.monitor import MonitorManagementClient from azure.mgmt.storage import StorageManagementClient diff --git a/scout.py b/scout.py index 315f58da1..cee74aaea 100755 --- a/scout.py +++ b/scout.py @@ -5,5 +5,11 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": + # sys.argv = ['scout.py', 'azure', '--cli', '--force'] + sys.argv = ['scout.py', 'azure', '--service-principal', '--force','--tenant', + '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] + + # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', + # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From bce26ad4f3f3ee4484e2d3bc533ae999352aee00 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Mon, 15 Feb 2021 14:21:27 -0500 Subject: [PATCH 523/979] Cleanup --- ScoutSuite/__main__.py | 2 -- scout.py | 6 ------ 2 files changed, 8 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 8cab6a9f9..f9a879973 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -2,7 +2,6 @@ import copy import os import webbrowser -from time import sleep from asyncio_throttle import Throttler from ScoutSuite import ERRORS_LIST @@ -234,7 +233,6 @@ async def _run(provider, # Create a new report try: - sleep(7200) report_name = report_name if report_name else cloud_provider.get_report_name() report = ScoutReport(cloud_provider.provider_code, report_name, diff --git a/scout.py b/scout.py index cee74aaea..315f58da1 100755 --- a/scout.py +++ b/scout.py @@ -5,11 +5,5 @@ from ScoutSuite.__main__ import run_from_cli if __name__ == "__main__": - # sys.argv = ['scout.py', 'azure', '--cli', '--force'] - sys.argv = ['scout.py', 'azure', '--service-principal', '--force','--tenant', - '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] - - # sys.argv = ['scout.py', 'azure', '--user-account-browser', '--force', '--tenant', - # '0cc90829-0d8e-40d6-ba9c-aea092ba7de5'] sys.exit(run_from_cli()) From 09d5783e77bf84fe23267332c7e45d38864d9a43 Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 16 Feb 2021 12:26:25 +0100 Subject: [PATCH 524/979] Add support for GCP firewall logs status --- .../gcp/services.computeengine.projects.id.firewalls.html | 3 ++- ScoutSuite/providers/gcp/resources/gce/firewalls.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html index 863ead6d7..2dbab4c0f 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.firewalls.html @@ -9,10 +9,11 @@

      Information

      Firewall name: {{name}}
      Project ID: {{project_id}}
      Description: {{description}}
      +
      Disabled: {{disabled}}
      Network: {{getValueAt 'services.computeengine.projects' @../key 'networks' network_id 'name'}}
      Creation Date: {{format_date creation_timestamp}}
      Priority: {{priority}}
      -
      Disabled: {{disabled}}
      +
      Logs: {{convert_bool_to_enabled logs}}

      Configuration

      diff --git a/ScoutSuite/providers/gcp/resources/gce/firewalls.py b/ScoutSuite/providers/gcp/resources/gce/firewalls.py index 6879ca0df..394e9928c 100755 --- a/ScoutSuite/providers/gcp/resources/gce/firewalls.py +++ b/ScoutSuite/providers/gcp/resources/gce/firewalls.py @@ -29,6 +29,8 @@ def _parse_firewall(self, raw_firewall): firewall_dict['target_tags'] = raw_firewall.get('targetTags', []) firewall_dict['direction'] = raw_firewall['direction'] firewall_dict['disabled'] = raw_firewall['disabled'] + firewall_dict['logs'] = raw_firewall['logConfig'].get('enable', False) + self._parse_firewall_rules(firewall_dict, raw_firewall) return firewall_dict['id'], firewall_dict From 90d876d2efbb25fe1020a092d9fd02795f5b24da Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 16 Feb 2021 12:32:06 +0100 Subject: [PATCH 525/979] Sort ruleset --- ScoutSuite/providers/gcp/rules/rulesets/default.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 8721c403e..bd5117f0e 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -308,13 +308,13 @@ "level": "warning" } ], - "memorystore-redis-instance-ssl-not-required.json": [ + "memorystore-redis-instance-auth-not-enabled.json": [ { "enabled": true, "level": "warning" } ], - "memorystore-redis-instance-auth-not-enabled.json": [ + "memorystore-redis-instance-ssl-not-required.json": [ { "enabled": true, "level": "warning" From e37f00e06d8e67cae31312af5a4c77762462bb5a Mon Sep 17 00:00:00 2001 From: xga Date: Tue, 16 Feb 2021 12:38:44 +0100 Subject: [PATCH 526/979] Format findings --- .../findings/iam-root-account-with-active-keys.json | 3 +-- .../memorystore-redis-instance-auth-not-enabled.json | 11 +++++------ .../memorystore-redis-instance-ssl-not-required.json | 4 ++-- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json index 763cd05d0..8c2592bfe 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json @@ -24,7 +24,6 @@ "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-use", "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_review-access", "https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html#best-practices_mgmt-acct_document-processes" - ], "dashboard_name": "Root account", "path": "iam.credential_reports.id", @@ -49,4 +48,4 @@ ] ] ] -} +}} diff --git a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json index 116ddc392..edf8cb96d 100755 --- a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-auth-not-enabled.json @@ -1,8 +1,7 @@ { "description": "Memory Instance Allows Unauthenticated Connections", "rationale": "All incoming connections to Cloud Memorystore databases should require the use of authentication and SSL.", - "compliance": [ - ], + "compliance": [], "references": [ "https://cloud.google.com/memorystore/docs/redis/managing-auth" ], @@ -11,10 +10,10 @@ "conditions": [ "and", [ - "cloudmemorystore.projects.id.redis_instances.id.auth_enabled", - "false", - "" + "cloudmemorystore.projects.id.redis_instances.id.auth_enabled", + "false", + "" ] ], "id_suffix": "auth_enabled" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json index 7828d853a..68d6a7ad5 100755 --- a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json +++ b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json @@ -1,8 +1,7 @@ { "description": "Memory Instance Not Requiring SSL for Incoming Connections", "rationale": "All incoming connections to Cloud Memorystore databases should require the use of SSL.", - "compliance": [ - ], + "compliance": [], "references": [ "https://cloud.google.com/memorystore/docs/redis/securing-tls-connections" ], @@ -17,4 +16,5 @@ ] ], "id_suffix": "ssl_required" +}ed" } From c80463713c0c1839246cf7a01333be147a359f55 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 16 Feb 2021 08:46:04 -0500 Subject: [PATCH 527/979] Set logging level to error for azure auth --- ScoutSuite/__main__.py | 1 - ScoutSuite/providers/azure/authentication_strategy.py | 8 ++------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index f9a879973..ff1ca56e9 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -1,5 +1,4 @@ import asyncio -import copy import os import webbrowser diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index f7511443a..cd3e02532 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -1,7 +1,6 @@ import json import logging from getpass import getpass -from time import sleep import requests from ScoutSuite.core.console import print_exception @@ -65,11 +64,8 @@ def authenticate(self, try: # Set logging level to error for libraries as otherwise generates a lot of warnings - logging.getLogger('adal-python').setLevel(logging.ERROR) - logging.getLogger('msrest').setLevel(logging.ERROR) - logging.getLogger('msrestazure.azure_active_directory').setLevel(logging.ERROR) - logging.getLogger('urllib3').setLevel(logging.ERROR) - logging.getLogger('cli.azure.cli.core').setLevel(logging.ERROR) + logging.getLogger('azure.identity').setLevel(logging.ERROR) + logging.getLogger('azure.core.pipeline').setLevel(logging.ERROR) context = None From 70d5314c4f0eb6b3297bb427ac8b4e5c0c8bf4a2 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 16 Feb 2021 08:49:38 -0500 Subject: [PATCH 528/979] Update disks properties --- ScoutSuite/providers/azure/resources/virtualmachines/disks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py index 28dfe1ab9..fd4c8b520 100644 --- a/ScoutSuite/providers/azure/resources/virtualmachines/disks.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/disks.py @@ -28,13 +28,13 @@ def _parse_disk(self, raw_disk): disk_dict['zones'] = raw_disk.zones disk_dict['time_created'] = raw_disk.time_created disk_dict['os_type'] = raw_disk.os_type - disk_dict['hyper_vgeneration'] = raw_disk.hyper_vgeneration + disk_dict['hyper_vgeneration'] = raw_disk.hyper_v_generation disk_dict['creation_data'] = raw_disk.creation_data disk_dict['disk_size_gb'] = raw_disk.disk_size_gb disk_dict['disk_size_bytes'] = getattr(raw_disk, 'disk_size_bytes', None) disk_dict['provisioning_state'] = raw_disk.provisioning_state disk_dict['disk_iops_read_write'] = raw_disk.disk_iops_read_write - disk_dict['disk_mbps_read_write'] = raw_disk.disk_mbps_read_write + disk_dict['disk_mbps_read_write'] = raw_disk.disk_m_bps_read_write disk_dict['disk_state'] = raw_disk.disk_state disk_dict['additional_properties'] = raw_disk.additional_properties From e3850327067b729baf3a3b4cac4b604d571439ae Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 16 Feb 2021 09:24:44 -0500 Subject: [PATCH 529/979] Add test for CLI --- tests/test_azure_provider.py | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/tests/test_azure_provider.py b/tests/test_azure_provider.py index df9ea4863..66f837431 100755 --- a/tests/test_azure_provider.py +++ b/tests/test_azure_provider.py @@ -11,7 +11,7 @@ # Test methods for Azure Provider class TestAzureProviderClass(unittest.TestCase): @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UsernamePasswordCredential") - def test_authenticate(self, mock_UsernamePasswordCrdential): + def test_authenticate(self, mock_UsernamePasswordCredential): azure_authentication_strategy = get_authentication_strategy("azure") result = azure_authentication_strategy.authenticate( @@ -23,33 +23,27 @@ def test_authenticate(self, mock_UsernamePasswordCrdential): authority='https://login.microsoftonline.com/' ) - mock_UsernamePasswordCrdential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username', + mock_UsernamePasswordCredential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username', 'some-password', - authority='https://login.microsoftonline.com/', - tenant_id='some-tenant-id') + authority='https://login.microsoftonline.com/', + tenant_id='some-tenant-id') assert isinstance(result, AzureCredentials) # exception test with pytest.raises(AuthenticationException): result = azure_authentication_strategy.authenticate(None, None, None, None) - @mock.patch("ScoutSuite.providers.azure.authentication_strategy.UsernamePasswordCredential") - def test_authenticate(self, mock_UsernamePasswordCrdential): + @mock.patch("ScoutSuite.providers.azure.authentication_strategy.AzureCliCredential") + def test_authenticate_CLI(self, mock_AzureCliCredential): azure_authentication_strategy = get_authentication_strategy("azure") result = azure_authentication_strategy.authenticate( - user_account=True, + cli=True, client_id='04b07795-8ddb-461a-bbee-02f9e1bf7b46', - tenant_id='some-tenant-id', - username='some-username', - password='some-password', authority='https://login.microsoftonline.com/' ) - mock_UsernamePasswordCrdential.assert_called_with('04b07795-8ddb-461a-bbee-02f9e1bf7b46', 'some-username', - 'some-password', - authority='https://login.microsoftonline.com/', - tenant_id='some-tenant-id') + mock_AzureCliCredential.assert_called_with() assert isinstance(result, AzureCredentials) # exception test From 76532059849856fc045a31383d3d6eca3d9d420b Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Tue, 16 Feb 2021 15:05:54 -0500 Subject: [PATCH 530/979] Update ScoutSuite/providers/azure/authentication_strategy.py Co-authored-by: Xavier Garceau-Aranda --- ScoutSuite/providers/azure/authentication_strategy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index cd3e02532..5868a0048 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -80,7 +80,7 @@ def authenticate(self, username = username if username else input("Username: ") password = password if password else getpass("Password: ") else: - raise AuthenticationException('Username, Tenant ID and/or password not set') + raise AuthenticationException('Username, password and/or Tenant ID not set') identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password, authority=AUTHORITY_HOST_URI, tenant_id=tenant_id) From 070a5ef7e1d58b338e53a5eb51bfea63162f467f Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Tue, 16 Feb 2021 15:45:11 -0500 Subject: [PATCH 531/979] resolve comments --- ScoutSuite/core/cli_parser.py | 7 +++++-- ScoutSuite/providers/azure/authentication_strategy.py | 11 +---------- ScoutSuite/providers/azure/facade/aad.py | 6 ++++-- ScoutSuite/providers/azure/provider.py | 2 +- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index 8c1496cf8..c83fc4aad 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -392,12 +392,15 @@ def parse_args(self, args=None): 'and Secret Access Key.') # Azure elif v.get('provider') == 'azure': - if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser')): - self.parser.error('--tenant can only be set when using --user-account-browser or --service-principal authentication') + if v.get('tenant_id') and not (v.get('service_principal') or v.get('user_account_browser') or v.get('user_account')): + self.parser.error('--tenant can only be set when using --user-account-browser or --user-account or ' + '--service-principal authentication') if v.get('service_principal') and not v.get('tenant_id'): self.parser.error('You must provide --tenant when using --service-principal authentication') if v.get('user_account_browser') and not v.get('tenant_id'): self.parser.error('You must provide --tenant when using --user-account-browser authentication') + if v.get('user_account')and not v.get('tenant_id'): + self.parser.error('You must provide --tenant when using --user-account authentication') if v.get('subscription_ids') and v.get('all_subscriptions'): self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options') diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index cd3e02532..bcecb054a 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -76,11 +76,10 @@ def authenticate(self, if not (username and password and tenant_id): if not programmatic_execution: - tenant_id = tenant_id if tenant_id else input("Tenant ID: ") username = username if username else input("Username: ") password = password if password else getpass("Password: ") else: - raise AuthenticationException('Username, Tenant ID and/or password not set') + raise AuthenticationException('Username or password not set') identity_credentials = UsernamePasswordCredential(AZURE_CLI_CLIENT_ID, username, password, authority=AUTHORITY_HOST_URI, tenant_id=tenant_id) @@ -88,8 +87,6 @@ def authenticate(self, elif user_account_browser: identity_credentials = InteractiveBrowserCredential() - tenant_id = tenant_id - elif service_principal: @@ -142,10 +139,4 @@ def authenticate(self, context) except Exception as e: - if ', AdalError: Unsupported wstrust endpoint version. ' \ - 'Current support version is wstrust2005 or wstrust13.' in e.args: - raise AuthenticationException( - 'You are likely authenticating with a Microsoft Account. ' - 'This authentication mode only support Azure Active Directory principal authentication.') - raise AuthenticationException(e) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index dca3103bd..48607a604 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -31,10 +31,13 @@ async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): async def get_users(self): try: - # test = await self._get_microsoft_graph_response('users') # missing some necessary information for rules + users_response_beta = await self._get_microsoft_graph_response('users', 'beta') if users_response_beta: users = users_response_beta.get('value') + # This filters down the users which are pulled from the directory, otherwise for large tenants this + # becomes out of hands + # See https://github.com/nccgroup/ScoutSuite/issues/698 users_filtered = [d for d in users if d['userType'] in 'Guest'] return users_filtered return users_response_beta @@ -44,7 +47,6 @@ async def get_users(self): async def get_user(self, user_id): try: - # test = await self._get_microsoft_graph_response('users') # missing some necessary information for rules user_response_beta = await self._get_microsoft_graph_response('users', 'beta') users = user_response_beta.get('value') users_filtered = [d for d in users if d['id'] in user_id] diff --git a/ScoutSuite/providers/azure/provider.py b/ScoutSuite/providers/azure/provider.py index 6f4c11b58..4da8d9ed8 100755 --- a/ScoutSuite/providers/azure/provider.py +++ b/ScoutSuite/providers/azure/provider.py @@ -56,7 +56,7 @@ def get_report_name(self): Returns the name of the report using the provider's configuration """ try: - return f'azure-tenant-{self.credentials.get_tenant_id}' + return f'azure-tenant-{self.credentials.get_tenant_id()}' except Exception as e: print_exception(f'Unable to define report name: {e}') return 'azure' From db827e3d8e36e3bc7adcb8c62f2453960353c2ef Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 17 Feb 2021 09:31:00 +0100 Subject: [PATCH 532/979] Update README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a3430db33..a890a8a0f 100755 --- a/README.md +++ b/README.md @@ -60,5 +60,7 @@ It features: - Multi-vendor support - AWS, Azure and GCP public cloud accounts - Agnostic platform - a trusted third-party tool +Additional details can be found in the [wiki](https://github.com/nccgroup/ScoutSuite/wiki/NCC-Scout). + **NCC Scout now has a free tier under our "Freemium" offering**. -This offering provides access to NCC Group’s extended scanning rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring. +This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring. From 7e7c6c39686d732897a1621f78f67a6327196d24 Mon Sep 17 00:00:00 2001 From: xga Date: Wed, 17 Feb 2021 14:19:27 +0100 Subject: [PATCH 533/979] Upgrade library --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 659723227..c714205d6 100755 --- a/requirements.txt +++ b/requirements.txt @@ -18,7 +18,7 @@ grpcio>=1.18.0 google-cloud-container>=2.1.0 google-cloud-core>=0.29.1 google-cloud-iam>=0.1.0 -google-cloud-logging>=1.15.0 +google-cloud-logging>=2.2.0 google-cloud-monitoring==1.1.0 google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 From 4a0b347029f0f70f6f02705e8ccc3815962fc0d3 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 17 Feb 2021 08:39:13 -0500 Subject: [PATCH 534/979] Cleanup --- ScoutSuite/providers/azure/authentication_strategy.py | 2 +- ScoutSuite/providers/azure/facade/storageaccounts.py | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 5d37cd212..e80dd9d75 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -74,7 +74,7 @@ def authenticate(self, elif user_account: - if not (username and password and tenant_id): + if not (username and password): if not programmatic_execution: username = username if username else input("Username: ") password = password if password else getpass("Password: ") diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index 7d4886d9d..f6bd3282c 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -1,6 +1,4 @@ import datetime -from time import sleep - from azure.mgmt.monitor import MonitorManagementClient from azure.mgmt.storage import StorageManagementClient From edd8a7acd80809b2e4fb8df4193c40eeda567a00 Mon Sep 17 00:00:00 2001 From: xnkevinnguyen Date: Wed, 17 Feb 2021 11:35:12 -0500 Subject: [PATCH 535/979] Raise exception for microsoft account error --- .../providers/azure/authentication_strategy.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index e80dd9d75..26d190499 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -34,7 +34,7 @@ def get_tenant_id(self): else: # Additional request for CLI & MSI authentication try: - access_token = self.identity_credentials.get_token("https://management.core.windows.net/") + access_token = self.identity_credentials.get_token("https://management.core.windows.net/.default") h = {'Authorization': f'Bearer {access_token.token}'} r = requests.get('https://management.azure.com/tenants?api-version=2020-01-01', headers=h) r2 = r.json() @@ -133,10 +133,21 @@ def authenticate(self, else: raise AuthenticationException('Unknown authentication method') + # Getting token to authenticate and detect AuthenticationException + identity_credentials.get_token("https://management.core.windows.net/.default") + return AzureCredentials( identity_credentials, tenant_id, subscription_id, context) except Exception as e: + if 'Authentication failed: Unable to find wstrust endpoint from MEX. This typically happens when ' \ + 'attempting MSA accounts. More details available here. ' \ + 'https://github.com/AzureAD/microsoft-authentication-library-for-python/' \ + 'wiki/Username-Password-Authentication' in e.args: + + raise AuthenticationException( + 'You are likely authenticating with a Microsoft Account. ' + 'This authentication mode only support Azure Active Directory principal authentication.') raise AuthenticationException(e) From 515ef77725661b8401819ba5fc675eb659f583d9 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 17 Feb 2021 11:53:13 -0500 Subject: [PATCH 536/979] filter user_type for guest in the get function and not after --- ScoutSuite/providers/azure/facade/aad.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 48607a604..413233d0f 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -16,7 +16,6 @@ async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): client = GraphSession(self.credentials.get_credentials(), scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) - try: response = client.get(endpoint) if response.status_code == 200: @@ -31,15 +30,15 @@ async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): async def get_users(self): try: - - users_response_beta = await self._get_microsoft_graph_response('users', 'beta') + # This filters down the users which are pulled from the directory, otherwise for large tenants this + # becomes out of hands + # See https://github.com/nccgroup/ScoutSuite/issues/698 + user_filter = '?$filter=userType+eq+%27Guest%27' + api_resource_with_filter = 'users' + user_filter + users_response_beta = await self._get_microsoft_graph_response(api_resource_with_filter, 'beta') if users_response_beta: users = users_response_beta.get('value') - # This filters down the users which are pulled from the directory, otherwise for large tenants this - # becomes out of hands - # See https://github.com/nccgroup/ScoutSuite/issues/698 - users_filtered = [d for d in users if d['userType'] in 'Guest'] - return users_filtered + return users return users_response_beta except Exception as e: print_exception(f'Failed to retrieve users: {e}') From d60bce7d04ff9acdf5be9ad0f0198ecf92639118 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 17 Feb 2021 12:17:25 -0500 Subject: [PATCH 537/979] all filter for users and groups are done in the get request and not after --- ScoutSuite/providers/azure/facade/aad.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 413233d0f..3b3c8b772 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -34,8 +34,7 @@ async def get_users(self): # becomes out of hands # See https://github.com/nccgroup/ScoutSuite/issues/698 user_filter = '?$filter=userType+eq+%27Guest%27' - api_resource_with_filter = 'users' + user_filter - users_response_beta = await self._get_microsoft_graph_response(api_resource_with_filter, 'beta') + users_response_beta = await self._get_microsoft_graph_response('users'+ user_filter, 'beta') if users_response_beta: users = users_response_beta.get('value') return users @@ -46,10 +45,12 @@ async def get_users(self): async def get_user(self, user_id): try: - user_response_beta = await self._get_microsoft_graph_response('users', 'beta') - users = user_response_beta.get('value') - users_filtered = [d for d in users if d['id'] in user_id] - return users_filtered[0] + user_filter = f'?$filter=id+eq+%27{user_id}%27' + user_response_beta = await self._get_microsoft_graph_response('users'+user_filter, 'beta') + if user_response_beta: + users = user_response_beta.get('value') + return users[0] + return user_response_beta except Exception as e: print_exception(f'Failed to retrieve user {user_id}: {e}') return None @@ -67,10 +68,12 @@ async def get_groups(self): async def get_user_groups(self, group_id): try: - user_groups_response = await self._get_microsoft_graph_response('groups') - groups = user_groups_response.get('value') - filtered_group = [d for d in groups if d['id'] in group_id] - return filtered_group + group_filter = f'?$filter=id+eq+%27{group_id}%27' + user_groups_response = await self._get_microsoft_graph_response('groups' + group_filter) + if user_groups_response: + groups = user_groups_response.get('value') + return groups + return user_groups_response except Exception as e: print_exception(f'Failed to retrieve user\'s groups: {e}') return [] From 89dccf2f0f47fd2b57d53e8f4e5acc15a96de588 Mon Sep 17 00:00:00 2001 From: Xavier Garceau-Aranda Date: Sun, 21 Feb 2021 16:36:20 +0100 Subject: [PATCH 538/979] Update ScoutSuite/core/cli_parser.py --- ScoutSuite/core/cli_parser.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index c83fc4aad..db9563f0f 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -399,10 +399,9 @@ def parse_args(self, args=None): self.parser.error('You must provide --tenant when using --service-principal authentication') if v.get('user_account_browser') and not v.get('tenant_id'): self.parser.error('You must provide --tenant when using --user-account-browser authentication') - if v.get('user_account')and not v.get('tenant_id'): + if v.get('user_account') and not v.get('tenant_id'): self.parser.error('You must provide --tenant when using --user-account authentication') if v.get('subscription_ids') and v.get('all_subscriptions'): self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options') return args - From 25589d1b3d83e60c68f7dd82acd77a85e7a4d181 Mon Sep 17 00:00:00 2001 From: Biggus Davros <35418920+bigdavros@users.noreply.github.com> Date: Mon, 22 Feb 2021 11:14:57 +0000 Subject: [PATCH 539/979] Update container-install-azure.sh Add az upgrade to get latest Azure client. --- docker/bin/container-install-azure.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/bin/container-install-azure.sh b/docker/bin/container-install-azure.sh index 81057ae09..2395441b3 100755 --- a/docker/bin/container-install-azure.sh +++ b/docker/bin/container-install-azure.sh @@ -38,4 +38,7 @@ echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REP # install the software apt-get update && apt-get install -y azure-cli +# Repo Azure is not most up to date client, run az upgrade to get latest copy +az upgrade -y + echo -e "\n\nAzure CLI Installation Complete!\n\n" From 5847b729b9ae30d839604658452d58214a3fe8cb Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Tue, 23 Feb 2021 10:13:17 -0500 Subject: [PATCH 540/979] Update Azure Storage Mgmt API and add CISv1.2.0 3.9 (#981) * Update Azure storage library * Add Azure Rule 3.9 * Update correct text * Add highlighting for encryption key customer managed * Update ScoutSuite/providers/azure/rules/rulesets/default.json Co-authored-by: Xavier Garceau-Aranda Co-authored-by: Xavier Garceau-Aranda --- ...nts.subscriptions.id.storage_accounts.html | 2 ++ .../providers/azure/facade/storageaccounts.py | 2 +- .../storageaccounts/storage_accounts.py | 6 +++++ ...ccount-encrypted-not-customer-managed.json | 27 +++++++++++++++++++ .../azure/rules/rulesets/default.json | 6 +++++ requirements.txt | 1 + 6 files changed, 43 insertions(+), 1 deletion(-) create mode 100755 ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html index f55f937c1..13ae7b31f 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html +++ b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html @@ -19,6 +19,8 @@

      Information

      {{/if}}
      +
      Storage encrypted with Customer Managed Key: {{convert_bool_to_enabled encryption_key_customer_managed }}
      +
      Tags: {{#each tags}}
      diff --git a/ScoutSuite/providers/azure/facade/storageaccounts.py b/ScoutSuite/providers/azure/facade/storageaccounts.py index f6bd3282c..c1f327495 100755 --- a/ScoutSuite/providers/azure/facade/storageaccounts.py +++ b/ScoutSuite/providers/azure/facade/storageaccounts.py @@ -39,12 +39,12 @@ async def get_blob_containers(self, resource_group_name, storage_account_name, s containers = await run_concurrently( lambda: list(client.blob_containers.list(resource_group_name, storage_account_name)) ) + except Exception as e: print_exception(f'Failed to retrieve blob containers: {e}') return [] else: return containers - async def _get_and_set_activity_logs(self, storage_account, subscription_id: str): client = MonitorManagementClient(self.credentials.get_credentials(), subscription_id, user_agent=get_user_agent()) diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py index 4bc3f9cb4..39b655099 100755 --- a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py @@ -43,6 +43,7 @@ def _parse_storage_account(self, raw_storage_account): storage_account['bypass'] = raw_storage_account.network_rule_set.bypass storage_account['access_keys_last_rotation_date'] = \ self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs) + storage_account['encryption_key_customer_managed'] = self._is_encryption_key_customer_managed(raw_storage_account.encryption.key_source) if raw_storage_account.tags is not None: storage_account['tags'] = ["{}:{}".format(key, value) for key, value in raw_storage_account.tags.items()] else: @@ -65,3 +66,8 @@ def _parse_access_keys_last_rotation_date(self, activity_logs): if last_rotation_date is None or last_rotation_date < log.event_timestamp: last_rotation_date = log.event_timestamp return last_rotation_date + + def _is_encryption_key_customer_managed(self, key_source): + # Microsoft Storage is the default option which is not customer-managed + return key_source != "Microsoft.Storage" + diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json new file mode 100755 index 000000000..7c628adaa --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json @@ -0,0 +1,27 @@ +{ + "description": "Storage not encrypted with Customer Managed Key", + "rationale": "By default, data in the storage account is encrypted using Microsoft Managed Keys at rest.

      If sensitive information is stored, it should be encrypted using either Server-side Customer-Managed keys or Client-side Encryption. In the case of Client-side Encryption, it is difficult to decipher if the customer loses the key.

      ", + "remediation": "In the Azure console:
      1. Go to Storage Accounts
      2. For each storage account, go to Encryption
      3. Set Customer Managed Keys
      4. Select the Encryption key and enter the appropriate setting value
      ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "3.9" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption", + "https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest" + ], + "dashboard_name": "Accounts", + "path": "storageaccounts.subscriptions.id.storage_accounts.id", + "conditions": [ + "and", + [ + "storageaccounts.subscriptions.id.storage_accounts.id.encryption_key_customer_managed", + "equal", + "False" + ] + ], + "id_suffix": "encryption_key_customer_managed" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index bcac9e514..66c64ac3a 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -291,6 +291,12 @@ "level": "warning" } ], + "storageaccount-encrypted-not-customer-managed.json": [ + { + "enabled": true, + "level": "warning" + } + ], "virtual-machines-disk-encryption.json": [ { "enabled": true, diff --git a/requirements.txt b/requirements.txt index 492679b3f..3498ba020 100755 --- a/requirements.txt +++ b/requirements.txt @@ -33,6 +33,7 @@ httplib2shim>=0.0.3 azure-identity==1.5.0 ## for resources + azure-mgmt-resource==15.0.0 azure-mgmt-storage==16.0.0 azure-mgmt-monitor==2.0.0 From 533ec302601ecdefa67eee566e66336375836e77 Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Wed, 24 Feb 2021 12:09:13 -0500 Subject: [PATCH 541/979] removed the forced repo name --- docker/bin/container-install-azure.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docker/bin/container-install-azure.sh b/docker/bin/container-install-azure.sh index 81057ae09..c4fafb6e3 100755 --- a/docker/bin/container-install-azure.sh +++ b/docker/bin/container-install-azure.sh @@ -26,11 +26,6 @@ curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /et # set the right repo name CLI_REPO=$(lsb_release -cs) -# MSFT has no repo for focal yet, force the system to use eoan instead -if [[ ${CLI_REPO} -eq "focal" ]]; then - CLI_REPO="eoan" -fi - # add the msft repo to apt echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ > /etc/apt/sources.list.d/azure-cli.list From 5eacf2e6e2abe93cb30ce2ead6021a20455eedcf Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Wed, 24 Feb 2021 12:09:13 -0500 Subject: [PATCH 542/979] removed the forced repo name --- docker/bin/container-install-azure.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docker/bin/container-install-azure.sh b/docker/bin/container-install-azure.sh index 81057ae09..c4fafb6e3 100755 --- a/docker/bin/container-install-azure.sh +++ b/docker/bin/container-install-azure.sh @@ -26,11 +26,6 @@ curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /et # set the right repo name CLI_REPO=$(lsb_release -cs) -# MSFT has no repo for focal yet, force the system to use eoan instead -if [[ ${CLI_REPO} -eq "focal" ]]; then - CLI_REPO="eoan" -fi - # add the msft repo to apt echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ ${CLI_REPO} main" \ > /etc/apt/sources.list.d/azure-cli.list From 4b460d358216296d8f462f883d753d26ee8dcbf6 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Fri, 26 Feb 2021 12:24:56 -0500 Subject: [PATCH 543/979] refactor rules of cis azure storage section to match v1.2.0 documentation (#1027) Co-authored-by: Sophie --- .../findings/storageaccount-access-keys-not-rotated.json | 5 +++-- .../storageaccount-account-allowing-clear-text.json | 8 +++++--- .../findings/storageaccount-public-blob-container.json | 7 ++++--- .../findings/storageaccount-public-traffic-allowed.json | 7 ++++--- .../storageaccount-trusted-microsoft-services.json | 7 ++++--- 5 files changed, 20 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json index db3a739e0..ac1e45b8b 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json @@ -5,12 +5,13 @@ "compliance": [ { "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", + "version": "1.2.0", "reference": "3.2" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account" + "https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json index 5a370d170..eb571935d 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json @@ -5,13 +5,15 @@ "compliance": [ { "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", + "version": "1.2.0", "reference": "3.1" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide", - "https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer" + "https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations#encryption-in-transit", + "https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list", + "https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" ], "dashboard_name": "Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json index 1ed99060a..1e36dfe77 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json @@ -5,12 +5,13 @@ "compliance": [ { "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "3.6" + "version": "1.2.0", + "reference": "3.5" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources" + "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], "dashboard_name": "Storage Accounts", "display_path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json index 817954638..16bcaae5d 100644 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json @@ -5,12 +5,13 @@ "compliance": [ { "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "3.7" + "version": "1.2.0", + "reference": "3.6" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security" + "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json index 0c2736ca3..28392cdff 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json @@ -5,12 +5,13 @@ "compliance": [ { "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "3.8" + "version": "1.2.0", + "reference": "3.7" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security" + "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", From b1ba1a2086414f50dd59a8620a5c68266f414c31 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Sun, 28 Feb 2021 16:29:01 -0500 Subject: [PATCH 544/979] Enhancement/azure storage 3.8 (#982) * Update storage account API * Comment out config * add Azure rule 3.8 * remove added code to help debug * remove json file * modified get client to fit library update * modified JSON file to respect formatting * Improve report output * remove line Co-authored-by: xnkevinnguyen Co-authored-by: Sophie Co-authored-by: xga --- ...nts.subscriptions.id.storage_accounts.html | 14 +++++++++- .../providers/azure/facade/storageaccounts.py | 16 ++++++++++- .../storageaccounts/blob_services.py | 28 +++++++++++++++++++ .../storageaccounts/storage_accounts.py | 5 ++++ .../storageaccount-soft-delete-enabled.json | 27 ++++++++++++++++++ .../azure/rules/rulesets/default.json | 6 ++++ 6 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 ScoutSuite/providers/azure/resources/storageaccounts/blob_services.py create mode 100644 ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html index 13ae7b31f..4d1352845 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html +++ b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html @@ -39,12 +39,24 @@

      Blob Containers

      {{#each blob_containers}} {{@key}}
      - Public Access: {{ convert_bool_to_enabled public_access_allowed }} + Public Access: {{ convert_bool_to_enabled public_access_allowed }}
      {{/each}}
      +
      +

      Blob Services

      +
      + {{#each blob_services}} + {{name}} +
      + Soft Delete: {{ convert_bool_to_enabled soft_delete_enabled }} +
      + {{/each}} +
      +
      + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index e2466b24a..5b1435c49 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -75,6 +75,10 @@ "roles": { "cols": 2, "path": "services.rbac.subscriptions.id.roles" + }, + "custom_roles_report": { + "cols": 2, + "path": "services.rbac.subscriptions.id.custom_roles_report" } } }, diff --git a/ScoutSuite/providers/azure/resources/rbac/base.py b/ScoutSuite/providers/azure/resources/rbac/base.py index 865cd30e6..f043a88fa 100755 --- a/ScoutSuite/providers/azure/resources/rbac/base.py +++ b/ScoutSuite/providers/azure/resources/rbac/base.py @@ -2,12 +2,14 @@ from .role_assignments import RoleAssignments from .roles import Roles +from .custom_roles_report import CustomRolesReport class RBAC(Subscriptions): _children = [ (Roles, 'roles'), - (RoleAssignments, 'role_assignments') + (RoleAssignments, 'role_assignments'), + (CustomRolesReport, 'custom_roles_report'), ] def get_user_id_list(self): diff --git a/ScoutSuite/providers/azure/resources/rbac/custom_roles_report.py b/ScoutSuite/providers/azure/resources/rbac/custom_roles_report.py new file mode 100644 index 000000000..154f7e6d5 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/rbac/custom_roles_report.py @@ -0,0 +1,22 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class CustomRolesReport(AzureResources): + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + custom_role_dict = {} + custom_role_dict['id'] = self.subscription_id + custom_role_dict['missing_custom_role_administering_resource_locks'] = True + + for raw_role in await self.facade.rbac.get_roles(self.subscription_id): + if raw_role.role_name == 'Resource Lock Administrator': + custom_role_dict['missing_custom_role_administering_resource_locks'] = False + + self[custom_role_dict['id']] = custom_role_dict + + diff --git a/ScoutSuite/providers/azure/resources/rbac/roles.py b/ScoutSuite/providers/azure/resources/rbac/roles.py index 2db66a5a7..9da6bc9cf 100755 --- a/ScoutSuite/providers/azure/resources/rbac/roles.py +++ b/ScoutSuite/providers/azure/resources/rbac/roles.py @@ -13,6 +13,8 @@ async def fetch_all(self): id, role = self._parse_role(raw_role) self[id] = role + + def _parse_role(self, raw_role): role_dict = {} role_dict['id'] = raw_role.name diff --git a/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json new file mode 100644 index 000000000..836bba236 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json @@ -0,0 +1,27 @@ +{ + "description": "No Administering Resource Locks Role", + "rationale": "Given the resource lock functionality is outside of standard Role Based Access Control(RBAC), it would be prudent to create a resource lock administrator role to prevent inadvertent unlocking of resources.", + "remediation": "From Azure Console:
      1. In the Azure portal, open a subscription or resource group where you want the custom role to be assignable.
      2. Select Access control (IAM)
      3. Click Add
      4. Select Add custom role
      5. \n Select Add custom role\n
      6. \n In the Custom Role Name field enter Resource Lock Administrator\n
        7. \n
      7. \n In the Description field enter Can Administer Resource Locks\n
        8. \n
      8. \n For Baseline permissions select Start from scratch\n
        9. \n
      9. \n Click next\n
        10. \n
      10. \n In the Permissions select Add permissions\n
        11. \n
      11. In the Search for a permission box, type in Microsoft.Authorization/locks to search for permissions.
        12. \n
      12. Select the check box next to the permission called Microsoft.Authorization/locks
        13. \n
      13. Click add
        14. \n
      14. Click Review+create
        15. \n
      15. Click Create
        16. \n
      16. Assigne the newly created role to the appropriate user
      ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "1.23" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles", + "https://docs.microsoft.com/en-us/azure/role-based-access-control/check-access" + ], + "dashboard_name": "Roles", + "path": "rbac.subscriptions.id.custom_roles_report.id", + "conditions": [ + "and", + [ + "rbac.subscriptions.id.custom_roles_report.id.missing_custom_role_administering_resource_locks", + "true", + "" + ] + ], + "id_suffix": "missing_custom_role_administering_resource_locks" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 548139f63..41ae84f9d 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -1,29 +1,35 @@ { - "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", - "rules": { - "storageaccount-encrypted-not-customer-managed.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "storageaccount-soft-delete-enabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "network-security-groups-rule-inbound-service-udp.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-managed-disks.json": [ - { - "enabled": true, - "level": "warning" - } - ] - } + "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", + "rules": { + "storageaccount-encrypted-not-customer-managed.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "storageaccount-soft-delete-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "network-security-groups-rule-inbound-service-udp.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-managed-disks.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-administering-resource-locks-assigned.json": [ + { + "enabled": true, + "level": "danger" + } + ] + } } diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 7094ce947..2bab6c89b 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -6,6 +6,12 @@ "enabled": true, "level": "warning" } + ], + "rbac-administering-resource-locks-assigned.json": [ + { + "enabled": true, + "level": "danger" + } ], "appservice-authentication-disabled.json": [ { From c462739bf7207cc8461bd0506f672439e8c03176 Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Tue, 2 Mar 2021 11:50:00 -0500 Subject: [PATCH 552/979] Update azure cis section 4.1(4.1.1,4.1.2 & 4.1.3) (#1142) * refactor sql facade code * remove extra function * Update no auditing * remove line * Update CIS 4.1.3 * Add rationale to section 4.1 Co-authored-by: Sophie --- .../providers/azure/facade/sqldatabase.py | 21 +++--- ...base-databases-auditing-low-retention.json | 14 +++- .../sqldatabase-databases-no-auditing.json | 55 +++++++++------ ...abases-no-transparent-data-encryption.json | 13 +++- .../azure/rules/rulesets/cis-1.2.0.json | 69 ++++++++++++------- 5 files changed, 112 insertions(+), 60 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 45be13263..7c7c51122 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -34,8 +34,8 @@ async def get_database_threat_detection_policies(self, resource_group_name, serv try: client = self.get_client(subscription_id) return await run_concurrently( - lambda: client.database_threat_detection_policies.get( - resource_group_name, server_name, database_name) + lambda: client.database_threat_detection_policies.get(resource_group_name, server_name, database_name, + 'default') ) except Exception as e: print_exception(f'Failed to retrieve database threat detection policies: {e}') @@ -66,14 +66,10 @@ async def get_database_replication_links(self, resource_group_name, server_name, async def get_server_azure_ad_administrators(self, resource_group_name, server_name, subscription_id: str): try: client = self.get_client(subscription_id) - return await run_concurrently( - lambda: client.server_azure_ad_administrators.get(resource_group_name, server_name) + val = await run_concurrently( + lambda: list(client.server_azure_ad_administrators.list_by_server(resource_group_name,server_name)) ) - except CloudError as e: - # No AD admin configured returns a 404 error: - if e.status_code != 404: - print_exception(f'Failed to retrieve server azure ad administrators: {e}') - return None + return val except Exception as e: print_exception(f'Failed to retrieve server azure ad administrators: {e}') return None @@ -92,7 +88,7 @@ async def get_server_security_alert_policies(self, resource_group_name, server_n try: client = self.get_client(subscription_id) return await run_concurrently( - lambda: client.server_security_alert_policies.get(resource_group_name, server_name) + lambda: client.server_security_alert_policies.get(resource_group_name, server_name, 'default') ) except Exception as e: print_exception(f'Failed to retrieve server security alert policies: {e}') @@ -112,10 +108,11 @@ async def get_database_transparent_data_encryptions(self, resource_group_name, s subscription_id: str): try: client = self.get_client(subscription_id) - return await run_concurrently( + val = await run_concurrently( lambda: client.transparent_data_encryptions.get( - resource_group_name, server_name, database_name) + resource_group_name, server_name, database_name, 'current') ) + return val except Exception as e: print_exception(f'Failed to retrieve database transparent data encryptions: {e}') return [] diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json index c4205f19d..4a0f509a7 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json @@ -1,13 +1,25 @@ { "description": "Short Auditing Retention Period for SQL Databases", - "rationale": "Auditing retention period should be greater than _ARG_0_ days.", + "rationale": "Auditing retention period should be greater than _ARG_0_ days. Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.", + "remediation":"From Azure Console:\n
        \n
      1. Go to SQL servers
        2. \n
      2. For each server instance
        3. \n
      3. Click on Auditing
        4. \n
      4. Select Storage Details
        5. \n
      5. Ensure Retention (days) setting greater than 90 days
        6. \n
      ", "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.1.3" + }, { "name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "4.2" } ], + "references": [ + "https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing", + "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention" + ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", "path": "sqldatabase.subscriptions.id.servers.id.databases.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json index 990222377..2323f1e6c 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json @@ -1,23 +1,36 @@ { - "description": "Auditing Disabled for SQL Databases", - "rationale": "Enable auditing for all SQL databases.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.2" - } - ], - "dashboard_name": "SQL Databases", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id.databases.id", - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.auditing_enabled", - "false", - "" - ] - ], - "id_suffix": "db_auditing_disabled" + "description": "Auditing Disabled for SQL Databases", + "rationale": "Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.", + "remediation": "From Azure Console:\n
        \n
      1. Go to SQL servers
        2. \n
      2. For each server instance
        3. \n
      3. Click on Auditing
        4. \n
      4. Set Auditing to On
        5. \n
      ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.1.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.2" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers", + "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0", + "https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "SQL Databases", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id.databases.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.auditing_enabled", + "false", + "" + ] + ], + "id_suffix": "db_auditing_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json index d3342f8a3..56a376356 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json @@ -1,13 +1,22 @@ { - "description": "Transparent Data Encryption Disabled for SQL Databases", - "rationale": "Enable transparent data encryption for all SQL databases.", + "description": "Data Encryption Disabled for SQL Databases", + "rationale": "Azure SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.", + "remediation": "From Azure Console:
      1. Go to SQL databases
        2. \n
      2. For each DB instance
        3. \n
      3. Click on Transparent data encryption
        4. \n
      4. Set Data encryption to On
      ", "compliance": [ { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.1.2" + },{ "name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "4.2" } ], + "references": [ + "https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-with-azure-sql-database", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" + ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", "path": "sqldatabase.subscriptions.id.servers.id.databases.id", diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 41ae84f9d..902d651a3 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -1,35 +1,56 @@ { "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", "rules": { - "storageaccount-encrypted-not-customer-managed.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "storageaccount-soft-delete-enabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "network-security-groups-rule-inbound-service-udp.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-managed-disks.json": [ - { - "enabled": true, - "level": "warning" - } - ], + "storageaccount-encrypted-not-customer-managed.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "storageaccount-soft-delete-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "network-security-groups-rule-inbound-service-udp.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-managed-disks.json": [ + { + "enabled": true, + "level": "warning" + } + ], "rbac-administering-resource-locks-assigned.json": [ { "enabled": true, "level": "danger" } + ], + "sqldatabase-databases-no-auditing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-databases-no-transparent-data-encryption.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-databases-threat-detection-low-retention.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "warning" + } ] } } From 6ac421c7ce3d47ea483299dedb56788335d70aa8 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 2 Mar 2021 12:04:51 -0500 Subject: [PATCH 553/979] Enhancement/azure cis 1.17 (#1099) * added rule 1.17 from cis azure * fix rule title issues * Update ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json modify description title Co-authored-by: Xavier Garceau-Aranda * fix small mistakes in sql dtabase facade Co-authored-by: Sophie Co-authored-by: Xavier Garceau-Aranda --- .../partials/azure/services.aad.policies.html | 27 +++++++++++++++++++ ScoutSuite/providers/azure/facade/aad.py | 10 +++++-- .../providers/azure/facade/sqldatabase.py | 10 +++---- ScoutSuite/providers/azure/metadata.json | 4 +++ .../providers/azure/resources/aad/base.py | 2 ++ .../providers/azure/resources/aad/policies.py | 26 ++++++++++++++++++ ...users-create-security-groups-disabled.json | 23 ++++++++++++++++ .../storageaccount-soft-delete-enabled.json | 4 +-- .../virtual-machines-managed-disks.json | 2 +- .../azure/rules/rulesets/cis-1.2.0.json | 6 +++++ .../azure/rules/rulesets/default.json | 8 +++++- 11 files changed, 109 insertions(+), 13 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/azure/services.aad.policies.html create mode 100644 ScoutSuite/providers/azure/resources/aad/policies.py create mode 100644 ScoutSuite/providers/azure/rules/findings/aad-users-create-security-groups-disabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.aad.policies.html b/ScoutSuite/output/data/html/partials/azure/services.aad.policies.html new file mode 100644 index 000000000..e4637e409 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.aad.policies.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 3b3c8b772..1b2d64ecb 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -1,5 +1,3 @@ -import os - from msgraphcore import GraphSession from ScoutSuite.core.console import print_exception @@ -100,3 +98,11 @@ async def get_applications(self): except Exception as e: print_exception(f'Failed to retrieve applications: {e}') return [] + + async def get_policies(self): + try: + policies_response = await self._get_microsoft_graph_response('policies/authorizationPolicy') + return policies_response + except Exception as e: + print_exception(f'Failed to retrieve applications: {e}') + return [] diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 7c7c51122..53e0ce69e 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -1,5 +1,3 @@ -from msrestazure.azure_exceptions import CloudError - from azure.mgmt.sql import SqlManagementClient from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.core.console import print_exception @@ -66,10 +64,9 @@ async def get_database_replication_links(self, resource_group_name, server_name, async def get_server_azure_ad_administrators(self, resource_group_name, server_name, subscription_id: str): try: client = self.get_client(subscription_id) - val = await run_concurrently( - lambda: list(client.server_azure_ad_administrators.list_by_server(resource_group_name,server_name)) + return await run_concurrently( + lambda: client.server_azure_ad_administrators.get(resource_group_name, server_name, 'activeDirectory') ) - return val except Exception as e: print_exception(f'Failed to retrieve server azure ad administrators: {e}') return None @@ -108,11 +105,10 @@ async def get_database_transparent_data_encryptions(self, resource_group_name, s subscription_id: str): try: client = self.get_client(subscription_id) - val = await run_concurrently( + return await run_concurrently( lambda: client.transparent_data_encryptions.get( resource_group_name, server_name, database_name, 'current') ) - return val except Exception as e: print_exception(f'Failed to retrieve database transparent data encryptions: {e}') return [] diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index 5b1435c49..2c4daeaa6 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -67,6 +67,10 @@ "applications": { "cols": 2, "path": "services.aad.applications" + }, + "policies": { + "cols": 2, + "path": "services.aad.policies" } } }, diff --git a/ScoutSuite/providers/azure/resources/aad/base.py b/ScoutSuite/providers/azure/resources/aad/base.py index cb17ccfb2..c41135801 100755 --- a/ScoutSuite/providers/azure/resources/aad/base.py +++ b/ScoutSuite/providers/azure/resources/aad/base.py @@ -5,6 +5,7 @@ from .groups import Groups from .serviceprincipals import ServicePrincipals from .applications import Applications +from .policies import Policies class AAD(AzureCompositeResources): @@ -13,6 +14,7 @@ class AAD(AzureCompositeResources): (Groups, 'groups'), (ServicePrincipals, 'service_principals'), (Applications, 'applications'), + (Policies, 'policies') ] async def fetch_all(self): diff --git a/ScoutSuite/providers/azure/resources/aad/policies.py b/ScoutSuite/providers/azure/resources/aad/policies.py new file mode 100644 index 000000000..0a4ba826d --- /dev/null +++ b/ScoutSuite/providers/azure/resources/aad/policies.py @@ -0,0 +1,26 @@ +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class Policies(AzureResources): + async def fetch_all(self): + raw_policy = await self.facade.aad.get_policies() + id, policy = await self._parse_policy(raw_policy) + self[id] = policy + + async def _parse_policy(self, raw_policy): + policy_dict = {} + policy_dict['id'] = raw_policy.get('id') + policy_dict['name'] = raw_policy.get('displayName') + policy_dict['allow_invites_from'] = raw_policy.get('allowInvitesFrom') + policy_dict[ + 'allowed_to_sign_up_email_based_subscription'] = raw_policy.get('allowedToSignUpEmailBasedSubscriptions') + policy_dict['allowed_to_use_SSPR'] = raw_policy.get('allowedToUseSSPR') + policy_dict['allow_email_verified_users_to_join_organization' + ] = raw_policy.get('allowEmailVerifiedUsersToJoinOrganization') + policy_dict['allowed_to_create_apps'] = raw_policy['defaultUserRolePermissions'].get('allowedToCreateApps') + policy_dict['allowed_to_create_security_groups' + ] = raw_policy['defaultUserRolePermissions'].get('allowedToCreateSecurityGroups') + policy_dict[ + 'allowed_to_read_other_users'] = raw_policy['defaultUserRolePermissions'].get('allowedToReadOtherUsers') + + return policy_dict['id'], policy_dict diff --git a/ScoutSuite/providers/azure/rules/findings/aad-users-create-security-groups-disabled.json b/ScoutSuite/providers/azure/rules/findings/aad-users-create-security-groups-disabled.json new file mode 100644 index 000000000..fd8740ef6 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/aad-users-create-security-groups-disabled.json @@ -0,0 +1,23 @@ +{ + "description": "Users Can Create Security Group Enabled", + "rationale": "When creating security groups is enabled, all users in the directory are allowed to create new security groups and add members to those groups. Security group creation should be restricted to administrators only.", + "remediation": "From Azure console:
      1. Go to Azure Active Directory
      2. Go to Groups
      3. Go to General in setting
      4. Ensure that Users can create security groups in Azure Portals is set to No
      ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "1.17" + } + ], + "dashboard_name": "Policies", + "path": "aad.policies.id", + "conditions": [ + "and", + [ + "aad.policies.id.allowed_to_create_security_groups", + "true", + "" + ] + ], + "id_suffix": "allowed_to_create_security_groups" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json index 8f1f8edd9..1a85144a4 100644 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json @@ -1,5 +1,5 @@ { - "description": "Storage Soft Delete Is Enabled", + "description": "Storage Account Soft Delete Disabled", "rationale": "Enabling this configuration for azure storage ensures that even if blobs/data were deleted from the storage account, Blobs/data objects remain recoverable for a particular time which set in the \"Retention policies\" ", "remediation": "In the Azure console:
      1. Go to Storage Accounts
      2. For each storage account, navigate to Data protection
      3. Ensure that soft delete is Enabled
      ", "compliance": [ @@ -24,4 +24,4 @@ ] ], "id_suffix": "soft_delete_enabled" -} \ No newline at end of file +} diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json index c941e1634..20c6fb0f0 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json @@ -1,5 +1,5 @@ { - "description": "Virtual Machines Utilizing Managed Disks", + "description": "Virtual Machines Not Utilizing Managed Disks", "rationale": "Managed disks are by default encrypted on the underlying hardware so no additional encryption is required for basic protection, it is available if additional encryption is required. Managed disks are by design more resilient that storage accounts.", "remediation": "From Azure console:
      1. Using the search feature, go to Virtual Machines
      2. Select the virtual machine you would like to convert
      3. Select Disks in the menu for the VM
      4. At the top select Migrate to managed disks
      5. You may follow the prompts to convert the disk and finish by selecting 'Migrate' to start the process
      ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 902d651a3..31f3148d0 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -1,6 +1,12 @@ { "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", "rules": { + "aad-users-create-security-groups-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], "storageaccount-encrypted-not-customer-managed.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 2bab6c89b..a63034248 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -7,7 +7,13 @@ "level": "warning" } ], - "rbac-administering-resource-locks-assigned.json": [ + "aad-users-create-security-groups-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "rbac-administering-resource-locks-assigned.json": [ { "enabled": true, "level": "danger" From 45859b5888da92f9f2c4ba81477dd290081bbcb7 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 2 Mar 2021 12:12:31 -0500 Subject: [PATCH 554/979] added forgotten new rules in cis-1.2.0.json file rulse set (#1145) Co-authored-by: Sophie --- .../providers/azure/rules/rulesets/cis-1.2.0.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 31f3148d0..5d44b7cbd 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -31,6 +31,18 @@ "level": "warning" } ], + "virtual-machines-os-data-encrypted-cmk.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-unattached-disks-encrypted-cmk.json": [ + { + "enabled": true, + "level": "warning" + } + ], "rbac-administering-resource-locks-assigned.json": [ { "enabled": true, From 7152dacb797cc2cc16fe84cfb77806321d3b44d6 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 2 Mar 2021 12:20:14 -0500 Subject: [PATCH 555/979] added rule 1.21 from azure cis 1.2.0 (#1098) * added rule 1.21 from azure cis 1.2.0 * added rule to cis-1.2.0 json file Co-authored-by: Sophie --- .../services.rbac.subscriptions.id.roles.html | 1 + .../providers/azure/resources/rbac/roles.py | 12 ++++++++ ...m-subscription-owner-role-not-allowed.json | 28 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 6 ++++ .../azure/rules/rulesets/default.json | 18 ++++++++---- 5 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html b/ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html index adb550786..3cdf4ca93 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html +++ b/ScoutSuite/output/data/html/partials/azure/services.rbac.subscriptions.id.roles.html @@ -10,6 +10,7 @@

      Information

      Type: {{value_or_none type}}
      Role Type: {{value_or_none role_type}}
      Assignable Scopes: {{value_or_none assignable_scopes}}
      +
      Custom Subscriptions Owner Roles: {{custom_subscription_owner_role}}

    Permissions

    diff --git a/ScoutSuite/providers/azure/resources/rbac/roles.py b/ScoutSuite/providers/azure/resources/rbac/roles.py index 9da6bc9cf..aa3d1eae1 100755 --- a/ScoutSuite/providers/azure/resources/rbac/roles.py +++ b/ScoutSuite/providers/azure/resources/rbac/roles.py @@ -26,7 +26,19 @@ def _parse_role(self, raw_role): role_dict['assignable_scopes'] = raw_role.assignable_scopes role_dict['additional_properties'] = raw_role.additional_properties role_dict['assignments_count'] = 0 + role_dict['custom_subscription_owner_role'] = self._no_custom_subscription_owner_role_allowed(raw_role) role_dict['assignments'] = {'users': [], 'groups': [], 'service_principals': []} # this will be filled in `finalize()` return role_dict['id'], role_dict + + def _no_custom_subscription_owner_role_allowed(self, role): + if role.role_type =="CustomRole": + for assignable_scope in role.assignable_scopes: + if "subscriptions" in assignable_scope or assignable_scope == "/": + for permission in role.permissions: + for action in permission.actions: + if "*" in action: + return True + return False + diff --git a/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json b/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json new file mode 100644 index 000000000..85cb58802 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json @@ -0,0 +1,28 @@ +{ + "description": "Custom Subscription Owner Role Not Allowed", + "rationale": "Classic subscription admin roles offer basic access management and include Account Administrator, Service Administrator, and Co-Administrators. It is recommended the least necessary permissions be given initially. Permissions can be added as needed by the account holder. This ensures the account holder cannot perform actions which were not intended.", + "remediation": "From Azure Command Line Interface 2.0:
    1. az role definition list
    2. Check for entries with assignableScope of / or a subscription, and an action of *
    3. Verify the usage and impact of removing the role identified:
    4. az role definition delete --name \"rolename\"
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "1.21" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" + ], + "dashboard_name": "Roles", + "path": "rbac.subscriptions.id.roles.id", + "conditions": [ + "and", + [ + "rbac.subscriptions.id.roles.id.custom_subscription_owner_role", + "true", + "" + ] + ], + "id_suffix": "custom_subscription_owner_role" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 5d44b7cbd..0891abce0 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -43,6 +43,12 @@ "level": "warning" } ], + "rbac-custom-subscription-owner-role-not-allowed.json": [ + { + "enabled": true, + "level": "danger" + } + ], "rbac-administering-resource-locks-assigned.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index a63034248..fda7982c5 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -13,12 +13,6 @@ "level": "danger" } ], - "rbac-administering-resource-locks-assigned.json": [ - { - "enabled": true, - "level": "danger" - } - ], "appservice-authentication-disabled.json": [ { "enabled": true, @@ -138,6 +132,18 @@ "level": "warning" } ], + "rbac-custom-subscription-owner-role-not-allowed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "rbac-administering-resource-locks-assigned.json": [ + { + "enabled": true, + "level": "danger" + } + ], "securitycenter-auto-provisioning-off.json": [ { "enabled": true, From c3f69d54a5f890ca89653a435d0b4b14c3e7f25d Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Wed, 3 Mar 2021 10:31:19 -0500 Subject: [PATCH 556/979] azure monitor resource template (#1149) * added monitor ressource * added base ressources for monitoring and logging section * add 2 instances for logging and monitoring ressource Co-authored-by: Sophie --- ...onitoring.subscriptions.id.diagnostic.html | 22 +++++++++ ...onitoring.subscriptions.id.log_alerts.html | 22 +++++++++ .../output/data/inc-scoutsuite/scoutsuite.js | 2 + ScoutSuite/providers/azure/facade/base.py | 2 + .../azure/facade/loggingmonitoring.py | 49 +++++++++++++++++++ ScoutSuite/providers/azure/metadata.json | 14 ++++++ .../__init__.py | 0 .../loggingmonitoring/activity_log_alerts.py | 24 +++++++++ .../azure/resources/loggingmonitoring/base.py | 14 ++++++ .../loggingmonitoring/diagnostic_settings.py | 25 ++++++++++ .../loggingmonitoring/log_profiles.py | 34 +++++++++++++ ScoutSuite/providers/azure/services.py | 2 + ScoutSuite/utils.py | 1 + 13 files changed, 211 insertions(+) create mode 100644 ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic.html create mode 100644 ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html create mode 100644 ScoutSuite/providers/azure/facade/loggingmonitoring.py rename ScoutSuite/providers/azure/resources/{monitor => loggingmonitoring}/__init__.py (100%) mode change 100755 => 100644 create mode 100644 ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py create mode 100644 ScoutSuite/providers/azure/resources/loggingmonitoring/base.py create mode 100644 ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py create mode 100644 ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic.html new file mode 100644 index 000000000..9cdb96420 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic.html @@ -0,0 +1,22 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html new file mode 100644 index 000000000..1439731b2 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html @@ -0,0 +1,22 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index b114fba6a..8ddfc4efa 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1277,6 +1277,8 @@ function makeTitle(title) { return 'Redis Cache' } else if (title === 'appservice') { return 'App Services' + } else if (title === 'loggingmonitoring') { + return 'Logging Monitoring' } else if (title === 'loadbalancer') { return 'Load Balancer' } else if (title === 'ram') { diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index 829ed8d7d..72553d76a 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -8,6 +8,7 @@ from ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade from ScoutSuite.providers.azure.facade.virtualmachines import VirtualMachineFacade from ScoutSuite.providers.azure.facade.appservice import AppServiceFacade +from ScoutSuite.providers.azure.facade.loggingmonitoring import LoggingMonitoringFacade from azure.mgmt.resource import SubscriptionClient from ScoutSuite.providers.base.authentication_strategy import AuthenticationException @@ -52,6 +53,7 @@ def __init__(self, self.sqldatabase = SQLDatabaseFacade(credentials) self.storageaccounts = StorageAccountsFacade(credentials) self.appservice = AppServiceFacade(credentials) + self.loggingmonitoring = LoggingMonitoringFacade(credentials) # Instantiate facades for proprietary services try: diff --git a/ScoutSuite/providers/azure/facade/loggingmonitoring.py b/ScoutSuite/providers/azure/facade/loggingmonitoring.py new file mode 100644 index 000000000..ce0da072b --- /dev/null +++ b/ScoutSuite/providers/azure/facade/loggingmonitoring.py @@ -0,0 +1,49 @@ +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.core.console import print_exception +from ScoutSuite.utils import get_user_agent +from azure.mgmt.monitor import MonitorManagementClient + + +class LoggingMonitoringFacade: + + def __init__(self, credentials): + self.credentials = credentials + + def get_client(self, subscription_id: str): + client = MonitorManagementClient(self.credentials.get_credentials(), + subscription_id=subscription_id, + user_agent=get_user_agent()) + return client + + async def get_log_profiles(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + log_profiles = await run_concurrently( + lambda: list(client.log_profiles.list()) + ) + return log_profiles + except Exception as e: + print_exception(f'Failed to retrieve log profiles: {e}') + return [] + + async def get_diagnostic_settings(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + diagnostic_settings = await run_concurrently( + lambda: client.subscription_diagnostic_settings.list(subscription_id) + ) + return diagnostic_settings.value + except Exception as e: + print_exception(f'Failed to retrieve diagnostic settings: {e}') + return [] + + async def get_activity_log_alerts(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + activity_log_alerts = await run_concurrently( + lambda: list(client.activity_log_alerts.list_by_subscription_id()) + ) + return activity_log_alerts + except Exception as e: + print_exception(f'Failed to retrieve activity log alerts: {e}') + return [] diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index 2c4daeaa6..0872a8e1b 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -166,5 +166,19 @@ } } } + }, + "logging": { + "loggingmonitoring": { + "resources": { + "diagnostic": { + "cols": 2, + "path": "services.loggingmonitoring.subscriptions.id.diagnostic" + }, + "log_alerts": { + "cols": 2, + "path": "services.loggingmonitoring.subscriptions.id.log_alerts" + } + } + } } } diff --git a/ScoutSuite/providers/azure/resources/monitor/__init__.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/__init__.py old mode 100755 new mode 100644 similarity index 100% rename from ScoutSuite/providers/azure/resources/monitor/__init__.py rename to ScoutSuite/providers/azure/resources/loggingmonitoring/__init__.py diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py new file mode 100644 index 000000000..46fb5df13 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py @@ -0,0 +1,24 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ActivityLogAlerts(AzureResources): + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + for log_alert in await self.facade.loggingmonitoring.get_activity_log_alerts(self.subscription_id): + id, log_alerts = self._parse_log_alerts(log_alert) + self[id] = log_alerts + + def _parse_log_alerts(self, log_alert): + log_alert_dict = {} + + log_alert_dict['id'] = log_alert.id + log_alert_dict['name'] = log_alert.name + + return log_alert_dict['id'], log_alert_dict + + diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py new file mode 100644 index 000000000..07129776d --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions + +from .log_profiles import LogProfiles +from .diagnostic_settings import DiagnosticSettings +from .activity_log_alerts import ActivityLogAlerts + + +class LoggingMonitoring(Subscriptions): + _children = [ + (LogProfiles, 'log_profiles'), + (DiagnosticSettings, 'diagnostic_settings'), + (ActivityLogAlerts, 'log_alerts') + ] + diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py new file mode 100644 index 000000000..789748bba --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py @@ -0,0 +1,25 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class DiagnosticSettings(AzureResources): + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + for diagnostic_setting in await self.facade.loggingmonitoring.get_diagnostic_settings(self.subscription_id): + id, diagnostic_settings = self._parse_diagnostic_settings(diagnostic_setting) + self[id] = diagnostic_settings + + def _parse_diagnostic_settings(self, diagnostic_setting): + diagnostic_setting_dict = {} + + diagnostic_setting_dict['id'] = diagnostic_setting.id + diagnostic_setting_dict['name'] = diagnostic_setting.name + diagnostic_setting_dict['storage_account_id'] = diagnostic_setting.storage_account_id + + return diagnostic_setting_dict['id'], diagnostic_setting_dict + + diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py new file mode 100644 index 000000000..f05bb717e --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/log_profiles.py @@ -0,0 +1,34 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class LogProfiles(AzureResources): + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + for log_profile in await self.facade.loggingmonitoring.get_log_profiles(self.subscription_id): + id, log_profiles = self._parse_log_profile(log_profile) + self[id] = log_profiles + + def _parse_log_profile(self, log_profile): + log_profile_dict = {} + + log_profile_dict['id'] = log_profile.id + log_profile_dict['name'] = log_profile.name + log_profile_dict['storage_account_id'] = log_profile.storage_account_id + log_profile_dict['service_bus_rule_id'] = log_profile.service_bus_rule_id + log_profile_dict['retention_policy_enabled'] = log_profile.retention_policy.enabled + log_profile_dict['retention_policy_days'] = log_profile.retention_policy.days + log_profile_dict['captures_all_activities'] = self.profile_captures_all_activities(log_profile) + + return log_profile_dict['id'], log_profile_dict + + def profile_captures_all_activities(self, log_profile): + categories = log_profile.categories + if 'Delete' in categories and 'Write' in categories and 'Action' in categories: + return True + return False + diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py index ca1504ffe..82bce8a08 100755 --- a/ScoutSuite/providers/azure/services.py +++ b/ScoutSuite/providers/azure/services.py @@ -10,6 +10,7 @@ from ScoutSuite.providers.azure.resources.virtualmachines.base import VirtualMachines from ScoutSuite.providers.base.services import BaseServicesConfig from ScoutSuite.providers.azure.resources.appservice.base import AppServices +from ScoutSuite.providers.azure.resources.loggingmonitoring.base import LoggingMonitoring # Try to import proprietary services try: @@ -49,6 +50,7 @@ def __init__(self, self.network = Networks(facade) self.virtualmachines = VirtualMachines(facade) self.appservice = AppServices(facade) + self.loggingmonitoring = LoggingMonitoring(facade) # Instantiate proprietary services try: diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index ab48c82f6..13a7d7233 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -47,6 +47,7 @@ 'appservice': 'App Services', 'loadbalancer': 'Load Balancer', 'virtualmachines': 'Virtual Machines', + 'loggingmonitoring': 'Logging Monitoring', # GCP 'cloudstorage': 'Cloud Storage', 'cloudmemorystore': 'Cloud Memorystore', From d41ae0f9fec9b363fb7795308db235eccb9b215e Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Wed, 3 Mar 2021 10:36:57 -0500 Subject: [PATCH 557/979] Enhancement/azure sql 6.3 (#1148) * refactor sql facade code * added rule 6.3 from azure cis Co-authored-by: Sophie Co-authored-by: xnkevinnguyen --- ....sqldatabase.subscriptions.id.servers.html | 13 ++++++++ .../providers/azure/facade/sqldatabase.py | 10 +++++++ .../resources/sqldatabase/firewall_rules.py | 26 ++++++++++++++++ .../azure/resources/sqldatabase/servers.py | 4 ++- .../findings/sqldatabase-allow-any-ip.json | 30 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 6 ++++ .../azure/rules/rulesets/default.json | 6 ++++ 7 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/azure/resources/sqldatabase/firewall_rules.py create mode 100644 ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html index 28afeee76..ca9212cf9 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html @@ -55,6 +55,19 @@

    SQL Databases

    {{/each}}
    + +
    +

    Firewall Rules

    +
    + {{#each firewall_rules}} + {{name}} +
    +
    Firewall rule start IP: {{start_ip}}
    +
    Firewall rule end IP: {{end_ip}}
    +
    + {{/each}} +
    +
    + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index a4cc1f6c4..4eb088b90 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1261,6 +1261,8 @@ function makeTitle(title) { return 'Azure RBAC' } else if (title === 'storageaccounts') { return 'Storage Accounts' + } else if (title === 'mysqldatabase') { + return 'MySQL Database' } else if (title === 'sqldatabase') { return 'SQL Database' } else if (title === 'postgresqldatabase') { diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index f692da92d..2ab585d24 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -8,6 +8,7 @@ from ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade from ScoutSuite.providers.azure.facade.virtualmachines import VirtualMachineFacade from ScoutSuite.providers.azure.facade.appservice import AppServiceFacade +from ScoutSuite.providers.azure.facade.mysqldatabase import MySQLDatabaseFacade from ScoutSuite.providers.azure.facade.postgresqldatabse import PostgreSQLDatabaseFacade from ScoutSuite.providers.azure.facade.loggingmonitoring import LoggingMonitoringFacade @@ -54,6 +55,7 @@ def __init__(self, self.sqldatabase = SQLDatabaseFacade(credentials) self.storageaccounts = StorageAccountsFacade(credentials) self.appservice = AppServiceFacade(credentials) + self.mysqldatabase = MySQLDatabaseFacade(credentials) self.postgresqldatabase = PostgreSQLDatabaseFacade(credentials) self.loggingmonitoring = LoggingMonitoringFacade(credentials) diff --git a/ScoutSuite/providers/azure/facade/mysqldatabase.py b/ScoutSuite/providers/azure/facade/mysqldatabase.py new file mode 100644 index 000000000..a53e96b67 --- /dev/null +++ b/ScoutSuite/providers/azure/facade/mysqldatabase.py @@ -0,0 +1,26 @@ +from azure.mgmt.rdbms.mysql import MySQLManagementClient +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.core.console import print_exception +from ScoutSuite.utils import get_user_agent + + +class MySQLDatabaseFacade: + + def __init__(self, credentials): + self.credentials = credentials + + def get_client(self, subscription_id: str): + client = MySQLManagementClient(self.credentials.get_credentials(), + subscription_id=subscription_id, + user_agent=get_user_agent()) + return client + + async def get_servers(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + return await run_concurrently( + lambda: list(client.servers.list()) + ) + except Exception as e: + print_exception(f'Failed to retrieve mySQL servers: {e}') + return [] diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index 7263f6510..daa659048 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -167,6 +167,16 @@ } } }, + "mysql": { + "mysqldatabase": { + "resources": { + "servers": { + "cols": 2, + "path": "services.mysqldatabase.subscriptions.id.servers" + } + } + } + }, "postgres": { "postgresqldatabase": { "resources": { diff --git a/ScoutSuite/providers/azure/resources/mysqldatabase/__init__.py b/ScoutSuite/providers/azure/resources/mysqldatabase/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/azure/resources/mysqldatabase/base.py b/ScoutSuite/providers/azure/resources/mysqldatabase/base.py new file mode 100644 index 000000000..42300f644 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/mysqldatabase/base.py @@ -0,0 +1,9 @@ +from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions + +from .mysql_servers import MySQLServers + + +class MySQLServers(Subscriptions): + _children = [ + (MySQLServers, 'servers') + ] \ No newline at end of file diff --git a/ScoutSuite/providers/azure/resources/mysqldatabase/mysql_servers.py b/ScoutSuite/providers/azure/resources/mysqldatabase/mysql_servers.py new file mode 100644 index 000000000..f655826da --- /dev/null +++ b/ScoutSuite/providers/azure/resources/mysqldatabase/mysql_servers.py @@ -0,0 +1,28 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureCompositeResources +from ScoutSuite.providers.azure.utils import get_resource_group_name +from ScoutSuite.providers.utils import get_non_provider_id + + +class MySQLServers(AzureCompositeResources): + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + for raw_server in await self.facade.mysqldatabase.get_servers(self.subscription_id): + id, server = self._parse_server(raw_server) + self[id] = server + + def _parse_server(self, raw_server): + server = {} + server['id'] = get_non_provider_id(raw_server.id) + server['name'] = raw_server.name + server['resource_group_name'] = get_resource_group_name(raw_server.id) + server['ssl_enforcement'] = raw_server.ssl_enforcement + if raw_server.tags is not None: + server['tags'] = ["{}:{}".format(key, value) for key, value in raw_server.tags.items()] + else: + server['tags'] = [] + return server['id'], server \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json new file mode 100644 index 000000000..9a4405489 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json @@ -0,0 +1,28 @@ +{ + "description": "Enforce SSL Connection Is Disabled For MySQL Database Server", + "rationale": "SSL connectivity helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \"man in the middle\" attacks by encrypting the data stream between the server and application.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for MySQL server
    3. For each database, click on Connection security
    4. In SSL settings.
    5. Click Enabled to Enforce SSL connection
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.2" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", + "https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" + ], + "dashboard_name": "MySQL Servers", + "path": "mysqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "mysqldatabase.subscriptions.id.servers.id.ssl_enforcement", + "equal", + "Disabled" + ] + ], + "id_suffix": "ssl_enforcement" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 73f6f7d12..dd32feeef 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -87,6 +87,12 @@ "enabled": true, "level": "warning" } + ], + "mysql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } ] } } diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 881c28eb2..165a0cfa2 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -365,6 +365,12 @@ "enabled": true, "level": "warning" } + ], + "mysql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } ] } } diff --git a/ScoutSuite/providers/azure/services.py b/ScoutSuite/providers/azure/services.py index c05e214f5..a8604ea7a 100755 --- a/ScoutSuite/providers/azure/services.py +++ b/ScoutSuite/providers/azure/services.py @@ -10,6 +10,7 @@ from ScoutSuite.providers.azure.resources.virtualmachines.base import VirtualMachines from ScoutSuite.providers.base.services import BaseServicesConfig from ScoutSuite.providers.azure.resources.appservice.base import AppServices +from ScoutSuite.providers.azure.resources.mysqldatabase.base import MySQLServers from ScoutSuite.providers.azure.resources.postgresqldatabase.base import PostgreSQLServers from ScoutSuite.providers.azure.resources.loggingmonitoring.base import LoggingMonitoring @@ -51,6 +52,7 @@ def __init__(self, self.network = Networks(facade) self.virtualmachines = VirtualMachines(facade) self.appservice = AppServices(facade) + self.mysqldatabase = MySQLServers(facade) self.postgresqldatabase = PostgreSQLServers(facade) self.loggingmonitoring = LoggingMonitoring(facade) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 0fd1d4bd3..c90700314 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -47,6 +47,7 @@ 'appservice': 'App Services', 'loadbalancer': 'Load Balancer', 'virtualmachines': 'Virtual Machines', + 'mysqldatabase': 'MySQL Database', 'postgresqldatabase': 'PostgresSQL Database', 'loggingmonitoring': 'Logging Monitoring', # GCP From 435b3d8f2fd7697e0bf7b1c12361bb84763f079c Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Fri, 5 Mar 2021 11:16:15 -0500 Subject: [PATCH 562/979] Update CISv1.2.0 4.2.1 to 4.2.4 (#1155) * Update 4.2.1 to 4.2.4 * Add reference to 4.2.2 Co-authored-by: Sophie --- ....sqldatabase.subscriptions.id.servers.html | 8 +-- ...threat-detection-send-alerts-disabled.json | 2 +- ...ldatabase-servers-no-threat-detection.json | 51 +++++++++++-------- ...vers-threat-detection-disabled-alerts.json | 51 +++++++++++-------- ...threat-detection-send-alerts-disabled.json | 18 ++++++- 5 files changed, 81 insertions(+), 49 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html index 8595d73be..b1a9ca740 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html @@ -10,10 +10,10 @@

    Information

    Azure Active Directory Admin: {{value_or_none ad_admin.login}}
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    Auditing retention period: {{ auditing.retention_days }}
    -
    Threat detection: {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    -
    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    -
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    -
    Threat detection retention period: {{ threat_detection.retention_days }}
    +
    Advanced Threat Protection (ATP): {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    +
    Advanced Threat Protection (ATP) alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    +
    Send Advanced Threat Protection (ATP) alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    +
    Advanced Threat Protection (ATP) retention period: {{ threat_detection.retention_days }}
    TDE server key type: {{ encryption_protectors.server_key_type }}
    diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json index 57232eecf..c94cec360 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-send-alerts-disabled.json @@ -1,5 +1,5 @@ { - "description": "\"Send Threat Detection Alerts\" Disabled for SQL Databases", + "description": "Send Threat Detection Alerts Disabled for SQL Databases", "rationale": "Specify email addresses and ensure that alerts are sent to them.", "compliance": [ { diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json index 857c61a4d..252ba0baf 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json @@ -1,23 +1,32 @@ { - "description": "Threat Detection Disabled for SQL Servers", - "rationale": "Enable threat detection for all SQL servers.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.1" - } - ], - "dashboard_name": "SQL Servers", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id", - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.threat_detection.threat_detection_enabled", - "false", - "" - ] - ], - "id_suffix": "server_threat_detection_disabled" + "description": "Advanced Threat Protection (ATP) Disabled for SQL Servers", + "rationale": "SQL Server \"Advanced Data Security\" (ADS) provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users will receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.1" + } + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "references": [ + "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + ], + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.threat_detection.threat_detection_enabled", + "false", + "" + ] + ], + "id_suffix": "server_threat_detection_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json index d03e5ed47..82ef2843b 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json @@ -1,23 +1,32 @@ { - "description": "Threat Detection Alerts Disabled for SQL Servers", - "rationale": "Do not disable alerts related to threat detections.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.1" - } - ], - "dashboard_name": "SQL Servers", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id", - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.threat_detection.alerts_enabled", - "false", - "" - ] - ], - "id_suffix": "server_threat_detection_alerts_disabled" + "description": "Advanced Threat Protection Disabled Types for SQL servers", + "rationale": "Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.2" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.1" + } + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "references": [ + "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + ], + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.threat_detection.alerts_enabled", + "false", + "" + ] + ], + "id_suffix": "server_threat_detection_alerts_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json index 6d16eabea..bb6d1a5cc 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json @@ -1,7 +1,17 @@ { - "description": "\"Send Threat Detection Alerts\" Disabled for SQL Servers", - "rationale": "Specify email addresses and ensure that alerts are sent to them.", + "description": "Send Advanced Threat Protection Alerts Disabled for SQL Servers", + "rationale": "Providing the email address and enable Administrator and subscription owner to receive alerts ensures that any detection of anomalous activities is reported as soon as possible, making it more likely to mitigate any potential risk sooner.", "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.3" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.4" + }, { "name": "CIS Microsoft Azure Foundations", "version": "1.0.0", @@ -13,6 +23,10 @@ "reference": "4.1.5" } ], + "references":[ + "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", "path": "sqldatabase.subscriptions.id.servers.id", From 3613c670c31306ad074cce7b07d25a2f295b8c47 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Fri, 5 Mar 2021 16:22:39 -0500 Subject: [PATCH 563/979] Enhancement/azure sql 4.3.3 to 4.3.8 (#1156) * refactor sql facade code * added rules 4.3.3 to 4.3.8 from azure cis sql section Co-authored-by: Sophie Co-authored-by: xnkevinnguyen --- ...esqldatabase.subscriptions.id.servers.html | 30 ++++++++++++++++ .../azure/facade/postgresqldatabse.py | 13 +++++++ .../configuration_connection_throttling.py | 21 +++++++++++ .../configuration_log_checkpoints.py | 21 +++++++++++ .../configuration_log_connections.py | 21 +++++++++++ .../configuration_log_disconnections.py | 21 +++++++++++ .../configuration_log_duration.py | 21 +++++++++++ .../configuration_log_retention_days.py | 21 +++++++++++ .../postgresqldatabase/postgresql_servers.py | 16 +++++++++ ...-servers-connection-throttling-not-on.json | 28 +++++++++++++++ ...tabase-servers-log-checkpoints-not-on.json | 28 +++++++++++++++ ...tabase-servers-log-connections-not-on.json | 28 +++++++++++++++ ...ase-servers-log-disconnections-not-on.json | 28 +++++++++++++++ ...-database-servers-log-duration-not-on.json | 28 +++++++++++++++ ...ervers-log-retention-days-less-than-4.json | 28 +++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 36 +++++++++++++++++++ .../azure/rules/rulesets/default.json | 36 +++++++++++++++++++ ScoutSuite/utils.py | 2 +- 18 files changed, 426 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html new file mode 100644 index 000000000..41b2745ea --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html @@ -0,0 +1,30 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/azure/facade/postgresqldatabse.py b/ScoutSuite/providers/azure/facade/postgresqldatabse.py index 1744f5571..8c9cde498 100644 --- a/ScoutSuite/providers/azure/facade/postgresqldatabse.py +++ b/ScoutSuite/providers/azure/facade/postgresqldatabse.py @@ -24,3 +24,16 @@ async def get_servers(self, subscription_id: str): except Exception as e: print_exception(f'Failed to retrieve postgresSQL servers: {e}') return [] + + async def get_config(self, resource_group_name, server_name, + subscription_id: str, configuration_name: str): + try: + client = self.get_client(subscription_id) + val = await run_concurrently( + lambda: client.configurations.get(resource_group_name, server_name, configuration_name) + ) + return val + except Exception as e: + print_exception(f'Failed to retrieve server configuration: {e}') + return [] + diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py new file mode 100644 index 000000000..5bbaac28c --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_connection_throttling.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationConnectionThrottling(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'connection_throttling') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py new file mode 100644 index 000000000..2b74cfbf1 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_checkpoints.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationLogCheckpoints(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'log_checkpoints') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py new file mode 100644 index 000000000..4aadc0a3e --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_connections.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationLogConnections(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'log_connections') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py new file mode 100644 index 000000000..2e011bbc9 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_disconnections.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationLogDisconnections(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'log_disconnections') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py new file mode 100644 index 000000000..0839969e0 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_duration.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationLogDuration(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'log_duration') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py new file mode 100644 index 000000000..8fc480bd7 --- /dev/null +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/configuration_log_retention_days.py @@ -0,0 +1,21 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ConfigurationLogRetentionDays(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + configuration = await self.facade.postgresqldatabase.get_config(self.resource_group_name, self.server_name, + self.subscription_id, 'log_retention_days') + self._parse_configuration(configuration) + + def _parse_configuration(self, configuration): + self.update({ + 'value': configuration.value + }) diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py index 83b4ced36..6fb1b9466 100644 --- a/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py @@ -3,9 +3,25 @@ from ScoutSuite.providers.azure.utils import get_resource_group_name from ScoutSuite.providers.utils import get_non_provider_id +from .configuration_connection_throttling import ConfigurationConnectionThrottling + +from .configuration_log_checkpoints import ConfigurationLogCheckpoints +from .configuration_log_connections import ConfigurationLogConnections +from .configuration_log_disconnections import ConfigurationLogDisconnections +from .configuration_log_duration import ConfigurationLogDuration +from .configuration_log_retention_days import ConfigurationLogRetentionDays + + class PostgreSQLServers(AzureCompositeResources): _children = [ + (ConfigurationLogCheckpoints, 'log_checkpoints'), + (ConfigurationLogConnections, 'log_connections'), + (ConfigurationLogDisconnections, 'log_disconnections'), + (ConfigurationLogDuration, 'log_duration'), + (ConfigurationConnectionThrottling, 'connection_throttling'), + (ConfigurationLogRetentionDays, 'log_retention_days') + ] def __init__(self, facade: AzureFacade, subscription_id: str): diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json new file mode 100644 index 000000000..512ce8077 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Connection Throttling Not Set To 'ON'", + "rationale": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages which in turn generates query and error logs with respect to concurrent connections, that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for connection_throttling.
    5. Click ON and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.7" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.connection_throttling.value", + "equal", + "off" + ] + ], + "id_suffix": "server_connection_throttling_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json new file mode 100644 index 000000000..0256a5cc5 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Log Checkpoints Not Set To 'ON'", + "rationale": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_checkpoints.
    5. Click ON and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.3" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.log_checkpoints.value", + "equal", + "off" + ] + ], + "id_suffix": "server_log_checkpoints_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json new file mode 100644 index 000000000..35df67259 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Log Connections Not Set To 'ON'", + "rationale": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_connection.
    5. Click ON and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.4" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.log_connections.value", + "equal", + "off" + ] + ], + "id_suffix": "server_log_connections_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json new file mode 100644 index 000000000..d460cbbaf --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Log Disconnections Not Set To 'ON'", + "rationale": "Enabling log_disconnectionshelps PostgreSQL Database to Logs end of a session, including duration, which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_disconnection.
    5. Click ON and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.5" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.log_disconnections.value", + "equal", + "off" + ] + ], + "id_suffix": "server_log_disconnections_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json new file mode 100644 index 000000000..3c442dd76 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Log Duration Not Set To 'ON'", + "rationale": "Enabling log_duration helps the PostgreSQL Database to Logs the duration of each completed SQL statement which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_duration.
    5. Click ON and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.6" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.log_duration.value", + "equal", + "off" + ] + ], + "id_suffix": "server_log_duration_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json new file mode 100644 index 000000000..191247c08 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json @@ -0,0 +1,28 @@ +{ + "description": "Server Parameter Log Retention Days Less Than 4", + "rationale": "Enabling log_retention_days helps PostgreSQL Database to Sets number of days a log file is retained which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for retention_days.
    5. Enter value in range 4-7 (inclusive) and save.
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.8" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.log_retention_days.value", + "lessThan", + "4" + ] + ], + "id_suffix": "server_log_retention_days_value" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index dd32feeef..dfb7462a0 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -87,6 +87,42 @@ "enabled": true, "level": "warning" } + ], + "postgresql-database-servers-log-checkpoints-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-connections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-disconnections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-duration-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-connection-throttling-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-retention-days-less-than-4.json": [ + { + "enabled": true, + "level": "warning" + } ], "mysql-database-servers-ssl-enforcement-disabled.json": [ { diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 165a0cfa2..8a7d3a33c 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -366,6 +366,42 @@ "level": "warning" } ], + "postgresql-database-servers-log-checkpoints-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-connections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-disconnections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-duration-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-connection-throttling-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-retention-days-less-than-4.json": [ + { + "enabled": true, + "level": "warning" + } + ], "mysql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index c90700314..21173b66b 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -47,8 +47,8 @@ 'appservice': 'App Services', 'loadbalancer': 'Load Balancer', 'virtualmachines': 'Virtual Machines', - 'mysqldatabase': 'MySQL Database', 'postgresqldatabase': 'PostgresSQL Database', + 'mysqldatabase': 'MySQL Database', 'loggingmonitoring': 'Logging Monitoring', # GCP 'cloudstorage': 'Cloud Storage', From d389be188ae96e428486b4c66012bca8b2ff11d1 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Wed, 10 Mar 2021 18:29:35 -0500 Subject: [PATCH 564/979] Enhancement/azure sql 4.2.5 to 4.2.8 (#1157) * refactor sql facade code * remove extra function * add rules 4.2.5, 4.2.6, 4.2.7 and 4.2.8 from cis azure * remove line * fix small mistake and missing highlighting in the html * fix description title to some rule * fix merge conflict * fix partial html Co-authored-by: Sophie --- ....sqldatabase.subscriptions.id.servers.html | 24 ++++++++------ .../providers/azure/facade/sqldatabase.py | 10 ++++++ .../server_vulnerability_assessments.py | 26 ++++++++++++++++ .../azure/resources/sqldatabase/servers.py | 2 ++ ...rs-vulnerability-assessments-disabled.json | 31 +++++++++++++++++++ ...-email-notif-to-admins-owners-not-set.json | 31 +++++++++++++++++++ ...ulnerability-recurring-scans-disabled.json | 31 +++++++++++++++++++ ...y-send-scan-reports-to-not-configured.json | 31 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 25 +++++++++++++++ .../azure/rules/rulesets/default.json | 25 +++++++++++++++ 10 files changed, 227 insertions(+), 9 deletions(-) create mode 100644 ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py create mode 100644 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json create mode 100644 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json create mode 100644 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json create mode 100644 ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html index b1a9ca740..ebcf5b42c 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.sqldatabase.subscriptions.id.servers.html @@ -10,11 +10,17 @@

    Information

    Azure Active Directory Admin: {{value_or_none ad_admin.login}}
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    Auditing retention period: {{ auditing.retention_days }}
    +
    Advanced Threat Protection (ATP): {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    Advanced Threat Protection (ATP) alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    Send Advanced Threat Protection (ATP) alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    Advanced Threat Protection (ATP) retention period: {{ threat_detection.retention_days }}
    +
    Storage account name: {{server_vulnerability.storage_account_name }}
    +
    Send email notification to admins and subscription owners: {{convert_bool_to_enabled server_vulnerability.email_subscription_admin }}
    +
    Periodic recurring scans: {{convert_bool_to_enabled server_vulnerability.recurring_scans_enabled }}
    +
    Send scan report to is configured: {{server_vulnerability.send_scan_reports_to_not_empty}}
    +
    TDE server key type: {{ encryption_protectors.server_key_type }}
    Tags: @@ -35,14 +41,14 @@

    SQL Databases

    {{#each databases}}
    Database name: {{@key}}
    -
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    -
    Auditing retention period: {{ auditing.retention_days }}
    -
    Threat detection: {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    -
    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    -
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    -
    Threat detection retention period: {{ threat_detection.retention_days }}
    -
    Transparent data encryption: {{ convert_bool_to_enabled transparent_data_encryption_enabled }}
    -
    Geo-replication configured: {{ replication_configured }}
    +
    Auditing: {{ convert_bool_to_enabled auditing.auditing_enabled }}
    +
    Auditing retention period: {{ auditing.retention_days }}
    +
    Threat detection: {{ convert_bool_to_enabled threat_detection.threat_detection_enabled }}
    +
    Threat detection alerts: {{ convert_bool_to_enabled threat_detection.alerts_enabled }}
    +
    Send threat detection alerts: {{ convert_bool_to_enabled threat_detection.send_alerts_enabled }}
    +
    Threat detection retention period: {{ threat_detection.retention_days }}
    +
    Transparent data encryption: {{ convert_bool_to_enabled transparent_data_encryption_enabled }}
    +
    Geo-replication configured: {{ replication_configured }}
    Tags: {{#each tags}}
    SQL Databases
    None
    {{/each}}
    -
    Resource group: {{value_or_none resource_group_name}}
    +
    Resource group: {{value_or_none resource_group_name}}
    {{/each}}
    diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index a1e285165..1c3af4a47 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -115,6 +115,16 @@ async def get_database_transparent_data_encryptions(self, resource_group_name, s print_exception(f'Failed to retrieve database transparent data encryptions: {e}') return [] + async def get_server_vulnerability_assessments(self, resource_group_name, server_name, + subscription_id: str): + try: + client = self.get_client(subscription_id) + return await run_concurrently( + lambda: client.server_vulnerability_assessments.get(resource_group_name, server_name, 'default') + ) + except Exception as e: + print_exception(f'Failed to retrieve server vulnerability assessments: {e}') + async def get_server_encryption_protectors(self, resource_group_name, server_name, subscription_id: str): try: client = self.get_client(subscription_id) diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py b/ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py new file mode 100644 index 000000000..647e5147b --- /dev/null +++ b/ScoutSuite/providers/azure/resources/sqldatabase/server_vulnerability_assessments.py @@ -0,0 +1,26 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class ServerVulnerabilityAssessments(AzureResources): + + def __init__(self, facade: AzureFacade, resource_group_name: str, server_name: str, subscription_id: str): + super().__init__(facade) + self.resource_group_name = resource_group_name + self.server_name = server_name + self.subscription_id = subscription_id + + async def fetch_all(self): + server_vulnerability = await self.facade.sqldatabase.get_server_vulnerability_assessments( + self.resource_group_name, self.server_name, self.subscription_id) + self._parse_vulnerabilities(server_vulnerability) + + def _parse_vulnerabilities(self, vulnerability): + self.update({ + 'storage_account_name': vulnerability.name, + 'recurring_scans_enabled': vulnerability.recurring_scans.is_enabled, + 'send_scan_reports_to_not_empty': vulnerability.recurring_scans.emails != [], + 'email_subscription_admin': vulnerability.recurring_scans.email_subscription_admins + }) + + diff --git a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py index 36b35aa34..e4c319ee9 100755 --- a/ScoutSuite/providers/azure/resources/sqldatabase/servers.py +++ b/ScoutSuite/providers/azure/resources/sqldatabase/servers.py @@ -7,6 +7,7 @@ from .server_azure_ad_administrators import ServerAzureAdAdministrators from .server_blob_auditing_policies import ServerBlobAuditingPolicies from .server_security_alert_policies import ServerSecurityAlertPolicies +from .server_vulnerability_assessments import ServerVulnerabilityAssessments from .server_encryption_protectors import ServerEncryptionProtectors from .firewall_rules import FirewallRules @@ -17,6 +18,7 @@ class Servers(AzureCompositeResources): (ServerAzureAdAdministrators, None), (ServerBlobAuditingPolicies, 'auditing'), (ServerSecurityAlertPolicies, 'threat_detection'), + (ServerVulnerabilityAssessments, 'server_vulnerability'), (ServerEncryptionProtectors, 'encryption_protectors'), (FirewallRules, 'firewall_rules') ] diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json new file mode 100644 index 000000000..a09d3825c --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json @@ -0,0 +1,31 @@ +{ + "description": "Vulnerability Assessment (VA) Is Disabled on SQL Servers", + "rationale": "Enabling Advanced Data Security on a SQL server does not enables Vulnerability Assessment capability for individual SQL databases unless storage account is set to store the scanning data and reports.", + "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, Click Storage Accounts
    6. Choose Storage Account (Existing or Create New). Click Ok
    7. Click Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.5" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.server_vulnerability.storage_account_name", + "null", + "" + ] + ], + "id_suffix": "server_vulnerability_storage_account_name" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json new file mode 100644 index 000000000..25635c629 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json @@ -0,0 +1,31 @@ +{ + "description": "Send Email Notifications To Admins And Subscription Owners Is Not Set on SQL Servers", + "rationale": "ADS -VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.", + "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, set Storage Accounts if not already
    6. Check/enable 'Also send email notifications to admins and subscription owners'
    7. Click Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.8" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.server_vulnerability.email_subscription_admin", + "false", + "" + ] + ], + "id_suffix": "server_vulnerability_email_subscription_admin" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json new file mode 100644 index 000000000..5c13dfcb5 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json @@ -0,0 +1,31 @@ +{ + "description": "Periodic Recurring Scans Is Disabled on SQL Servers", + "rationale": "ADS -VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases. Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.", + "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, set Storage Accounts if not already
    6. Toggle 'Periodic recurring scans' ton ON
    7. Click Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.6" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.server_vulnerability.recurring_scans_enabled", + "false", + "" + ] + ], + "id_suffix": "server_vulnerability_recurring_scans_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json new file mode 100644 index 000000000..3aab8f438 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json @@ -0,0 +1,31 @@ +{ + "description": "Send Scan Report To Is Not Configured on SQL Servers", + "rationale": "ADS -VA scan reports and alerts will be sent to email ids configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.", + "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, set Storage Accounts if not already
    6. Configure email ids for concerned data owners/stakeholders at 'Send scan reports to'
    7. Click Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.7" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.server_vulnerability.send_scan_reports_to_not_empty", + "false", + "" + ] + ], + "id_suffix": "server_vulnerability_send_scan_reports_to_not_empty" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index dfb7462a0..d1e34dd58 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -76,6 +76,18 @@ "level": "warning" } ], + "sqldatabase-servers-vulnerability-assessments-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ { "enabled": true, @@ -88,6 +100,13 @@ "level": "warning" } ], + + "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ + { + "enabled": true, + "level": "warning" + } + ], "postgresql-database-servers-log-checkpoints-not-on.json": [ { "enabled": true, @@ -112,6 +131,12 @@ "level": "warning" } ], + "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ + { + "enabled": true, + "level": "warning" + } + ], "postgresql-database-servers-connection-throttling-not-on.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 8a7d3a33c..6e29ba4b4 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -279,12 +279,37 @@ "level": "warning" } ], + "sqldatabase-servers-vulnerability-assessments-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ + { "enabled": true, "level": "warning" } ], + "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-allow-any-ip.json": [ { "enabled": true, From 2361aa2d36012166737199c3ebbe663504fad7a1 Mon Sep 17 00:00:00 2001 From: xga Date: Thu, 11 Mar 2021 10:00:45 +0100 Subject: [PATCH 565/979] Add finding --- ...queue-server-side-encryption-disabled.json | 20 +++++++++++++++++++ .../providers/aws/rules/rulesets/default.json | 6 ++++++ .../aws/rules/rulesets/detailed.json | 6 ++++++ 3 files changed, 32 insertions(+) create mode 100644 ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json new file mode 100644 index 000000000..53b4703b6 --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json @@ -0,0 +1,20 @@ +{ + "description": "Queue with Encryption Disabled", + "rationale": "SQS Server-Side Encryption ensures that the contents of messages in queues are encrypted.", + "references": [ + "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html", + "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html" + ], + "dashboard_name": "Queues", + "display_path": "sqs.regions.id.queues.id", + "path": "sqs.regions.id.queues.id", + "conditions": [ + "and", + [ + "sqs.regions.id.queues.id.kms_master_key_id", + "null", + "" + ] + ], + "id_suffix": "server-side-encryption-disabled" +} diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index af10954c6..3e986a574 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -1222,6 +1222,12 @@ "level": "danger" } ], + "sqs-queue-server-side-encryption-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqs-queue-world-policy.json": [ { "args": [ diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index d396afed5..e8adbee37 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -1257,6 +1257,12 @@ "level": "danger" } ], + "sqs-queue-server-side-encryption-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqs-queue-world-policy.json": [ { "args": [ From fadccf80945c422ed6e87e0eeb64e56a519172a1 Mon Sep 17 00:00:00 2001 From: Christopher Eck Date: Thu, 11 Mar 2021 17:59:06 -0800 Subject: [PATCH 566/979] Stop reporting KMS keys as having rotation disabled when they're pending deletion --- ScoutSuite/providers/aws/resources/kms/keys.py | 3 ++- .../aws/rules/findings/kms-cmk-rotation-disabled.json | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py index b136917fd..6d1e038b4 100755 --- a/ScoutSuite/providers/aws/resources/kms/keys.py +++ b/ScoutSuite/providers/aws/resources/kms/keys.py @@ -34,7 +34,8 @@ async def _parse_key(self, raw_key): if 'metadata' in raw_key: key_dict['creation_date'] = raw_key['metadata']['KeyMetadata']['CreationDate'] if \ raw_key['metadata']['KeyMetadata']['CreationDate'] else None - key_dict['key_enabled'] = False if raw_key['metadata']['KeyMetadata']['KeyState'] == 'Disabled' else True + key_dict['key_enabled'] = False if raw_key['metadata']['KeyMetadata']['KeyState'] in \ + ['Disabled', 'PendingDeletion'] else True key_dict['description'] = raw_key['metadata']['KeyMetadata']['Description'] if len( raw_key['metadata']['KeyMetadata']['Description'].strip()) > 0 else None key_dict['origin'] = raw_key['metadata']['KeyMetadata']['Origin'] if len( diff --git a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json index f754079fa..8b2c1dffb 100644 --- a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json @@ -41,6 +41,11 @@ "kms.regions.id.keys.id.key_manager", "equal", "CUSTOMER" + ], + [ + "kms.regions.id.keys.id.key_enabled", + "true", + "" ] ], "id_suffix": "rotation_enabled" From dfe126d9183015f2cb0b1c942e555ac28f1453d3 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Mon, 15 Mar 2021 13:30:42 -0400 Subject: [PATCH 567/979] Enhancement/azure sql 4.3.1 (#1177) * refactor sql facade code * added the base template for the new ressource postgres sql * added rules 4.3.3 to 4.3.8 from azure cis sql section * added rule 4.3.1 from azure cis Co-authored-by: Sophie Co-authored-by: xnkevinnguyen --- ...esqldatabase.subscriptions.id.servers.html | 2 + .../azure/facade/postgresqldatabse.py | 5 +- .../postgresqldatabase/postgresql_servers.py | 3 +- ...base-servers-ssl-enforcement-disabled.json | 27 +++++++ .../azure/rules/rulesets/cis-1.2.0.json | 78 ++++++++++--------- .../azure/rules/rulesets/default.json | 7 ++ 6 files changed, 82 insertions(+), 40 deletions(-) create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html index 41b2745ea..125d5ea5d 100644 --- a/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html @@ -7,6 +7,8 @@

    {{name}}

    Information

    SQL Server Name: {{name}}
    + +
    Server SSL connection enforcement: {{ssl_enforcement}}
    Log checkpoint server parameter: {{log_checkpoints.value}}
    Log connections server parameter: {{log_connections.value}}
    Log disconnections server parameter: {{log_disconnections.value}}
    diff --git a/ScoutSuite/providers/azure/facade/postgresqldatabse.py b/ScoutSuite/providers/azure/facade/postgresqldatabse.py index 8c9cde498..c32b18384 100644 --- a/ScoutSuite/providers/azure/facade/postgresqldatabse.py +++ b/ScoutSuite/providers/azure/facade/postgresqldatabse.py @@ -11,8 +11,8 @@ def __init__(self, credentials): def get_client(self, subscription_id: str): client = PostgreSQLManagementClient(self.credentials.get_credentials(), - subscription_id=subscription_id, - user_agent=get_user_agent()) + subscription_id=subscription_id, + user_agent=get_user_agent()) return client async def get_servers(self, subscription_id: str): @@ -36,4 +36,3 @@ async def get_config(self, resource_group_name, server_name, except Exception as e: print_exception(f'Failed to retrieve server configuration: {e}') return [] - diff --git a/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py b/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py index 6fb1b9466..90f30e59b 100644 --- a/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py +++ b/ScoutSuite/providers/azure/resources/postgresqldatabase/postgresql_servers.py @@ -21,7 +21,6 @@ class PostgreSQLServers(AzureCompositeResources): (ConfigurationLogDuration, 'log_duration'), (ConfigurationConnectionThrottling, 'connection_throttling'), (ConfigurationLogRetentionDays, 'log_retention_days') - ] def __init__(self, facade: AzureFacade, subscription_id: str): @@ -46,6 +45,8 @@ def _parse_server(self, raw_server): server['id'] = get_non_provider_id(raw_server.id) server['name'] = raw_server.name server['resource_group_name'] = get_resource_group_name(raw_server.id) + server['ssl_enforcement'] = raw_server.ssl_enforcement + if raw_server.tags is not None: server['tags'] = ["{}:{}".format(key, value) for key, value in raw_server.tags.items()] else: diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json new file mode 100644 index 000000000..d23192245 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json @@ -0,0 +1,27 @@ +{ + "description": "Enforce SSL Connection Is Disabled For PostgreSQL Database Server", + "rationale": "SSL connectivity helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \"man in the middle\" attacks by encrypting the data stream between the server and application.", + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Connection security
    4. In SSL settings.
    5. Click Enabled to Enforce SSL connection
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.3.1" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "postgresqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "postgresqldatabase.subscriptions.id.servers.id.ssl_enforcement", + "equal", + "Disabled" + ] + ], + "id_suffix": "ssl_enforcement" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index d1e34dd58..beb79e886 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -76,6 +76,48 @@ "level": "warning" } ], + "postgresql-database-servers-log-checkpoints-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-connections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-disconnections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-duration-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-connection-throttling-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-retention-days-less-than-4.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-servers-vulnerability-assessments-disabled.json": [ { "enabled": true, @@ -107,48 +149,12 @@ "level": "warning" } ], - "postgresql-database-servers-log-checkpoints-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-connections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-disconnections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-duration-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-connection-throttling-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-retention-days-less-than-4.json": [ - { - "enabled": true, - "level": "warning" - } - ], "mysql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 6e29ba4b4..b9efb414e 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -427,6 +427,13 @@ "level": "warning" } ], + + "postgresql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "mysql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, From 09bd40a37c534581178f1d32505d2a87048fe58e Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Mon, 15 Mar 2021 13:37:35 -0400 Subject: [PATCH 568/979] Enhancement/azure sql 4.3.9 (#1178) * refactor sql facade code * added the base template for the new ressource postgres sql * added rules 4.3.3 to 4.3.8 from azure cis sql section * added rule 4.3.9 from azure cis Co-authored-by: Sophie Co-authored-by: xnkevinnguyen --- ...esqldatabase.subscriptions.id.servers.html | 15 +++++++++- .../azure/facade/postgresqldatabse.py | 10 +++++++ .../posgresql_firewall_rules.py | 27 +++++++++++++++++ .../postgresqldatabase/postgresql_servers.py | 4 +++ ...tgresql-database-servers-allow-any-ip.json | 29 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 10 +++++++ .../azure/rules/rulesets/default.json | 6 ++++ 7 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/azure/resources/postgresqldatabase/posgresql_firewall_rules.py create mode 100644 ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html index 125d5ea5d..4617e86cf 100644 --- a/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html +++ b/ScoutSuite/output/data/html/partials/azure/services.postgresqldatabase.subscriptions.id.servers.html @@ -6,8 +6,8 @@

    {{name}}

    Information

    -
    SQL Server Name: {{name}}
    +
    PostgreSQL Server Name: {{name}}
    Server SSL connection enforcement: {{ssl_enforcement}}
    Log checkpoint server parameter: {{log_checkpoints.value}}
    Log connections server parameter: {{log_connections.value}}
    @@ -17,6 +17,19 @@

    Information

    Log retention days server parameter: {{log_retention_days.value}}
    + +
    +

    PostgreSQL Firewall Rules

    +
    + {{#each postgresql_firewall_rules}} + {{name}} +
    +
    PostgreSQL Firewall rule start IP: {{start_ip}}
    +
    PostgreSQL Firewall rule end IP: {{end_ip}}
    +
    + {{/each}} +
    +
    - - - - - - diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html new file mode 100644 index 000000000..05f66bb72 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html index 1439731b2..37676ce00 100644 --- a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_alerts.html @@ -5,7 +5,14 @@

    {{name}}

    Information

    -
    Name: {{value_or_none name}}
    +
    Create Policy Assignment activity log alert exist: {{value_or_none create_policy_assignment_exist}}
    +
    Create or update Network Security Group activity log alert exist: {{value_or_none create_update_NSG_exist}}
    +
    Delete Network Security Group activity log alert exist: {{value_or_none delete_NSG_exist}}
    +
    Create or update Network Security Group Rule activity log alert exist: {{value_or_none create_update_NSG_rule_exist}}
    +
    Delete Network Security Group Rule activity log alert exist: {{value_or_none delete_NSG_rule_exist}}
    +
    Create or update Security Solution activity log alert exist: {{value_or_none create_update_security_solution_exist}}
    +
    Delete Security Solution activity log alert exist: {{value_or_none delete_security_solution_exist}}
    +
    Create our update or delete SQL Server Firewall Rule activity log alert exist: {{value_or_none create_delete_firewall_rule_exist}}
    diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_profiles.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_profiles.html new file mode 100644 index 000000000..4bbd85121 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.log_profiles.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.resources_logging.html b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.resources_logging.html new file mode 100644 index 000000000..3d8462155 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.loggingmonitoring.subscriptions.id.resources_logging.html @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/azure/facade/base.py b/ScoutSuite/providers/azure/facade/base.py index 2ab585d24..b209e2e43 100755 --- a/ScoutSuite/providers/azure/facade/base.py +++ b/ScoutSuite/providers/azure/facade/base.py @@ -3,6 +3,7 @@ from ScoutSuite.providers.azure.facade.rbac import RBACFacade from ScoutSuite.providers.azure.facade.keyvault import KeyVaultFacade from ScoutSuite.providers.azure.facade.network import NetworkFacade +from ScoutSuite.providers.azure.facade.resourcemanagement import ResourceManagementFacade from ScoutSuite.providers.azure.facade.securitycenter import SecurityCenterFacade from ScoutSuite.providers.azure.facade.sqldatabase import SQLDatabaseFacade from ScoutSuite.providers.azure.facade.storageaccounts import StorageAccountsFacade @@ -58,6 +59,7 @@ def __init__(self, self.mysqldatabase = MySQLDatabaseFacade(credentials) self.postgresqldatabase = PostgreSQLDatabaseFacade(credentials) self.loggingmonitoring = LoggingMonitoringFacade(credentials) + self.resourcemanagement = ResourceManagementFacade(credentials) # Instantiate facades for proprietary services try: diff --git a/ScoutSuite/providers/azure/facade/loggingmonitoring.py b/ScoutSuite/providers/azure/facade/loggingmonitoring.py index ce0da072b..261e803dc 100644 --- a/ScoutSuite/providers/azure/facade/loggingmonitoring.py +++ b/ScoutSuite/providers/azure/facade/loggingmonitoring.py @@ -26,15 +26,26 @@ async def get_log_profiles(self, subscription_id: str): print_exception(f'Failed to retrieve log profiles: {e}') return [] - async def get_diagnostic_settings(self, subscription_id: str): + async def get_subscription_diagnostic_settings(self, subscription_id: str): try: client = self.get_client(subscription_id) diagnostic_settings = await run_concurrently( - lambda: client.subscription_diagnostic_settings.list(subscription_id) + lambda: client.subscription_diagnostic_settings.list(subscription_id).value ) - return diagnostic_settings.value + return diagnostic_settings except Exception as e: - print_exception(f'Failed to retrieve diagnostic settings: {e}') + print_exception(f'Failed to retrieve subscription diagnostic settings: {e}') + return [] + + async def get_diagnostic_settings(self, subscription_id: str, resource_id: str): + try: + client = self.get_client(subscription_id) + diagnostic_settings = await run_concurrently( + lambda: client.diagnostic_settings.list(resource_id).value + ) + return diagnostic_settings + except Exception as e: + print_exception(f'Failed to retrieve resource diagnostic settings: {e}') return [] async def get_activity_log_alerts(self, subscription_id: str): diff --git a/ScoutSuite/providers/azure/facade/resourcemanagement.py b/ScoutSuite/providers/azure/facade/resourcemanagement.py new file mode 100644 index 000000000..bdf897636 --- /dev/null +++ b/ScoutSuite/providers/azure/facade/resourcemanagement.py @@ -0,0 +1,41 @@ +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.core.console import print_exception +from ScoutSuite.utils import get_user_agent +from azure.mgmt.resource import ResourceManagementClient + + +class ResourceManagementFacade: + + def __init__(self, credentials): + self.credentials = credentials + + def get_client(self, subscription_id: str): + client = ResourceManagementClient(self.credentials.get_credentials(), + subscription_id=subscription_id, + user_agent=get_user_agent()) + return client + + async def get_specific_type_resources_with_filter(self, subscription_id: str, resource_type_filter: str): + try: + type_filter = " and ".join([ + f'resourceType eq \'{resource_type_filter}\'' + ]) + client = self.get_client(subscription_id) + resource = await run_concurrently( + lambda: list(client.resources.list(filter=type_filter)) + ) + return resource + except Exception as e: + print_exception(f'Failed to retrieve key vault resources: {e}') + return [] + + async def get_all_resources(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + resource = await run_concurrently( + lambda: list(client.resources.list()) + ) + return resource + except Exception as e: + print_exception(f'Failed to retrieve resources: {e}') + return [] diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index daa659048..5e89baf76 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -190,13 +190,21 @@ "logging": { "loggingmonitoring": { "resources": { - "diagnostic": { + "resources_logging": { "cols": 2, - "path": "services.loggingmonitoring.subscriptions.id.diagnostic" + "path": "services.loggingmonitoring.subscriptions.id.resources_logging" }, "log_alerts": { "cols": 2, "path": "services.loggingmonitoring.subscriptions.id.log_alerts" + }, + "diagnostic_settings": { + "cols": 2, + "path": "services.loggingmonitoring.subscriptions.id.diagnostic_settings" + }, + "log_profiles": { + "cols": 2, + "path": "services.loggingmonitoring.subscriptions.id.log_profiles" } } } diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py index 46fb5df13..132b84422 100644 --- a/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/activity_log_alerts.py @@ -9,16 +9,43 @@ def __init__(self, facade: AzureFacade, subscription_id: str): self.subscription_id = subscription_id async def fetch_all(self): - for log_alert in await self.facade.loggingmonitoring.get_activity_log_alerts(self.subscription_id): - id, log_alerts = self._parse_log_alerts(log_alert) - self[id] = log_alerts - - def _parse_log_alerts(self, log_alert): - log_alert_dict = {} - - log_alert_dict['id'] = log_alert.id - log_alert_dict['name'] = log_alert.name - - return log_alert_dict['id'], log_alert_dict - - + log_alerts = await self.facade.loggingmonitoring.get_activity_log_alerts(self.subscription_id) + self[self.subscription_id] = self._parse_log_alerts(log_alerts) + + def _parse_log_alerts(self, log_alerts): + log_alerts_dict = {} + log_alerts_dict['create_policy_assignment_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Authorization' + '/policyAssignments/write') + log_alerts_dict['create_update_NSG_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Network/networkSecurityGroups' + '/write') + log_alerts_dict['delete_NSG_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Network/networkSecurityGroups/delete') + log_alerts_dict['create_update_NSG_rule_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Network' + '/networkSecurityGroups' + '/securityRules/write') + log_alerts_dict['delete_NSG_rule_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Network/networkSecurityGroups' + '/securityRules/delete') + log_alerts_dict['create_update_security_solution_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Security' + '/securitySolutions/write') + log_alerts_dict['delete_security_solution_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Security' + '/securitySolutions/delete') + log_alerts_dict['create_delete_firewall_rule_exist'] = self.ensure_alert_exist(log_alerts, + 'Microsoft.Sql/servers' + '/firewallRules/write') + + return log_alerts_dict + + def ensure_alert_exist(self, log_alerts, equals_value: str): + for log_alert in log_alerts: + if log_alert.location == 'Global' and log_alert.enabled: + if '/subscriptions/' + self.subscription_id in log_alert.scopes: + for condition in log_alert.condition.all_of: + if condition.field == 'operationName' and condition.equals == equals_value: + return True + return False diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py index 07129776d..b3eba9d08 100644 --- a/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/base.py @@ -3,12 +3,14 @@ from .log_profiles import LogProfiles from .diagnostic_settings import DiagnosticSettings from .activity_log_alerts import ActivityLogAlerts +from.resources import Resources class LoggingMonitoring(Subscriptions): _children = [ (LogProfiles, 'log_profiles'), (DiagnosticSettings, 'diagnostic_settings'), - (ActivityLogAlerts, 'log_alerts') + (ActivityLogAlerts, 'log_alerts'), + (Resources, 'resources_logging') ] diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_resource_key_vault.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_resource_key_vault.py new file mode 100644 index 000000000..c58867eea --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_resource_key_vault.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureResources + + +class DiagnosticResourceKeyVault(AzureResources): + + def __init__(self, facade: AzureFacade, resource_id: str, subscription_id: str): + super().__init__(facade) + self.resource_id = resource_id + self.subscription_id = subscription_id + + async def fetch_all(self): + diagnostic_settings = await self.facade.loggingmonitoring.get_diagnostic_settings(self.subscription_id, + self.resource_id) + self._parse_diagnostic_settings(diagnostic_settings) + + def _parse_diagnostic_settings(self, diagnostic_settings): + self.update({ + 'audit_event_enabled': self.ensure_audit_event_enabled(diagnostic_settings) + }) + + def ensure_audit_event_enabled(self, diagnostic_settings): + for diagnostic_setting in diagnostic_settings: + for log in diagnostic_setting.logs: + if log.category == 'AuditEvent' and log.enabled and log.retention_policy.days > 0: + return True + return False diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py index 789748bba..da3a9d1cf 100644 --- a/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/diagnostic_settings.py @@ -9,17 +9,7 @@ def __init__(self, facade: AzureFacade, subscription_id: str): self.subscription_id = subscription_id async def fetch_all(self): - for diagnostic_setting in await self.facade.loggingmonitoring.get_diagnostic_settings(self.subscription_id): - id, diagnostic_settings = self._parse_diagnostic_settings(diagnostic_setting) - self[id] = diagnostic_settings - - def _parse_diagnostic_settings(self, diagnostic_setting): - diagnostic_setting_dict = {} - - diagnostic_setting_dict['id'] = diagnostic_setting.id - diagnostic_setting_dict['name'] = diagnostic_setting.name - diagnostic_setting_dict['storage_account_id'] = diagnostic_setting.storage_account_id - - return diagnostic_setting_dict['id'], diagnostic_setting_dict - - + diagnostic_dict = {} + diagnostic_dict['diagnostic_exist'] = await self.facade.loggingmonitoring.get_subscription_diagnostic_settings( + self.subscription_id) != [] + self[self.subscription_id] = diagnostic_dict diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py new file mode 100644 index 000000000..8df6f44da --- /dev/null +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py @@ -0,0 +1,36 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.azure.resources.base import AzureCompositeResources +from .diagnostic_resource_key_vault import DiagnosticResourceKeyVault + + +class Resources(AzureCompositeResources): + _children = [ + (DiagnosticResourceKeyVault, 'diagnostic_key_vault'), + ] + + def __init__(self, facade: AzureFacade, subscription_id: str): + super().__init__(facade) + self.subscription_id = subscription_id + + async def fetch_all(self): + for raw_resource in await self.facade.resourcemanagement.get_specific_type_resources_with_filter( + self.subscription_id, 'Microsoft.KeyVault/vaults'): + id, resource = self._parse_resource(raw_resource) + self[id] = resource + + await self._fetch_children_of_all_resources( + resources=self, + scopes={resource_id: {'resource_id': resource['id'], + 'subscription_id': self.subscription_id} + for (resource_id, resource) in self.items()} + ) + + def _parse_resource(self, raw_resource): + resource = {} + resource['id'] = raw_resource.id + resource['name'] = raw_resource.name + if raw_resource.tags is not None: + resource['tags'] = ["{}:{}".format(key, value) for key, value in raw_resource.tags.items()] + else: + resource['tags'] = [] + return resource['id'], resource \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json new file mode 100644 index 000000000..cfb5e1eb8 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json @@ -0,0 +1,28 @@ +{ + "description": "Diagnostic Setting Does Not Exist", + "rationale": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", + "remediation": "In the Azure console:
    1. Go to Diagnostic settings
    2. Click on Add diagnostic setting.
    4. Add rules to allow traffic from specific network.
      5. Configure the setting including the export location (This may be Log Analytics/Storage account or Event Hub)
    5. Click on Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.1" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", + "https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" + ], + "dashboard_name": "Diagnostic Settings", + "path": "loggingmonitoring.subscriptions.id.diagnostic_settings.id", + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.diagnostic_settings.id.diagnostic_exist", + "false", + "" + ] + ], + "id_suffix": "diagnostic_exist" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json new file mode 100644 index 000000000..48b9d0fbc --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json @@ -0,0 +1,35 @@ +{ + "description": "Activity Log Alert Does Not Exist For Create Policy Assignment", + "rationale": "Monitoring for \"Create Policy Assignment\" events gives insight into changes done in \"azure policy -assignments\" and can reduce the time it takes to detect unsolicited changes.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.2.1" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist", + "null", + "" + ] + ], + "id_suffix": "create_policy_assignment_exist" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json new file mode 100644 index 000000000..8737d947a --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json @@ -0,0 +1,41 @@ +{ + "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "rationale": "Monitoring for \"_ARG_0_\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "_ARG_1_" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "null", + "" + ] + ], + "id_suffix": "_ARG_2_", + "key": "_ARG_2_", + "arg_names": [ + "Event", + "Associated CIS rule", + "Dictionary Value" + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json new file mode 100644 index 000000000..2886759d6 --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json @@ -0,0 +1,41 @@ +{ + "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "rationale": "Monitoring for \"_ARG_0_\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "_ARG_1_" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "null", + "" + ] + ], + "id_suffix": "_ARG_2_", + "key": "_ARG_2_", + "arg_names": [ + "Event", + "Associated CIS rule", + "Dictionary Value" + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json new file mode 100644 index 000000000..81378b1ad --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json @@ -0,0 +1,27 @@ +{ + "description": "Logging For Azure Key Vault Is Disabled", + "rationale": "Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.", + "remediation": "Follow Microsoft Azure documentation and setup Azure Key Vault Logging.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.5" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Key Vaults", + "path": "loggingmonitoring.subscriptions.id.resources_logging.id" , + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.resources_logging.id.diagnostic_key_vault.audit_event_enabled", + "false", + "" + ] + ], + "id_suffix": "diagnostic_key_vault_audit_event_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json new file mode 100644 index 000000000..bf0d01eda --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json @@ -0,0 +1,27 @@ +{ + "description": "Audit Profile Does Not Capture All Activities", + "rationale": "A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories \"write\", \"delete\" and \"action\" ensures that all the control/management plane activities performed on the subscription are exported.", + "remediation": "On Azure portal there is no provision to check or set categories.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.2" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Profile", + "path": "loggingmonitoring.subscriptions.id.log_profiles.id" , + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.log_profiles.id.captures_all_activities", + "false", + "" + ] + ], + "id_suffix": "captures_all_activities" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 84528e8bf..3f337f4cf 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -152,7 +152,6 @@ "level": "warning" } ], - "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ { "enabled": true, @@ -170,6 +169,97 @@ "enabled": true, "level": "warning" } + ], + "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-nsg.json": [ + { + "args": [ + "Create/Update Network Security Group", + "5.2.2", + "create_update_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group", + "5.2.3", + "delete_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update Network Security Group Rule", + "5.2.4", + "create_update_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group Rule", + "5.2.5", + "delete_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update/Delete SQL Server Firewall Rule", + "5.2.8", + "create_delete_firewall_rule_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-security-solution.json": [ + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-logging-key-vault-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-profile-does-not-capture-all-activities.json": [ + { + "enabled": true, + "level": "warning" + } ] } } diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index a9262b160..ee02ec850 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -79,6 +79,97 @@ "level": "warning" } ], + "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-nsg.json": [ + { + "args": [ + "Create/Update Network Security Group", + "5.2.2", + "create_update_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group", + "5.2.3", + "delete_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update Network Security Group Rule", + "5.2.4", + "create_update_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group Rule", + "5.2.5", + "delete_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update/Delete SQL Server Firewall Rule", + "5.2.8", + "create_delete_firewall_rule_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-security-solution.json": [ + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-logging-key-vault-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-profile-does-not-capture-all-activities.json": [ + { + "enabled": true, + "level": "warning" + } + ], "network-security-groups-rule-inbound-internet-all.json": [ { "enabled": true, From fd266bc90a52ff1c7fbf4d08025be37c20ddc788 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Thu, 18 Mar 2021 10:39:44 -0400 Subject: [PATCH 571/979] Enhancement/azure security refactor (#1190) * refactored rules of security center section * refactor rule 2.12 Co-authored-by: Sophie --- .../securitycenter-auto-provisioning-off.json | 17 ++++++++++++++++- ...ycenter-security-contacts-email-not-set.json | 13 ++++++++++++- ...y-contacts-no-admin-email-notifications.json | 13 ++++++++++++- ...ecurity-contacts-no-email-notifications.json | 13 ++++++++++++- ...ecuritycenter-standard-tier-not-enabled.json | 12 +++++++++++- 5 files changed, 63 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json index b5f11b254..dd8f95a38 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json @@ -1,13 +1,28 @@ { "description": "No Automatic Provisioning of Monitoring Agent", - "rationale": "Automatic provisioning of monitoring agent should be set.", + "rationale": "When Automatic provisioning of monitoring agentis turned on, Azure Security Center provisions the Microsoft Monitoring Agent on all existing supported Azure virtual machines and any new ones that are created. The Microsoft Monitoring Agent scans for various security-related configurations and events such as system updates, OS vulnerabilities, endpoint protection, and provides alerts.", + "remediation": "From Azure console:
    1. Go to Security Center
    2. Click on Pricing & Settings
    3. Click on subscription
    4. Click on Data Collection
    5. Set Automatic provisioning to On
    6. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "2.2" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.9" } ], + "references": [ + "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", + "https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection", + "https://docs.microsoft.com/en-us/previous-versions/azure/reference/mt704062(v=azure.100)?redirectedfrom=MSDN", + "https://docs.microsoft.com/en-us/previous-versions/azure/reference/mt704063(v=azure.100)?redirectedfrom=MSDN", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + ], "dashboard_name": "Security Center", "display_path": "securitycenter.subscriptions.id.auto_provisioning_settings", "path": "securitycenter.subscriptions.id.auto_provisioning_settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json index 98a2cf740..92854b27f 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json @@ -1,13 +1,24 @@ { "description": "No Security Contact Email Set", - "rationale": "At least one security contact email should be set.", + "rationale": "Azure Security Center emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.", + "remediation": "From Azure console:
    1. Go to Security Center
    2. Click on Pricing & Settings
    3. Click on the appropriate Management Group, Subscription, or Workspace
    4. Click on Email notifications
    5. Enter a valid security contact email address (or multiple addresses separated by commas) in the Additional email addresses field
    6. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "2.16" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.11" } ], + "references": [ + "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + ], "dashboard_name": "Security contacts", "display_path": "securitycenter.subscriptions.id.security_contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json index fc54c2db8..365a98184 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json @@ -1,13 +1,24 @@ { "description": "\"Sending Email to Security Contact on Alert\" Is \"Off\"", - "rationale": "Set 'Send email to subscription owners' to \"On\".", + "rationale": "Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.", + "remediation": "From Azure console:
    1. Go to Security Center
    2. Click on Pricing & Settings
    3. Click on the appropriate Management Group, Subscription, or Workspace
    4. Click on Email notifications
    5. In the drop down of the All users with the following roles field select Owner
    6. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "2.19" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.13" } ], + "references": [ + "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + ], "dashboard_name": "Security contacts", "display_path": "securitycenter.subscriptions.id.security_contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json index 262feafbe..0a7040192 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json @@ -1,13 +1,24 @@ { "description": "\"Sending Email to Administrators on Alert\" Is \"Off\"", - "rationale": "Set the 'Send Me Email About Alerts' to \"On\".", + "rationale": "Enabling securityalert emails ensures that security alert emails are received from Microsoft. This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.", + "remediation": "From Azure console:
    1. Go to Security Center
    2. Click on Pricing & Settings
    3. Click on the appropriate Management Group, Subscription, or Workspace
    4. Click on Email notifications
    5. Under 'Notification types', check the check box next to Notify about alerts with the following severity (or higher): and select High from the drop down menu
    6. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "2.18" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.12" } ], + "references": [ + "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + ], "dashboard_name": "Security contacts", "display_path": "securitycenter.subscriptions.id.security_contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json index 4ed566b53..018c7d529 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json @@ -1,13 +1,23 @@ { "description": "Standard Tier Not Enabled", - "rationale": "Enable Standard Tier pricing for Security Center.", + "rationale": "Enabling Azure Defender allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).", + "remediation": "From Azure console:
    1. Go to Security Center
    2. Click on Pricing & Settings
    3. Click on the subscription name
    4. Select Azure Defender plans blade
    5. On the line in the table for the resource type Select On under Plan
    6. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "2.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.1 to 2.6" } ], + "references": [ + "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list", + "https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview" + ], "dashboard_name": "Pricings", "display_path": "securitycenter.subscriptions.id.pricings.id", "path": "securitycenter.subscriptions.id.pricings.id", From 0cfe310186a89154458a6fbd1c7cd1c7e59b9a3d Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Thu, 18 Mar 2021 10:45:48 -0400 Subject: [PATCH 572/979] added rule 2.7 and 2.8 from azure cis security center section (#1191) Co-authored-by: Sophie --- ...uritycenter.subscriptions.id.settings.html | 25 ++++++++++++++ ScoutSuite/providers/azure/metadata.json | 4 +++ .../azure/resources/securitycenter/base.py | 4 +-- .../resources/securitycenter/settings.py | 4 +++ ...er-settings-MCAS-integration-disabled.json | 33 +++++++++++++++++++ ...r-settings-WDATP-integration-disabled.json | 33 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 12 +++++++ .../azure/rules/rulesets/default.json | 12 +++++++ 8 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html create mode 100644 ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json create mode 100644 ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html new file mode 100644 index 000000000..161bb2e73 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/azure/services.securitycenter.subscriptions.id.settings.html @@ -0,0 +1,25 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/providers/azure/metadata.json b/ScoutSuite/providers/azure/metadata.json index 5e89baf76..b35f9b7ec 100755 --- a/ScoutSuite/providers/azure/metadata.json +++ b/ScoutSuite/providers/azure/metadata.json @@ -115,6 +115,10 @@ "regulatory_compliance_results": { "cols": 2, "path": "services.securitycenter.subscriptions.id.regulatory_compliance_results" + }, + "settings": { + "cols": 2, + "path": "services.securitycenter.subscriptions.id.settings" } } } diff --git a/ScoutSuite/providers/azure/resources/securitycenter/base.py b/ScoutSuite/providers/azure/resources/securitycenter/base.py index f922ac7a5..1fe9dedc1 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/base.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/base.py @@ -5,7 +5,7 @@ # from .alerts import Alerts from .security_contacts import SecurityContacts # from .information_protection_policies import InformationProtectionPolicies -# from .settings import Settings +from .settings import Settings from .compliance_results import ComplianceResults from .regulatory_compliance_results import RegulatoryComplianceResults @@ -17,7 +17,7 @@ class SecurityCenter(Subscriptions): # (Alerts, 'alerts'), # FIXME this needs to be tested with alert results... (SecurityContacts, 'security_contacts'), # (InformationProtectionPolicies, 'information_protection_policies'), # FIXME this isn't properly implemented - # (Settings, 'settings') # FIXME this isn't implemented + (Settings, 'settings'), (ComplianceResults, 'compliance_results'), (RegulatoryComplianceResults, 'regulatory_compliance_results') ] diff --git a/ScoutSuite/providers/azure/resources/securitycenter/settings.py b/ScoutSuite/providers/azure/resources/securitycenter/settings.py index b4d87f03f..26f9f6c4e 100755 --- a/ScoutSuite/providers/azure/resources/securitycenter/settings.py +++ b/ScoutSuite/providers/azure/resources/securitycenter/settings.py @@ -16,4 +16,8 @@ async def fetch_all(self): def _parse_settings(self, settings): settings_dict = {} + settings_dict['id'] = settings.id + settings_dict['name'] = settings.name + settings_dict['kind'] = settings.kind + settings_dict['enabled'] = settings.enabled return settings_dict['id'], settings_dict diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json new file mode 100644 index 000000000..aa5802d9d --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Microsoft Cloud App Security (MCAS) Is Disabled", + "rationale": "Security Center offers an additional layer of protection by using Azure Resource Manager events, which is considered to be the control plane for Azure. By analyzing the Azure Resource Manager records, Security Center detects unusual or potentially harmful operations in the Azure subscription environment. Several of the preceding analytics are powered by Microsoft Cloud App Security.", + "remediation": "From Azure console:
    1. Go to Azure Security Center
    2. Select Security policy blade
    3. Click on Edit Settings to alter the the security policy for a subscription
    4. Select the Threat Detection blade
    5. Check/Enable option Allow Microsoft Cloud App Security to access my data
    6. Select Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.8" + } + ], + "references": [ + "https://docs.microsoft.com/en-in/azure/security-center/azure-defender#azure-management-layer-azure-resource-manager-preview", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/update" + ], + "dashboard_name": "Security Settings", + "path": "securitycenter.subscriptions.id.settings.id", + "conditions": [ + "and", + [ + "securitycenter.subscriptions.id.settings.id.name", + "equal", + "MCAS" + ], + [ + "securitycenter.subscriptions.id.settings.id.enabled", + "false", + "" + ] + ], + "id_suffix": "enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json new file mode 100644 index 000000000..716f6b66b --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Windows Defender ATP (WDATP) Is Disabled", + "rationale": "WDATP integration brings comprehensive Endpoint Detection and Response (EDR) capabilities within security center. This integration helps to spot abnormalities, detect and respond to advanced attacks on Windows server endpoints monitored by Azure Security Center. Windows Defender ATP in Security Center supports detection on Windows Server 2016, 2012 R2, and 2008 R2 SP1 operating systems in a Standard service subscription.", + "remediation": "From Azure console:
    1. Go to Azure Security Center
    2. Select Security policy blade
    3. Click on Edit Settings to alter the the security policy for a subscription
    4. Select the Threat Detection blade
    5. Check/Enable option Allow Windows Defender ATP to access my data
    6. Select Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "2.7" + } + ], + "references": [ + "https://docs.microsoft.com/en-in/azure/security-center/security-center-wdatp", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list", + "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/update" + ], + "dashboard_name": "Security Settings", + "path": "securitycenter.subscriptions.id.settings.id", + "conditions": [ + "and", + [ + "securitycenter.subscriptions.id.settings.id.name", + "equal", + "WDATP" + ], + [ + "securitycenter.subscriptions.id.settings.id.enabled", + "false", + "" + ] + ], + "id_suffix": "enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 3f337f4cf..3350e2648 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -170,6 +170,18 @@ "level": "warning" } ], + "securitycenter-settings-MCAS-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "securitycenter-settings-WDATP-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index ee02ec850..0f9bff352 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -274,6 +274,18 @@ "level": "warning" } ], + "securitycenter-settings-MCAS-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "securitycenter-settings-WDATP-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-databases-auditing-low-retention.json": [ { "args": [ From 7d701fa0643c0fd000e22d6a90dd9c7e4420cedc Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Sun, 21 Mar 2021 12:39:43 -0400 Subject: [PATCH 573/979] Add 9.11 (#1185) --- ....appservice.subscriptions.id.web_apps.html | 1 + .../azure/resources/appservice/web_apps.py | 1 + .../appservice-ftp-deployment-enabled.json | 29 ++ .../azure/rules/rulesets/cis-1.2.0.json | 348 +++++++++--------- .../azure/rules/rulesets/default.json | 6 + 5 files changed, 212 insertions(+), 173 deletions(-) create mode 100755 ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html index 0e0d7fa06..f752286a1 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html +++ b/ScoutSuite/output/data/html/partials/azure/services.appservice.subscriptions.id.web_apps.html @@ -33,6 +33,7 @@

    Configuration

    HTTPS-Only Traffic: {{convert_bool_to_enabled https_only}}
    HTTPS 2.0 Support: {{convert_bool_to_enabled http_2_enabled}}
    HTTP Logging: {{convert_bool_to_enabled http_logging_enabled}}
    +
    FTP Deployment : {{convert_bool_to_enabled ftp_deployment_enabled}}
    Minimum TLS Version Supported: {{value_or_none minimum_tls_version_supported}}
    Client Certificates: {{convert_bool_to_enabled client_cert_enabled}}
    diff --git a/ScoutSuite/providers/azure/resources/appservice/web_apps.py b/ScoutSuite/providers/azure/resources/appservice/web_apps.py index 28ff42175..ccbf3ee41 100755 --- a/ScoutSuite/providers/azure/resources/appservice/web_apps.py +++ b/ScoutSuite/providers/azure/resources/appservice/web_apps.py @@ -72,6 +72,7 @@ def _parse_web_app(self, raw_web_app): web_app_dict['minimum_tls_version_supported'] = raw_web_app.config.min_tls_version web_app_dict['http_2_enabled'] = raw_web_app.config.http20_enabled web_app_dict['http_logging_enabled'] = raw_web_app.config.http_logging_enabled + web_app_dict['ftp_deployment_enabled'] = raw_web_app.config.ftps_state == 'AllAllowed' if raw_web_app.config.linux_fx_version: web_app_dict['programming_language'] = raw_web_app.config.linux_fx_version.split('|')[0].lower() diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json new file mode 100755 index 000000000..d781a766c --- /dev/null +++ b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json @@ -0,0 +1,29 @@ +{ + "description": "FTP Deployment Enabled", + "rationale": "Azure FTP deployment endpoints are public. An attacker listening to traffic on a wifi network used by a remote employee or a corporate network could see login traffic in clear-text which would then grant them full control of the code base of the app or service. This finding is more severe if User Credentials for deployment are set at the subscription level rather than using the default Application Credentials which are unique per App.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on an App
      3. \n
    3. Select Settings > Configuration
      4. \n
    4. Under Platform Settings, FTP state should be Disabled or FTPS Only
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.20", + "reference": "9.11" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp", + "https://docs.microsoft.com/en-us/azure/app-service/overview-security", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.ftp_deployment_enabled", + "true", + "" + ] + ], + "id_suffix": "ftp_deployment_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 3350e2648..e78770595 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -2,11 +2,11 @@ "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", "rules": { "aad-users-create-security-groups-disabled.json": [ - { - "enabled": true, - "level": "danger" - } - ], + { + "enabled": true, + "level": "danger" + } + ], "storageaccount-encrypted-not-customer-managed.json": [ { "enabled": true, @@ -32,22 +32,22 @@ } ], "virtual-machines-os-data-encrypted-cmk.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "virtual-machines-unattached-disks-encrypted-cmk.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "rbac-custom-subscription-owner-role-not-allowed.json": [ - { - "enabled": true, - "level": "danger" - } + { + "enabled": true, + "level": "danger" + } ], "rbac-administering-resource-locks-assigned.json": [ { @@ -77,201 +77,203 @@ } ], "postgresql-database-servers-log-checkpoints-not-on.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "postgresql-database-servers-log-connections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "postgresql-database-servers-log-disconnections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "postgresql-database-servers-log-duration-not-on.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "postgresql-database-servers-connection-throttling-not-on.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "postgresql-database-servers-log-retention-days-less-than-4.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], - "postgresql-database-servers-allow-any-ip.json": [ { - "enabled": true, - "level": "warning" - } + "enabled": true, + "level": "warning" + } ], - "postgresql-database-servers-ssl-enforcement-disabled.json": [ - - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "sqldatabase-servers-vulnerability-assessments-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-allow-any-ip.json": [ - - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-allow-any-ip.json": [ + { + "enabled": true, + "level": "warning" + } ], "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ - { - "enabled": true, - "level": "warning" - } - ], + { + "enabled": true, + "level": "warning" + } + ], "mysql-database-servers-ssl-enforcement-disabled.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "securitycenter-settings-MCAS-integration-disabled.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "securitycenter-settings-WDATP-integration-disabled.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "logging-monitoring-log-alert-not-exist-nsg.json": [ - { - "args": [ - "Create/Update Network Security Group", - "5.2.2", - "create_update_NSG_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Network Security Group", - "5.2.3", - "delete_NSG_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Create/Update Network Security Group Rule", - "5.2.4", - "create_update_NSG_rule_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Network Security Group Rule", - "5.2.5", - "delete_NSG_rule_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Create/Update/Delete SQL Server Firewall Rule", - "5.2.8", - "create_delete_firewall_rule_exist" - ], - "enabled": true, - "level": "warning" - } + { + "args": [ + "Create/Update Network Security Group", + "5.2.2", + "create_update_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group", + "5.2.3", + "delete_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update Network Security Group Rule", + "5.2.4", + "create_update_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group Rule", + "5.2.5", + "delete_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update/Delete SQL Server Firewall Rule", + "5.2.8", + "create_delete_firewall_rule_exist" + ], + "enabled": true, + "level": "warning" + } ], "logging-monitoring-log-alert-not-exist-security-solution.json": [ - { - "args": [ - "Create/Update Security Solution", - "5.2.6", - "create_update_security_solution_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Security Solution", - "5.2.7", - "delete_security_solution_exist" - ], - "enabled": true, - "level": "warning" - } + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } ], "logging-monitoring-logging-key-vault-disabled.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "logging-monitoring-diagnostic-setting-does-not-exist.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } ], "logging-monitoring-profile-does-not-capture-all-activities.json": [ - { - "enabled": true, - "level": "warning" - } + { + "enabled": true, + "level": "warning" + } + ], + "appservice-ftp-deployment-enabled.json": [ + { + "enabled": true, + "level": "warning" + } ] } } diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 0f9bff352..e5fcaf871 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -37,6 +37,12 @@ "level": "danger" } ], + "appservice-ftp-deployment-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "appservice-managed-service-identities-disabled.json": [ { "enabled": true, From 4e1b38f80d030e79820c54a41979e0633c65a385 Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Sun, 21 Mar 2021 12:51:12 -0400 Subject: [PATCH 574/979] Add 8.4 (#1169) --- ...ices.keyvault.subscriptions.id.vaults.html | 1 + .../azure/resources/keyvault/vaults.py | 6 +++- .../findings/keyvault-not-recoverable.json | 28 +++++++++++++++++++ .../azure/rules/rulesets/cis-1.2.0.json | 7 +++++ .../azure/rules/rulesets/default.json | 6 ++++ 5 files changed, 47 insertions(+), 1 deletion(-) create mode 100755 ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json diff --git a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html index 033cdf5fc..f2134819e 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html +++ b/ScoutSuite/output/data/html/partials/azure/services.keyvault.subscriptions.id.vaults.html @@ -8,6 +8,7 @@

    Information

    ID: {{ id }}
    Location: {{value_or_none location}}
    Public Access: {{ convert_bool_to_enabled public_access_allowed }}
    +
    Vault Recoverable: {{ recovery_protection_enabled }}
    Tags: {{#each tags}}
    az resource update --id /subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups//providers/Microsoft.KeyVault /vaults/ --set properties.enablePurgeProtection=true properties.enableSoftDelete=true
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "8.4" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli", + "https://blogs.technet.microsoft.com/kv/2017/05/10/azure-key-vault-recovery-options/", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "keyvault.subscriptions.id.vaults.id", + "conditions": [ + "and", + [ + "keyvault.subscriptions.id.vaults.id.recovery_protection_enabled", + "false", + "" + ] + ], + "id_suffix": "recovery_protection_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index e78770595..73a17ba76 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -7,6 +7,12 @@ "level": "danger" } ], + "keyvault-not-recoverable.json": [ + { + "enabled": true, + "level": "warning" + } + ], "storageaccount-encrypted-not-customer-managed.json": [ { "enabled": true, @@ -112,6 +118,7 @@ "level": "warning" } ], + "postgresql-database-servers-allow-any-ip.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index e5fcaf871..0aa113c0f 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -85,6 +85,12 @@ "level": "warning" } ], + "keyvault-not-recoverable.json": [ + { + "enabled": true, + "level": "warning" + } + ], "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ { "enabled": true, From b60a5fcce89d29d0ee8a4016ad64671fb1ad46f5 Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Sun, 21 Mar 2021 12:57:09 -0400 Subject: [PATCH 575/979] Update 9.1 to 9.10 (#1184) --- .../appservice-authentication-disabled.json | 56 ++++--- ...pservice-client-certificates-disabled.json | 53 ++++--- .../findings/appservice-http-2-disabled.json | 54 ++++--- .../findings/appservice-http-allowed.json | 7 +- ...e-managed-service-identities-disabled.json | 62 ++++---- .../appservice-outdated-version-dotnet.json | 66 ++++---- .../appservice-outdated-version-java.json | 13 +- .../appservice-outdated-version-php.json | 70 +++++---- .../appservice-outdated-version-python.json | 71 +++++---- .../findings/appservice-tls-v1-supported.json | 53 ++++--- .../azure/rules/rulesets/cis-1.2.0.json | 145 ++++++++++++------ 11 files changed, 384 insertions(+), 266 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json index 2c1e794c4..2806f06b3 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json @@ -1,26 +1,34 @@ { - "description": "App Service Authentication Disabled", - "rationale": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.", - "remediation": "By Enabling App Service Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles authentication of users with the specified provider (Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter), validation, storing and refreshing of tokens, managing the authenticated sessions and injecting identity information into request headers.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.1" - } - ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-overview" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.authentication_enabled", - "false", - "" - ] - ], - "id_suffix": "authentication_enabled" + "description": "App Service Authentication Disabled", + "rationale": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Authentication / Authorization
      4. \n
    4. Set App Service Authentication to On
      5. \n
    5. Choose other parameters as per your requirement and Click on Save
      6. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.1" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-overview", + "https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.authentication_enabled", + "false", + "" + ] + ], + "id_suffix": "authentication_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json index 7868b97f6..2123218d7 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json @@ -1,26 +1,31 @@ { - "description": "Client Certificates Disabled", - "rationale": "Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.", - "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under \"Setting\", section, Click on \"SSL settings\",
    5. Set \"Incoming client certificates\", to \"On\", under Protocol \"Settings\" section
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.4" - } - ], - "references": [ - "https://docs.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.client_cert_enabled", - "false", - "" - ] - ], - "id_suffix": "client_cert_enabled" + "description": "Client Certificates Disabled", + "rationale": "Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Ensure that the option Client certificate mode located under Incoming client certificates is set to Require
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.4" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.4" + } + ], + "references": [ + "https://docs.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.client_cert_enabled", + "false", + "" + ] + ], + "id_suffix": "client_cert_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json index 90294e9fe..9bd3fadc9 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json @@ -1,26 +1,32 @@ { - "description": "HTTP 2.0 Disabled", - "rationale": "Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.

    Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.

    HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.", - "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under \"Setting\" section, Click on \"Application settings\"
    5. Ensure that \"HTTP Version\" set to \"2.0\" version under \"General settings\"
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.10" - } - ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.http_2_enabled", - "false", - "" - ] - ], - "id_suffix": "http_2_enabled" + "description": "HTTP 2.0 Disabled", + "rationale": "Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.

    Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.

    HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.", + "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under \"Setting\" section, Click on \"Application settings\"
    5. Ensure that \"HTTP Version\" set to \"2.0\" version under \"General settings\"
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.10" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.10" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.http_2_enabled", + "false", + "" + ] + ], + "id_suffix": "http_2_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json index 931cc92d5..364c5b5d0 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json @@ -1,8 +1,13 @@ { "description": "HTTP Traffic Allowed", "rationale": "Azure Web Apps allows sites to run under both HTTP and HTTPS by default. Web apps can be accessed by anyone using non-secure HTTP links by default. Non-secure HTTP requests can be restricted and all HTTP requests redirected to the secure HTTPS port.", - "remediation": "It is recommended to enforce HTTPS-only traffic.", + "remediation": "In the Azure console:\n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on SSL settings
      4. \n
    4. Set HTTPS Only to On under Protocol Settings section
      5. \n
    ", "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.2" + }, { "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json index 35d9e19d3..9e835bfad 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json @@ -1,31 +1,37 @@ { - "description": "Managed Service Identities Disabled", - "rationale": "Managed service identity in App Service makes the app more secure by eliminating secrets from the app, such as credentials in the connection strings. When registering with Azure Active Directory in the app service, the app will connect to other Azure services securely without the need of username and passwords.", - "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under the \"Setting\" section, Click on \"Identity\"
    5. Ensure that \"Status\" set to On\"
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.5" - } + "description": "Managed Service Identities Disabled", + "rationale": "App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.", + "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under the \"Setting\" section, Click on \"Identity\"
    5. Ensure that \"Status\" set to On\"
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.5" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.5" + } + ], + "references": [ + "https://docs.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.identity", + "notNull", + "" ], - "references": [ - "https://docs.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.identity", - "notNull", - "" - ], - [ - "appservice.subscriptions.id.web_apps.id.identity.principal_id", - "null", - "" - ] - ], - "id_suffix": "identity.managed_principal_id" + [ + "appservice.subscriptions.id.web_apps.id.identity.principal_id", + "null", + "" + ] + ], + "id_suffix": "identity.managed_principal_id" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json index 71aaa9d7f..c1511aae0 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json @@ -1,33 +1,39 @@ { - "description": "Web App Running an Outdated .Net Framework Version", - "rationale": "Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Set .Net Framework version to latest version available under General settings of the management console", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.8" - } + "description": "Web App Running an Outdated .Net Framework Version", + "rationale": "Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Command Line:\n
      \n
    1. To see the list of supported runtimes
      2. \n az webapp list-runtimes | grep aspnet\n
    2. To set latest .NET Framework version for an existing app, run the following command:
      3. \n az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --net-framework-version <VERSION>\n
    3. Use .NET Framework as, 'v4.0' for .NET 4.6 and 'v3.0' for .NET 3.5.
      4. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.6" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.6" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "dotnet" ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "dotnet" - ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "v4.0" - ] - ] - ], - "id_suffix": "programming_language_version" + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "v4.0" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json index 5b579240a..d5609b92c 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json @@ -1,16 +1,23 @@ { "description": "Web App Running an Outdated Java Version", "rationale": "Periodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to to take advantage of security fixes, if any, and/or new functionalities of the latest version.", - "remediation": "Set Java Framework version to latest version available under General settings of the management console", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Application Settings
      4. \n
    4. Set Java version to latest version available under General Settings
      5. \n
    5. Set Java minor version to latest version available
      6. \n
    6. Set Java web container to the latest version of web container available
      7. \n NOTE: No action is required if Java version is set to Off \n
    ", "compliance": [ { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.9" + }, + { + "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", - "reference": "9.6" + "reference": "9.9" } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" + "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json index 6cd4804bd..82c6d842d 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json @@ -1,35 +1,41 @@ { - "description": "Web App Running an Outdated PHP Version", - "rationale": "Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Set PHP version to latest version available under General settings of the management console", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.7" - } + "description": "Web App Running an Outdated PHP Version", + "rationale": "Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Set PHP version to latest version available under General Settings
      5. \n NOTE: No action is required if PHP version is set to Off \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.7" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.7" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "php" ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "php" - ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "7.2", - "7.3", - "7.4" - ] - ] - ], - "id_suffix": "programming_language_version" + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "7.2", + "7.3", + "7.4" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json index c33c66c75..64fda7b89 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json @@ -1,36 +1,41 @@ { - "description": "Web App Running an Outdated Python Version", - "rationale": "Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Set Python version to latest version available under General settings of the management console", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.8" - } + "description": "Web App Running an Outdated Python Version", + "rationale": "Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Application Settings
      4. \n
    4. Set Python version to latest version available under General Settings
      5. \n NOTE: No action is required if Python version is set to Off\n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.8" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.8" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "python" ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "python" - ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "3.6", - "3.7", - "3.8", - "3.9" - ] - ] - ], - "id_suffix": "programming_language_version" + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "3.6", + "3.7", + "3.8", + "3.9" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json index 24fb4c711..dc13f3207 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json @@ -1,26 +1,31 @@ { - "description": "Insecure TLS Version Supported", - "rationale": "The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.", - "remediation": "App service currently allows the web app to set TLS versions 1.0, 1.1 and 1.2. It is highly recommended to use the latest TLS 1.2 version for web app secure connections.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.3" - } - ], - "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.minimum_tls_version_supported", - "notEqual", - "1.2" - ] - ], - "id_suffix": "minimum_tls_supported" + "description": "Insecure TLS Version Supported", + "rationale": "The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on SSL settings
      4. \n
    4. Set Minimum TLS Version to 1.2 under Protocol Settings section
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.3" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.3" + } + ], + "references": [ + "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.minimum_tls_version_supported", + "notEqual", + "1.2" + ] + ], + "id_suffix": "minimum_tls_supported" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 73a17ba76..d0bf9df8f 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -88,6 +88,12 @@ "level": "warning" } ], + "postgresql-database-servers-allow-any-ip.json": [ + { + "enabled": true, + "level": "warning" + } + ], "postgresql-database-servers-log-connections-not-on.json": [ { "enabled": true, @@ -118,14 +124,13 @@ "level": "warning" } ], - - "postgresql-database-servers-allow-any-ip.json": [ + "postgresql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-ssl-enforcement-disabled.json": [ + "appservice-authentication-disabled.json": [ { "enabled": true, "level": "warning" @@ -161,18 +166,42 @@ "level": "warning" } ], + "appservice-client-certificates-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ { "enabled": true, "level": "warning" } ], + "appservice-http-2-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "mysql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, "level": "warning" } ], + "appservice-http-allowed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "appservice-managed-service-identities-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "securitycenter-settings-MCAS-integration-disabled.json": [ { "enabled": true, @@ -238,49 +267,79 @@ "level": "warning" } ], - "logging-monitoring-log-alert-not-exist-security-solution.json": [ - { - "args": [ - "Create/Update Security Solution", - "5.2.6", - "create_update_security_solution_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Security Solution", - "5.2.7", - "delete_security_solution_exist" - ], - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-logging-key-vault-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-diagnostic-setting-does-not-exist.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-profile-does-not-capture-all-activities.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-ftp-deployment-enabled.json": [ + "appservice-outdated-version-dotnet.json": [ { "enabled": true, "level": "warning" } ] - } + }, + "logging-monitoring-log-alert-not-exist-security-solution.json": [ + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-java.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-logging-key-vault-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-php.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-python.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-profile-does-not-capture-all-activities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-tls-v1-supported.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-ftp-deployment-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ] } From 798f41d17f22b520b4592180a21021600b53fcf1 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Mon, 22 Mar 2021 11:32:04 -0400 Subject: [PATCH 576/979] refactor gcp storage 5.1 and added 5.2 (#1210) Co-authored-by: Sophie --- .../findings/cloudstorage-bucket-member.json | 10 ++++-- ...-uniform-bucket-level-access-disabled.json | 34 +++++++++++++++++++ ...store-redis-instance-ssl-not-required.json | 1 - .../gcp/rules/rulesets/cis-1.1.0.json | 12 +++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++ 5 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudstorage-uniform-bucket-level-access-disabled.json create mode 100644 ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json index 538c967de..b9d7f332d 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json @@ -1,17 +1,23 @@ { "description": "Bucket Accessible by \"_ARG_0_\"", "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access bucket content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a bucket is not allowed.", - "remediation": "No role should contain \"allUsers\" and/or \"allAuthenticatedUsers\" as a member.", + "remediation": "\"From console:
    1. Go to Storage browser by visiting https://console.cloud.google.com/storage/browser.
    2. Click on the bucket name to go to its Bucket details page.
    3. Click on the Permissions tab.
    4. Click Delete button in front of allUsers and allAuthenticatedUsers to remove that particular role assignment.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", "version": "1.0.0", "reference": "5.1" + }, + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "5.1" } ], "references": [ "https://cloud.google.com/storage/docs/access-control/iam-reference", - "https://cloud.google.com/storage/docs/access-control/making-data-public" + "https://cloud.google.com/storage/docs/access-control/making-data-public", + "https://cloud.google.com/storage/docs/gsutil/commands/iam" ], "dashboard_name": "Buckets", "display_path": "cloudstorage.projects.id.buckets.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-uniform-bucket-level-access-disabled.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-uniform-bucket-level-access-disabled.json new file mode 100644 index 000000000..91c936dc0 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-uniform-bucket-level-access-disabled.json @@ -0,0 +1,34 @@ +{ + "description": "Uniform Bucket-Level Access Is Disabled", + "rationale": "It is recommended to use uniform bucket-level access to unify and simplify how you grant access to your Cloud Storage resources. In order to support a uniform permissioning system, Cloud Storage has uniform bucket-level access. Using this feature disables ACLs for all Cloud Storage resources: access to Cloud Storage resources then is granted exclusively through Cloud IAM. Enabling uniform bucket-level access guarantees that if a Storage bucket is not publicly accessible, no object in the bucket is publicly accessible either.", + "remediation": "From console:
    1. Open the Cloud Storage browser in the Google Cloud Console by visiting: https://console.cloud.google.com/storage/browser
    2. In the list of buckets, click on the name of the desired bucket.
    3. Select the Permissions tab near the top of the page.
    4. In the text box that starts with This bucket uses fine-grained access control..., click Edit.
    5. In the pop-up menu that appears, select Uniform.
    6. Click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "5.2" + } + ], + "references": [ + "https://cloud.google.com/storage/docs/uniform-bucket-level-access", + "https://cloud.google.com/storage/docs/using-uniform-bucket-level-access", + "https://cloud.google.com/storage/docs/org-policy-constraints#uniform-bucket" + ], + "dashboard_name": "Buckets", + "display_path": "cloudstorage.projects.id.buckets.id", + "path": "cloudstorage.projects.id.buckets.id", + "conditions": [ + "or", + [ + "cloudstorage.projects.id.buckets.id.uniform_bucket_level_access", + "false", + "" + ], + [ + "cloudstorage.projects.id.buckets.id.uniform_bucket_level_access", + "equal", + "None" + ] + ], + "id_suffix": "uniform_bucket_level_access" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json index 68d6a7ad5..279788987 100755 --- a/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json +++ b/ScoutSuite/providers/gcp/rules/findings/memorystore-redis-instance-ssl-not-required.json @@ -16,5 +16,4 @@ ] ], "id_suffix": "ssl_required" -}ed" } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json new file mode 100644 index 000000000..6bc3215f3 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -0,0 +1,12 @@ +{ + "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.", + "rules": { + "cloudstorage-uniform-bucket-level-access-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } + +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index bd5117f0e..954074b01 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -65,6 +65,12 @@ "level": "warning" } ], + "cloudstorage-uniform-bucket-level-access-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "computeengine-firewall-default-rule-in-use.json": [ { "enabled": true, From 3fa6e092c328d92225543cccb7d38bc10d542d78 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Thu, 25 Mar 2021 08:35:44 -0400 Subject: [PATCH 577/979] Enhancement/gcp iam 1.8 1.11 (#1212) * added rule 1.8 and 1.11 for GCP IAM section * added rules to cis-1.1.0.json * added description to the functions Co-authored-by: Sophie --- ...rojects.id.bindings_separation_duties.html | 24 +++++++ ScoutSuite/providers/gcp/metadata.json | 4 ++ .../providers/gcp/resources/iam/base.py | 4 +- .../iam/bindings_separation_duties.py | 68 +++++++++++++++++++ ...le-account-separation-duties-is-false.json | 28 ++++++++ ...m-role-kms-separation-duties-is-false.json | 26 +++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 12 ++++ .../providers/gcp/rules/rulesets/default.json | 12 ++++ 8 files changed, 177 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html create mode 100644 ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py create mode 100644 ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html new file mode 100644 index 000000000..c84003c2e --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.bindings_separation_duties.html @@ -0,0 +1,24 @@ + + + + + + + + + diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json index 4a03ca23b..e3382af73 100755 --- a/ScoutSuite/providers/gcp/metadata.json +++ b/ScoutSuite/providers/gcp/metadata.json @@ -17,6 +17,10 @@ "bindings": { "cols": 2, "path": "services.iam.projects.id.bindings" + }, + "bindings_separation_duties": { + "cols": 2, + "path": "services.iam.projects.id.bindings_separation_duties" } } }, diff --git a/ScoutSuite/providers/gcp/resources/iam/base.py b/ScoutSuite/providers/gcp/resources/iam/base.py index 8ede240e5..6544cdf95 100755 --- a/ScoutSuite/providers/gcp/resources/iam/base.py +++ b/ScoutSuite/providers/gcp/resources/iam/base.py @@ -3,6 +3,7 @@ from ScoutSuite.providers.gcp.resources.iam.users import Users from ScoutSuite.providers.gcp.resources.iam.groups import Groups from ScoutSuite.providers.gcp.resources.iam.service_accounts import ServiceAccounts +from ScoutSuite.providers.gcp.resources.iam.bindings_separation_duties import BindingsSeparationDuties class IAM(Projects): @@ -10,5 +11,6 @@ class IAM(Projects): (Bindings, 'bindings'), (Users, 'users'), (Groups, 'groups'), - (ServiceAccounts, 'service_accounts') + (ServiceAccounts, 'service_accounts'), + (BindingsSeparationDuties, 'bindings_separation_duties') ] diff --git a/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py b/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py new file mode 100644 index 000000000..cd2be9bc4 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py @@ -0,0 +1,68 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class BindingsSeparationDuties(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id) + binding_id, binding = await self._parse_binding_separation(raw_bindings) + self[binding_id] = binding + x=1 + + async def _parse_binding_separation(self, raw_bindings): + binding_dict = {} + binding_dict['id'] = self.project_id + binding_dict["account_separation_duties"] = self.ensure_seperation_duties(raw_bindings) + binding_dict["kms_separation_duties"] = self.ensure_KMS_seperation_duties(raw_bindings) + + return binding_dict['id'], binding_dict + + def ensure_seperation_duties(self, raw_bindings): + # This function checks if a member has both the iam.serviceAccountAdmin role and iam.serviceAccountUser role. + # If the roles do have a common member the function returns False + list_members_role_admin = [] + list_members_role_other = [] + for binding in raw_bindings: + role = binding['role'].split('/')[-1] + if role == 'iam.serviceAccountAdmin': + list_members_role_admin = binding['members'] + if role == 'iam.serviceAccountUser': + list_members_role_other = binding['members'] + + common_members = list(set(list_members_role_admin).intersection(list_members_role_other)) + if common_members: + return False + return True + + def ensure_KMS_seperation_duties(self, raw_bindings): + # This function checks if a member has both the cloudkms.admin role and either + # cloudkms.cryptoKeyEncrypterDecrypter, cloudkms.cryptoKeyEncrypter, cloudkms.cryptoKeyDecrypter role. + # If the roles do have a common member the function returns False + list_members_role_admin = [] + list_members_role_others = {"cloudkms.cryptoKeyEncrypterDecrypter": [], + "cloudkms.cryptoKeyEncrypter": [], + "cloudkms.cryptoKeyDecrypter": []} + for binding in raw_bindings: + role = binding['role'].split('/')[-1] + if role == 'cloudkms.admin': + list_members_role_admin = binding['members'] + if role == 'cloudkms.cryptoKeyEncrypterDecrypter': + list_members_role_others['cloudkms.cryptoKeyEncrypterDecrypter'] = binding['members'] + if role == 'cloudkms.cryptoKeyEncrypter': + list_members_role_others['cloudkms.cryptoKeyEncrypter'] = binding['members'] + if role == 'cloudkms.cryptoKeyDecrypter': + list_members_role_others['cloudkms.cryptoKeyDecrypter'] = binding['members'] + + common_members1 = list( + set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyEncrypterDecrypter'])) + common_members2 = list( + set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyEncrypter'])) + common_members3 = list( + set(list_members_role_admin).intersection(list_members_role_others['cloudkms.cryptoKeyDecrypter'])) + if common_members1 or common_members2 or common_members3: + return False + return True diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json b/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json new file mode 100644 index 000000000..011460b5e --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json @@ -0,0 +1,28 @@ +{ + "description": "Separation Of Duties Not Enforced For Service Account", + "rationale": "Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud IAM-service accounts, this could be an action such as using a service account to access resources that user should not normally have access to. No user should have Service Account Admin and Service Account User roles assigned at the same time.", + "remediation": "From console:
    1. Go to IAM & Admin/IAM using https://console.cloud.google.com/iam-admin/iam.
    2. For any member having both Service Account Admin and Service account User roles granted/assigned, click the Delete Bin icon to remove either role from the member.
      Removal of a role should be done based on the business requirements.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "1.8" + } + ], + "references": [ + "https://cloud.google.com/iam/docs/service-accounts", + "https://cloud.google.com/iam/docs/understanding-roles", + "https://cloud.google.com/iam/docs/granting-changing-revoking-access" + ], + "dashboard_name": "Project", + "path": "iam.projects.id.bindings_separation_duties.id", + "conditions": [ + "and", + [ + "iam.projects.id.bindings_separation_duties.id.account_separation_duties", + "false", + "" + ] + ], + "id_suffix": "account_separation_duties" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json b/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json new file mode 100644 index 000000000..f5b4df3ab --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json @@ -0,0 +1,26 @@ +{ + "description": "Separation Of Duties Not Enforced For KMS", + "rationale": "Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud KMS, this could be an action such as using a key to access and decrypt data a user should not normally have access to. Separation of duties is a business control typically used in larger organizations, meant to help avoid security or privacy incidents and errors. It is considered best practice.No user(s) should have Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles assigned at the same time.", + "remediation": "From console:
    1. Go to IAM & Admin/IAM using https://console.cloud.google.com/iam-admin/iam.
    2. For any member having Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles granted/assigned, click the Delete Bin icon to remove either role from the member.
      Removal of a role should be done based on the business requirements.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "1.11" + } + ], + "references": [ + "https://cloud.google.com/kms/docs/separation-of-duties" + ], + "dashboard_name": "Project", + "path": "iam.projects.id.bindings_separation_duties.id", + "conditions": [ + "and", + [ + "iam.projects.id.bindings_separation_duties.id.kms_separation_duties", + "false", + "" + ] + ], + "id_suffix": "kms_separation_duties" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index 6bc3215f3..2be8b9c7c 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -6,6 +6,18 @@ "enabled": true, "level": "warning" } + ], + "iam-role-account-separation-duties-is-false.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-role-kms-separation-duties-is-false.json": [ + { + "enabled": true, + "level": "warning" + } ] } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 954074b01..f96622667 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -200,6 +200,18 @@ "level": "warning" } ], + "iam-role-account-separation-duties-is-false.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-role-kms-separation-duties-is-false.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-basic-authentication-enabled.json": [ { "enabled": true, From e1b9e0ff368c1c071ae7f885c510a2afc1a6a071 Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Wed, 31 Mar 2021 09:30:54 -0400 Subject: [PATCH 578/979] GCP Network Benchmarks - 3.1 & 3.2 (#1214) * Finish GCP 3.1 * Benchmark 3.2 * Add legacy mode in partial --- ...es.computeengine.projects.id.networks.html | 1 + .../providers/gcp/resources/gce/networks.py | 5 +++ .../computeengine-network-default-in-use.json | 32 +++++++++++++++++++ .../computeengine-network-legacy-in-use.json | 27 ++++++++++++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 12 +++++++ .../providers/gcp/rules/rulesets/default.json | 12 +++++++ 6 files changed, 89 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json create mode 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html index ccb8c486c..f1fdb6baa 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.networks.html @@ -11,6 +11,7 @@

    Information

    Project ID: {{project_id}}
    Description: {{description}}
    Creation Date: {{format_date creation_timestamp}}
    +
    Legacy Mode: {{ legacy_mode}}

    Firewall Rules diff --git a/ScoutSuite/providers/gcp/resources/gce/networks.py b/ScoutSuite/providers/gcp/resources/gce/networks.py index fbf120323..84a97afa4 100755 --- a/ScoutSuite/providers/gcp/resources/gce/networks.py +++ b/ScoutSuite/providers/gcp/resources/gce/networks.py @@ -18,6 +18,7 @@ def _parse_network(self, raw_network): network_dict['id'] = raw_network['id'] network_dict['project_id'] = raw_network['selfLink'].split('/')[-4] network_dict['name'] = raw_network['name'] + network_dict['description'] = self._get_description(raw_network) network_dict['creation_timestamp'] = raw_network['creationTimestamp'] network_dict['auto_subnet'] = raw_network.get('autoCreateSubnetworks', None) @@ -25,6 +26,10 @@ def _parse_network(self, raw_network): network_dict['network_url'] = raw_network['selfLink'] network_dict['subnetwork_urls'] = raw_network.get('subnetworks', None) + # Network is legacy if there is no subnets + network_dict['legacy_mode'] = True \ + if raw_network.get('subnetworks', None) is None or not raw_network.get('subnetworks', None) \ + else False return network_dict['id'], network_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json new file mode 100755 index 000000000..5f5aa85ea --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json @@ -0,0 +1,32 @@ +{ + "description": "Default Network should should be removed", + "rationale": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules. These automatically created firewall rules do not get audit logged and cannot be configured to enable firewall rule logging.", + "remediation": "From Console:\n
      \n
    1. Go to VPC networks page by visiting:\n https://console.cloud.google.com/networking/networks/list\n
      2. \n
    2. Click the network named default
      3. \n
    3. On the network detail page, click EDIT
      4. \n
    4. Click DELETE VPC NETWORK
      5. \n
    5. If needed, create a new network to replace the default network
      6. \n
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "3.1" + } + ], + "dashboard_name": "Networks", + "path": "computeengine.projects.id.networks.id", + "references": [ + "https://cloud.google.com/compute/docs/networking#firewall_rules", + "https://cloud.google.com/compute/docs/reference/latest/networks/insert", + "https://cloud.google.com/compute/docs/reference/latest/networks/delete", + "https://cloud.google.com/vpc/docs/firewall-rules-logging", + "https://cloud.google.com/vpc/docs/vpc#default-network", + "https://cloud.google.com/sdk/gcloud/reference/compute/networks/delete" + ], + "conditions": [ + "and", + [ + "computeengine.projects.id.networks.id.name", + "equal", + "default" + ] + ], + "id_suffix": "name" + +} diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json new file mode 100755 index 000000000..52b6cff89 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json @@ -0,0 +1,27 @@ +{ + "description": "Legacy Network should be removed", + "rationale": "Legacy networks have a single network IPv4 prefix range and a single gateway IP address for the whole network. The network is global in scope and spans all cloud regions. Subnetworks cannot be created in a legacy network and are unable to switch from legacy to auto or custom subnet networks. Legacy networks can have an impact for high network traffic projects and are subject to a single point of contention or failure.", + "remediation": "For each Google Cloud Platform project,\n
      \n
    1. \n 1. Follow the documentation and create a non-legacy network suitable for the organization's requirements.\n
      2. \n
    2. Follow the documentation and delete the networks in the legacy mode.
      3. \n\n
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "3.2" + } + ], + "dashboard_name": "Networks", + "path": "computeengine.projects.id.networks.id", + "references": [ + "https://cloud.google.com/vpc/docs/using-legacy#creating_a_legacy_network", + "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" + ], + "conditions": [ + "and", + [ + "computeengine.projects.id.networks.id.legacy_mode", + "true", + "" + ] + ], + "id_suffix": "legacy_mode" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index 2be8b9c7c..aa1d19f54 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -7,6 +7,18 @@ "level": "warning" } ], + "computeengine-network-default-in-use.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-network-legacy-in-use.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-role-account-separation-duties-is-false.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index f96622667..aa80a6a21 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -134,6 +134,18 @@ "level": "warning" } ], + "computeengine-network-default-in-use.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-network-legacy-in-use.json": [ + { + "enabled": true, + "level": "warning" + } + ], "computeengine-old-disk-snapshot.json": [ { "enabled": true, From 29801cf7d6aadbc8c9926cfc54210db5ca4ec84f Mon Sep 17 00:00:00 2001 From: Kevin Nguyen Date: Wed, 31 Mar 2021 09:31:32 -0400 Subject: [PATCH 579/979] GCP Network -DNS zones CISv3.3 to 3.5 (#1223) * Implement dns facade for gcp * Create new partial for managed zones * Add json file to verify key strength * Correct error on partial compute * Check if api is enabled --- ...ervices.dns.projects.id.managed_zones.html | 44 ++++++++++++++ .../output/data/inc-scoutsuite/scoutsuite.js | 2 +- ScoutSuite/providers/gcp/facade/base.py | 4 ++ ScoutSuite/providers/gcp/facade/dns.py | 19 ++++++ ScoutSuite/providers/gcp/metadata.json | 10 ++++ .../providers/gcp/resources/dns/__init__.py | 0 .../providers/gcp/resources/dns/base.py | 8 +++ .../gcp/resources/dns/managed_zones.py | 59 +++++++++++++++++++ .../dns-zones-dnssec-not-enabled.json | 21 +++++++ ...s-zones-key-signing-key-using-rsasha1.json | 16 +++++ ...-zones-zone-signing-key-using-rsasha1.json | 16 +++++ .../gcp/rules/rulesets/cis-1.1.0.json | 20 ++++++- .../providers/gcp/rules/rulesets/default.json | 18 ++++++ ScoutSuite/providers/gcp/services.py | 3 + ScoutSuite/utils.py | 1 + 15 files changed, 239 insertions(+), 2 deletions(-) create mode 100755 ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html create mode 100755 ScoutSuite/providers/gcp/facade/dns.py create mode 100644 ScoutSuite/providers/gcp/resources/dns/__init__.py create mode 100755 ScoutSuite/providers/gcp/resources/dns/base.py create mode 100755 ScoutSuite/providers/gcp/resources/dns/managed_zones.py create mode 100755 ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json create mode 100755 ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json create mode 100755 ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html b/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html new file mode 100755 index 000000000..bf7ead99e --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html @@ -0,0 +1,44 @@ + + + + + + + + + diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index b114fba6a..f373fcb23 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1211,7 +1211,7 @@ function makeTitle(title) { return title.toString() } title = title.toLowerCase() - if (['acm', 'ec2', 'ecr', 'ecs', 'efs', 'eks', 'iam', 'kms', 'rds', 'sns', 'ses', 'sqs', 'vpc', 'elb', 'elbv2', 'emr'].indexOf(title) !== -1) { + if (['acm', 'ec2', 'ecr', 'ecs', 'efs', 'eks', 'iam', 'kms', 'rds', 'sns', 'ses', 'sqs', 'vpc', 'elb', 'elbv2', 'emr','dns'].indexOf(title) !== -1) { return title.toUpperCase() } else if (title === 'cloudtrail') { return 'CloudTrail' diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 90b3d2bd9..3b984d822 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -7,6 +7,7 @@ from ScoutSuite.providers.gcp.facade.memorystoreredis import MemoryStoreRedisFacade from ScoutSuite.providers.gcp.facade.cloudstorage import CloudStorageFacade from ScoutSuite.providers.gcp.facade.gce import GCEFacade +from ScoutSuite.providers.gcp.facade.dns import DNSFacade from ScoutSuite.providers.gcp.facade.iam import IAMFacade from ScoutSuite.providers.gcp.facade.kms import KMSFacade from ScoutSuite.providers.gcp.facade.stackdriverlogging import StackdriverLoggingFacade @@ -34,6 +35,7 @@ def __init__(self, self.gce = GCEFacade() self.iam = IAMFacade() self.kms = KMSFacade() + self.dns = DNSFacade() self.stackdriverlogging = StackdriverLoggingFacade() self.stackdrivermonitoring = StackdriverMonitoringFacade() @@ -170,6 +172,8 @@ async def is_api_enabled(self, project_id, service): endpoint = 'monitoring' elif service == 'MemoryStore': endpoint = 'redis' + elif service =='DNS': + endpoint='dns' else: print_debug('Could not validate the state of the {} API for project \"{}\", ' 'including it in the execution'.format(format_service_name(service.lower()), project_id)) diff --git a/ScoutSuite/providers/gcp/facade/dns.py b/ScoutSuite/providers/gcp/facade/dns.py new file mode 100755 index 000000000..88cdfeb13 --- /dev/null +++ b/ScoutSuite/providers/gcp/facade/dns.py @@ -0,0 +1,19 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade +from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils +from ScoutSuite.providers.utils import run_concurrently + + +class DNSFacade(GCPBaseFacade): + def __init__(self): + super().__init__('dns', 'v1') + + async def get_zones(self, project_id): + try: + dns_client = self._get_client() + return await run_concurrently( + lambda: dns_client.managedZones().list(project=project_id).execute() + ) + except Exception as e: + print_exception(f'Failed to retrieve zones: {e}') + return [] diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json index e3382af73..26e47387e 100755 --- a/ScoutSuite/providers/gcp/metadata.json +++ b/ScoutSuite/providers/gcp/metadata.json @@ -67,6 +67,15 @@ } } }, + "network": { + "dns": { + "resources": { + "managed_zones": { + "cols": 2, + "path": "services.dns.projects.id.managed_zones" + } + } + }}, "storage": { "cloudstorage": { "resources": { @@ -77,6 +86,7 @@ } } }, + "database": { "cloudsql": { "resources": { diff --git a/ScoutSuite/providers/gcp/resources/dns/__init__.py b/ScoutSuite/providers/gcp/resources/dns/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/gcp/resources/dns/base.py b/ScoutSuite/providers/gcp/resources/dns/base.py new file mode 100755 index 000000000..779dd131d --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/dns/base.py @@ -0,0 +1,8 @@ +from ScoutSuite.providers.gcp.resources.projects import Projects +from ScoutSuite.providers.gcp.resources.dns.managed_zones import ManagedZones + + +class DNS(Projects): + _children = [ + (ManagedZones, 'managed_zones') + ] diff --git a/ScoutSuite/providers/gcp/resources/dns/managed_zones.py b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py new file mode 100755 index 000000000..bbfdfc1ed --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py @@ -0,0 +1,59 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class ManagedZones(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_zones = await self.facade.dns.get_zones(self.project_id) + for raw_zone in raw_zones['managedZones']: + zone_id, zone = self._parse_zone(raw_zone) + self[zone_id] = zone + + def _parse_zone(self, raw_zone): + zone_dict = {} + zone_dict['id'] = raw_zone['id'] + zone_dict['name'] = raw_zone['name'] + zone_dict['description'] = self._get_description(raw_zone) + zone_dict['dns_name'] = raw_zone['dnsName'] + zone_dict['name_servers'] = raw_zone.get('nameServers', None) + zone_dict['visibility'] = raw_zone['visibility'] + zone_dict['creation_timestamp'] = raw_zone['creationTime'] + + dnssec_config = raw_zone.get('dnssecConfig',None) + if dnssec_config: + zone_dict['dnssec_enabled'] = True if dnssec_config['state'] == 'on' else False + zone_dict['dnssec_keys'] = self._get_keys(dnssec_config,zone_dict) + else: + zone_dict['dnssec_enabled'] = False + zone_dict['dnssec_keys'] = None + zone_dict['key_signing_algorithm'] = None + zone_dict['zone_signing_algorithm']=None + return zone_dict['id'], zone_dict + + def _get_description(self, raw_zone): + description = raw_zone.get('description') + return description if description else 'N/A' + + def _get_keys(self, dnssec_config,zone_dict): + raw_keys = dnssec_config.get('defaultKeySpecs', None) + if not raw_keys: + return None + key_dict = {} + for raw_key in raw_keys: + key_dict[raw_key['keyType']]={ + 'key_type': raw_key['keyType'], + 'key_algorithm': raw_key['algorithm'], + 'length': raw_key['keyLength'], + } + if raw_key['keyType'] == 'keySigning': + zone_dict['key_signing_algorithm'] = raw_key['algorithm'] + elif raw_key['keyType'] == 'zoneSigning': + zone_dict['zone_signing_algorithm'] = raw_key['algorithm'] + + + + return key_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json new file mode 100755 index 000000000..623d16f20 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json @@ -0,0 +1,21 @@ +{ + "description": "DNSSEC is not enabled for Cloud DNS", + "rationale": "Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today’s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.", + "remediation": "From Console:\n
      \n
    1. \n 1. Go to Cloud DNS by visiting https://console.cloud.google.com/net-services/dns/zones.\n
      2. \n
    2. \n 2. For each zone of Type Public, set DNSSEC to ON.\n
      3. \n\n
    ", + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", + "references": [ + "https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html", + "https://cloud.google.com/dns/dnssec-config#enabling", + "https://cloud.google.com/dns/dnssec" + ], + "conditions": [ + "and", + [ + "dns.projects.id.managed_zones.id.dnssec_enabled", + "false", + "" + ] + ], + "id_suffix": "dnssec_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json new file mode 100755 index 000000000..36a1349d8 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json @@ -0,0 +1,16 @@ +{ + "description": "DNSSEC key-signing key uses RSASHA1", + "rationale": "The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.", + "remediation": "From Console:\n
      \n
    1. \n\n 1. If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned\n off and re-enabled with different settings. To turn off DNSSEC, run the following command:\n
      \n \n gcloud dns managed-zones update ZONE_NAME --dnssec-state off\n \n
      \n
      2. \n
    2. \n 2. To update key-signing for a reported managed DNS Zone, run the following command:\n
      \n gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM\n --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH\n --denial-of-existence DENIAL_OF_EXISTENCE\n \n
      \n
      3. \n\n
    ", + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", + "references": ["https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options"], + "conditions": [ + "and", + [ + "dns.projects.id.managed_zones.id.key_signing_algorithm", + "equal", + "rsasha1" + ] + ] +} diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json new file mode 100755 index 000000000..bea647d68 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json @@ -0,0 +1,16 @@ +{ + "description": "DNSSEC zone-signing key uses RSASHA1", + "rationale": "The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.", + "remediation": "From Console:\n
      \n
    1. \n\n 1. If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned\n off and re-enabled with different settings. To turn off DNSSEC, run the following command:\n
      \n \n gcloud dns managed-zones update ZONE_NAME --dnssec-state off\n \n
      \n
      2. \n
    2. \n 2. To update key-signing for a reported managed DNS Zone, run the following command:\n
      \n gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM\n --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH\n --denial-of-existence DENIAL_OF_EXISTENCE\n \n
      \n
      3. \n\n
    ", + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", + "references": ["https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options"], + "conditions": [ + "and", + [ + "dns.projects.id.managed_zones.id.zone_signing_algorithm", + "equal", + "rsasha1" + ] + ] +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index aa1d19f54..d9ef8ecc5 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -30,7 +30,25 @@ "enabled": true, "level": "warning" } - ] + ], + "dns-zones-dnssec-not-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "dns-zones-key-signing-key-using-rsasha1": [ + { + "enabled": true, + "level": "warning" + } + ], + "dns-zones-zone-signing-key-using-rsasha1": [ + { + "enabled": true, + "level": "warning" + } + ] } } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index aa80a6a21..0d7ce1c55 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -152,6 +152,24 @@ "level": "warning" } ], + "dns-zones-dnssec-not-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "dns-zones-key-signing-key-using-rsasha1.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "dns-zones-zone-signing-key-using-rsasha1.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-gmail-accounts-used.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py index 470179681..9027b5abb 100755 --- a/ScoutSuite/providers/gcp/services.py +++ b/ScoutSuite/providers/gcp/services.py @@ -6,6 +6,8 @@ from ScoutSuite.providers.gcp.resources.gce.base import ComputeEngine from ScoutSuite.providers.gcp.resources.iam.base import IAM from ScoutSuite.providers.gcp.resources.kms.base import KMS +from ScoutSuite.providers.gcp.resources.dns.base import DNS + from ScoutSuite.providers.gcp.resources.stackdriverlogging.base import StackdriverLogging from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.base import StackdriverMonitoring from ScoutSuite.providers.gcp.resources.gke.base import KubernetesEngine @@ -30,6 +32,7 @@ def __init__(self, credentials=None, default_project_id=None, self.stackdriverlogging = StackdriverLogging(facade) self.stackdrivermonitoring = StackdriverMonitoring(facade) self.kubernetesengine = KubernetesEngine(facade) + self.dns = DNS(facade) def _is_provider(self, provider_name): return provider_name == 'gcp' diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index ab48c82f6..64e49eba8 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -51,6 +51,7 @@ 'cloudstorage': 'Cloud Storage', 'cloudmemorystore': 'Cloud Memorystore', 'cloudsql': 'Cloud SQL', + 'dns': 'DNS', 'stackdriverlogging': 'Stackdriver Logging', 'stackdrivermonitoring': 'Stackdriver Monitoring', 'computeengine': 'Compute Engine', From e6385b9304b231ae26391032ba94b95e9c22d42b Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Wed, 31 Mar 2021 16:15:07 -0400 Subject: [PATCH 580/979] vpc flow logs not enabled --- ...engine.projects.id.regions.id.subnetworks.html | 1 + .../providers/gcp/resources/gce/subnetworks.py | 8 ++++++++ .../computeengine-vpc-flow-logs-disabled.json | 15 +++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++++ 4 files changed, 30 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html index e9b231378..2f6cc509e 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.subnetworks.html @@ -14,6 +14,7 @@

    Information

    IP Range: {{ip_range}}
    Gateway Address: {{gateway_address}}
    Private Google Access: {{convert_bool_to_enabled private_ip_google_access}}
    +
    VPC Flow Logs: {{flowlogs_enabled}}

    Compute Engine Instances diff --git a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py index c25332585..175838be0 100755 --- a/ScoutSuite/providers/gcp/resources/gce/subnetworks.py +++ b/ScoutSuite/providers/gcp/resources/gce/subnetworks.py @@ -28,4 +28,12 @@ def _parse_subnetwork(self, raw_subnetwork): subnetwork_dict['subnetwork_url'] = raw_subnetwork['selfLink'] subnetwork_dict['network_url'] = raw_subnetwork['network'] + if 'logConfig' in raw_subnetwork: + subnetwork_dict['flowlogs_enabled'] = raw_subnetwork['logConfig']['enable'] + else: + # Set as UNKNOWN for now. For instance, some projects' + # default networks with flow logs enabled do not have a logConfig + # stanza in JSON output. + subnetwork_dict['flowlogs_enabled'] = "UNKNOWN" + return subnetwork_dict['id'], subnetwork_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json new file mode 100644 index 000000000..dbfc66d28 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json @@ -0,0 +1,15 @@ +{ + "description": "VPC Flow Logs Not Enabled", + "rationale": "VPC Flow Logs were not enabled for this subnet. It is best practice to enable Flow Logs to some degree in order to have network visibility in the event of resource compromise, as well as source data for threat detections.", + "dashboard_name": "Subnetwork", + "path": "computeengine.projects.id.regions.id.subnetworks.id", + "conditions": [ + "and", + [ + "computeengine.projects.id.regions.id.subnetworks.id.flowlogs_enabled", + "false", + "" + ] + ], + "id_suffix": "name" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index bd5117f0e..9883242cd 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -65,6 +65,12 @@ "level": "warning" } ], + "computeengine-vpc-flow-logs-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "computeengine-firewall-default-rule-in-use.json": [ { "enabled": true, From 1281906cdc4ba3068b28e4c2ea30497150dcffde Mon Sep 17 00:00:00 2001 From: Sophie Date: Mon, 5 Apr 2021 10:38:28 -0400 Subject: [PATCH 581/979] started rules 2.4to 2.11 in GCP --- .../gcp/resources/stackdriverlogging/base.py | 4 +- .../stackdriverlogging/logging_metrics.py | 63 +++++++++++++++++++ .../resources/stackdrivermonitoring/base.py | 4 +- .../monitoring_alert_policies.py | 24 +++++++ 4 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py create mode 100644 ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py index 75e502c76..bd3aa0ca1 100755 --- a/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py +++ b/ScoutSuite/providers/gcp/resources/stackdriverlogging/base.py @@ -1,4 +1,5 @@ from ScoutSuite.providers.gcp.resources.projects import Projects +from ScoutSuite.providers.gcp.resources.stackdriverlogging.logging_metrics import LoggingMetrics from ScoutSuite.providers.gcp.resources.stackdriverlogging.sinks import Sinks from ScoutSuite.providers.gcp.resources.stackdriverlogging.metrics import Metrics @@ -6,5 +7,6 @@ class StackdriverLogging(Projects): _children = [ (Sinks, 'sinks'), - (Metrics, 'metrics') + (Metrics, 'metrics'), + (LoggingMetrics, 'logging_metrics') ] diff --git a/ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py b/ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py new file mode 100644 index 000000000..efd193ee9 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/stackdriverlogging/logging_metrics.py @@ -0,0 +1,63 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class LoggingMetrics(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_metrics = await self.facade.stackdriverlogging.get_metrics(self.project_id) + metric = self._parse_metric(raw_metrics) + self[self.project_id] = metric + + def _parse_metric(self, raw_metrics): + metric_dict = {} + metric_dict['project_ownership_assignments'] =\ + self._specific_filter_present(raw_metrics, '(protoPayload.serviceName="cloudresourcemanager.googleapis' + '.com") AND (ProjectOwnership OR projectOwnerInvitee) OR (' + 'protoPayload.serviceData.policyDelta.bindingDeltas.action' + '="REMOVE" AND ' + "protoPayload.serviceData.policyDelta.bindingDeltas.role" + '="roles/owner") OR (' + 'protoPayload.serviceData.policyDelta.bindingDeltas.action' + '="ADD" AND ' + 'protoPayload.serviceData.policyDelta.bindingDeltas.role' + '="roles/owner")') + metric_dict['audit_config_change'] = \ + self._specific_filter_present(raw_metrics, 'protoPayload.methodName="SetIamPolicy" AND ' + 'protoPayload.serviceData.policyDelta.auditConfigDeltas:*') + metric_dict['custom_role_change'] = \ + self._specific_filter_present(raw_metrics, 'resource.type="iam_role" AND protoPayload.methodName = ' + '"google.iam.admin.v1.CreateRole" OR ' + 'protoPayload.methodName="google.iam.admin.v1.DeleteRole" OR ' + 'protoPayload.methodName="google.iam.admin.v1.UpdateRole"') + metric_dict['vpc_network_firewall_rule_change'] = \ + self._specific_filter_present(raw_metrics, 'resource.type="gce_firewall_rule" AND ' + 'jsonPayload.event_subtype="compute.firewalls.patch" OR ' + 'jsonPayload.event_subtype="compute.firewalls.insert"') + metric_dict['vpc_network_route_change'] = \ + self._specific_filter_present(raw_metrics, 'resource.type="gce_route" AND ' + 'jsonPayload.event_subtype="compute.routes.delete" OR ' + 'jsonPayload.event_subtype="compute.routes.insert"') + metric_dict['vpc_network_change'] = \ + self._specific_filter_present(raw_metrics, 'resource.type=gce_network AND ' + 'jsonPayload.event_subtype="compute.networks.insert" OR ' + 'jsonPayload.event_subtype="compute.networks.patch" OR ' + 'jsonPayload.event_subtype="compute.networks.delete" OR ' + 'jsonPayload.event_subtype="compute.networks.removePeering" OR ' + 'jsonPayload.event_subtype="compute.networks.addPeering"') + metric_dict['cloud_storage_iam_permission_change'] = \ + self._specific_filter_present(raw_metrics, 'resource.type=gcs_bucket AND ' + 'protoPayload.methodName="storage.setIamPermissions"') + metric_dict['sql_instance_conf_change'] = \ + self._specific_filter_present(raw_metrics, 'protoPayload.methodName="cloudsql.instances.update"') + + return metric_dict + + def _specific_filter_present(self, raw_metrics, filter_value: str): + for metric in raw_metrics: + if metric.filter_ == filter_value: + return True + return False diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py index b270238a6..3ba5c3207 100755 --- a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/base.py @@ -1,4 +1,5 @@ from ScoutSuite.providers.gcp.resources.projects import Projects +from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.monitoring_alert_policies import MonitoringAlertPolicies from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.uptime_checks import UptimeChecks from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.alert_policies import AlertPolicies @@ -6,5 +7,6 @@ class StackdriverMonitoring(Projects): _children = [ (UptimeChecks, 'uptime_checks'), - (AlertPolicies, 'alert_policies') + (AlertPolicies, 'alert_policies'), + (MonitoringAlertPolicies, 'monitoring_alert_policies') ] diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py new file mode 100644 index 000000000..a4bca6f8c --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py @@ -0,0 +1,24 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class MonitoringAlertPolicies(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_alert_policies = await self.facade.stackdrivermonitoring.get_alert_policies(self.project_id) + alert_policy = self._parse_alert_policy(raw_alert_policies) + self[self.project_id] = alert_policy + + def _parse_alert_policy(self, raw_alert_policies): + alert_policy_dict = {} + return alert_policy_dict + + def _specific_alert_policy_present(self, alert_policies, alert_policy_value: str): + for alert_policy in alert_policies: + for condition in alert_policy.conditions._value: + if condition.condition_threshold.filter == alert_policy_value and alert_policy.enabled.value: + return True + return False From cd8e74d63bb264e6ea78ec094e1c4fbac429b921 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 6 Apr 2021 18:22:56 -0400 Subject: [PATCH 582/979] Enhancement/gcp sql 6.1.2 (#1225) * added rule 6.1.2 from gcp * fix issue with database flags * modified mysql to use only database instances Co-authored-by: Sophie --- ...rvices.cloudsql.projects.id.instances.html | 2 ++ .../resources/cloudsql/database_instances.py | 13 +++++++++ ...udsql-mysql-instances-local-infile-on.json | 28 +++++++++++++++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 6 ++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++ 5 files changed, 55 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html index bf1d9095a..8137e5ce4 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html @@ -13,6 +13,8 @@

    Information

    SSL Required: {{convert_bool_to_enabled ssl_required}}
    Public IP Address: {{value_or_none public_ip}}
    Private IP Address: {{value_or_none private_ip}}
    +
    Local Infile Flag is Off: {{value_or_none local_infile_off}}
    + {{#if authorized_networks}}
    Authorized Networks:
      diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index ca9a5e4cc..035010771 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -39,6 +39,11 @@ def _parse_instance(self, raw_instance): instance_dict['ssl_required'] = self._is_ssl_required(raw_instance) instance_dict['authorized_networks'] = raw_instance['settings']['ipConfiguration']['authorizedNetworks'] + if raw_instance['settings'].get('databaseFlags', None): + instance_dict['local_infile_off'] = self._mysql_local_infile_flag_off(raw_instance) + else: + instance_dict['local_infile_off'] = True + # check if is or has a failover replica instance_dict['has_failover_replica'] = raw_instance.get('failoverReplica', []) != [] instance_dict['is_failover_replica'] = raw_instance.get('masterInstanceName', '') != '' @@ -73,3 +78,11 @@ def _get_last_backup_timestamp(self, backups): last_backup_id = max(backups.keys(), key=( lambda k: backups[k]['creation_timestamp'])) return backups[last_backup_id]['creation_timestamp'] + + + def _mysql_local_infile_flag_off(self, raw_instance): + if 'MYSQL' in raw_instance['databaseVersion']: + for flag in raw_instance['settings']['databaseFlags']: + if flag['name'] == 'local_infile' and flag['value'] == 'on': + return False + return True diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json new file mode 100644 index 000000000..e59522fd5 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json @@ -0,0 +1,28 @@ +{ + "description": "Local Infile Database Flag For MySQL Instance Is On", + "rationale": "The local_infile flag controls the server-side LOCAL capability for LOAD DATA statements. Depending on the local_infile setting, the server refuses or permits local data loading by clients that have LOCAL enabled on the client side.To explicitly cause the server to refuse LOAD DATA LOCAL statements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld with local_infile disabled. local_infile can also be set at runtime.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the MySQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag local_infile from the drop-down menu, and set its value to off.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.1.2" + } + ], + "references": [ + "https://cloud.google.com/sql/docs/mysql/flags", + "https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile", + "https://dev.mysql.com/doc/refman/5.7/en/load-data-local.html" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.local_infile_off", + "false", + "" + ] + ], + "id_suffix": "local_infile_off" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index d9ef8ecc5..16d76c707 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -1,6 +1,12 @@ { "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.", "rules": { + "cloudsql-mysql-instances-local-infile-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudstorage-uniform-bucket-level-access-disabled.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 0d7ce1c55..35d118e41 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -37,6 +37,12 @@ "level": "warning" } ], + "cloudsql-mysql-instances-local-infile-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudstorage-bucket-member.json": [ { "args": [ From 1944df3789ad5fb27e5f9f3876eaeb00ca8c304d Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Wed, 7 Apr 2021 17:25:31 -0400 Subject: [PATCH 583/979] Enhancement/gcp iam 1.9 1.10 (#1224) * added rules 1.9 and 1.10 og gcp cis * added rules to cis-1.1.0.json * fix issues Co-authored-by: Sophie --- .../services.kms.projects.id.keyrings.html | 25 +++++++++- ScoutSuite/providers/gcp/facade/kms.py | 12 +++++ .../providers/gcp/resources/kms/keys.py | 25 +++++++++- .../providers/gcp/resources/kms/kms_policy.py | 41 ++++++++++++++++ ...okeys-anonymously-publicly-accessible.json | 30 ++++++++++++ .../kms-encryption-keys-not-rotated.json | 49 +++++++++++++++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 12 +++++ .../providers/gcp/rules/rulesets/default.json | 12 +++++ 8 files changed, 203 insertions(+), 3 deletions(-) create mode 100644 ScoutSuite/providers/gcp/resources/kms/kms_policy.py create mode 100644 ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html b/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html index 0451198eb..902811edd 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kms.projects.id.keyrings.html @@ -17,20 +17,43 @@

      state: {{state}} +
    • State: {{state}}
    • Protection Level: {{protection_level}}
    • Algorithm: {{algorithm}}
    • Purpose: {{purpose}}
    • Creation Date: {{format_date creation_datetime}}
    • Rotation Period: {{value_or_none rotation_period}}
    • Next Rotation Date: {{value_or_none next_rotation_datetime}}
      • +
    • Days Until Next Rotation: {{value_or_none next_rotation_time_days}}
      • +
    • Bindings
      • +
        + {{#each kms_iam_policy}} +
      • {{name}}
        • +
          +
        • Title: {{title}}
          • +
        • Description: {{value_or_none description}}
          • +
        • Custom Role: {{custom_role}}
          • +
        • Not anonymously or publicly accessible: {{anonymous_public_accessible}}
          • +
        + + {{else}} +
      • None
        • + {{/each}} +

    + +
    + + + {{else}}
  • None
    • {{/each}}

    + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html b/ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html new file mode 100644 index 000000000..7acdcb9cc --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.stackdrivermonitoring.projects.id.monitoring_alert_policies.html @@ -0,0 +1,30 @@ + + + + + + + + diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json index 26e47387e..d62bcfaef 100755 --- a/ScoutSuite/providers/gcp/metadata.json +++ b/ScoutSuite/providers/gcp/metadata.json @@ -115,6 +115,10 @@ "metrics": { "cols": 2, "path": "services.stackdriverlogging.projects.id.metrics" + }, + "logging_metrics": { + "cols": 2, + "path": "services.stackdriverlogging.projects.id.logging_metrics" } } }, @@ -127,6 +131,10 @@ "alert_policies": { "cols": 2, "path": "services.stackdrivermonitoring.projects.id.alert_policies" + }, + "monitoring_alert_policies": { + "cols": 2, + "path": "services.stackdrivermonitoring.projects.id.monitoring_alert_policies" } } } diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py index a4bca6f8c..7c03ca07b 100644 --- a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py @@ -14,11 +14,22 @@ async def fetch_all(self): def _parse_alert_policy(self, raw_alert_policies): alert_policy_dict = {} + alert_policy_dict['project_ownership_assignments'] = \ + self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['audit_config_change'] = self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['custom_role_change'] = self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['vpc_network_firewall_rule_change'] = self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['vpc_network_route_change'] = self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['vpc_network_change'] = self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['cloud_storage_iam_permission_change'] = \ + self._specific_alert_policy_present(raw_alert_policies) + alert_policy_dict['sql_instance_conf_change'] = self._specific_alert_policy_present(raw_alert_policies) return alert_policy_dict - def _specific_alert_policy_present(self, alert_policies, alert_policy_value: str): + def _specific_alert_policy_present(self, alert_policies): for alert_policy in alert_policies: - for condition in alert_policy.conditions._value: - if condition.condition_threshold.filter == alert_policy_value and alert_policy.enabled.value: + for condition in alert_policy.conditions._values: + if condition.condition_threshold.filter == 'metric.type=\"logging.googleapis.com/user/\"' and alert_policy.enabled.value: return True return False diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json new file mode 100644 index 000000000..cf8a2c41d --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Log Metric Filter Doesn't Exist For Audit Configuration Changes", + "rationale": "Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"SetIamPolicy\" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.5" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.audit_config_change", + "false", + "" + ] + ], + "id_suffix": "audit_config_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json new file mode 100644 index 000000000..59da64811 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json @@ -0,0 +1,31 @@ +{ + "description": "Log Metric Filter Doesn't Exist For Cloud Storage IAM Permission Changes", + "rationale": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gcs_bucket AND protoPayload.methodName=\"storage.setIamPermissions\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.10" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs", + "https://cloud.google.com/storage/docs/access-control/iam-roles" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.cloud_storage_iam_permission_change", + "false", + "" + ] + ], + "id_suffix": "cloud_storage_iam_permission_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json new file mode 100644 index 000000000..99bc09582 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Log Metric Filter Doesn't Exist For Custom Role Changes", + "rationale": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"iam_role\" AND protoPayload.methodName = \"google.iam.admin.v1.CreateRole\" OR protoPayload.methodName=\"google.iam.admin.v1.DeleteRole\" OR protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.6" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/iam/docs/understanding-custom-roles" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.custom_role_change", + "false", + "" + ] + ], + "id_suffix": "custom_role_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json new file mode 100644 index 000000000..d87d2f876 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json @@ -0,0 +1,29 @@ +{ + "description": "Log Metric Filter Doesn't Exist For Project Ownership Assignments/Changes", + "rationale": "Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      (protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\") AND (ProjectOwnership OR projectOwnerInvitee) OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"REMOVE\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\") OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"ADD\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\")
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.4" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.project_ownership_assignments", + "false", + "" + ] + ], + "id_suffix": "project_ownership_assignments" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json new file mode 100644 index 000000000..8e49b8e4c --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json @@ -0,0 +1,33 @@ +{ + "description": "Log Metric Filter Doesn't Exist For SQL Instance Configuration Changes", + "rationale": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"cloudsql.instances.update\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.11" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs", + "https://cloud.google.com/sql/docs/", + "https://cloud.google.com/sql/docs/mysql/", + "https://cloud.google.com/sql/docs/postgres/" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.sql_instance_conf_change", + "false", + "" + ] + ], + "id_suffix": "sql_instance_conf_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json new file mode 100644 index 000000000..82617e411 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Log Metric Filter Doesn't Exist For VPC Network Changes", + "rationale": "It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs.Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gce_network AND jsonPayload.event_subtype=\"compute.networks.insert\" \n85| P a g eOR jsonPayload.event_subtype=\"compute.networks.patch\" OR jsonPayload.event_subtype=\"compute.networks.delete\" OR jsonPayload.event_subtype=\"compute.networks.removePeering\" OR jsonPayload.event_subtype=\"compute.networks.addPeering\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.9" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/vpc/docs/overview" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.vpc_network_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json new file mode 100644 index 000000000..91d86b23c --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Log Metric Filter Doesn't Exist For VPC Network Firewall Rule Changes", + "rationale": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_firewall_rule\" AND jsonPayload.event_subtype=\"compute.firewalls.patch\" OR jsonPayload.event_subtype=\"compute.firewalls.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.7" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/vpc/docs/firewalls" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.vpc_network_firewall_rule_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_firewall_rule_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json new file mode 100644 index 000000000..67297b833 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Log Metric Filter Doesn't Exist For VPC Network Route Changes", + "rationale": "Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery.Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", + "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_route\" AND jsonPayload.event_subtype=\"compute.routes.delete\" OR jsonPayload.event_subtype=\"compute.routes.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.8" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs/access-control/iam" + ], + "dashboard_name": "Logging Configurations", + "path": "stackdriverlogging.projects.id.logging_metrics.id", + "conditions": [ + "and", + [ + "stackdriverlogging.projects.id.logging_metrics.id.vpc_network_route_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_route_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json new file mode 100644 index 000000000..f6ad2e922 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Alerts Doesn't Exist For Audit Configuration Changes", + "rationale": "Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.", + "remediation":"From console:
    1. Identify the audit configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.5" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/logging/docs/audit/configure-data-access#getiampolicy-setiampolicy" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.audit_config_change", + "false", + "" + ] + ], + "id_suffix": "audit_config_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json new file mode 100644 index 000000000..b07ebc8d3 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json @@ -0,0 +1,31 @@ +{ + "description": "Alerts Doesn't Exist For Cloud Storage IAM Permission Changes", + "rationale": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", + "remediation":"From console:
    1. Identify the cloud storage IAM permission changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.10" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs", + "https://cloud.google.com/storage/docs/access-control/iam-roles" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.cloud_storage_iam_permission_change", + "false", + "" + ] + ], + "id_suffix": "cloud_storage_iam_permission_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json new file mode 100644 index 000000000..17be6be71 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Alerts Doesn't Exist For Custom Role Changes", + "rationale": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.", + "remediation":"From console:
    1. Identify the custom role changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.6" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/iam/docs/understanding-custom-roles" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.custom_role_change", + "false", + "" + ] + ], + "id_suffix": "custom_role_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json new file mode 100644 index 000000000..42baacdc7 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json @@ -0,0 +1,29 @@ +{ + "description": "Alerts Doesn't Exist For Project Ownership Assignments/Changes", + "rationale": "Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.", + "remediation":"From console:
    1. Identify the project ownership assignment/changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.4" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.project_ownership_assignments", + "false", + "" + ] + ], + "id_suffix": "project_ownership_assignments" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json new file mode 100644 index 000000000..769d272df --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json @@ -0,0 +1,33 @@ +{ + "description": "Alerts Doesn't Exist For SQL Instance Configuration Changes", + "rationale": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", + "remediation":"From console:
    1. Identify the sql instance configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.11" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs", + "https://cloud.google.com/sql/docs/", + "https://cloud.google.com/sql/docs/mysql/", + "https://cloud.google.com/sql/docs/postgres/" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.sql_instance_conf_change", + "false", + "" + ] + ], + "id_suffix": "sql_instance_conf_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json new file mode 100644 index 000000000..6cbdce37c --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Alerts Doesn't Exist For VPC Network Changes", + "rationale": "It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs.Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", + "remediation":"From console:
    1. Identify the vpc network changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.9" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/vpc/docs/overview" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json new file mode 100644 index 000000000..5833b5d1b --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Alerts Doesn't Exist For VPC Network Firewall Rule Changes", + "rationale": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", + "remediation":"From console:
    1. Identify the vpc network firewall rule changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.7" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/vpc/docs/firewalls" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_firewall_rule_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_firewall_rule_change" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json new file mode 100644 index 000000000..7e28beafb --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json @@ -0,0 +1,30 @@ +{ + "description": "Alerts Doesn't Exist For VPC Network Route Changes", + "rationale": "Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery.Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", + "remediation":"From console:
    1. Identify the vpc network route changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "2.8" + } + ], + "references": [ + "https://cloud.google.com/logging/docs/logs-based-metrics/", + "https://cloud.google.com/monitoring/custom-metrics/", + "https://cloud.google.com/monitoring/alerts/", + "https://cloud.google.com/logging/docs/reference/tools/gcloud-logging", + "https://cloud.google.com/storage/docs/access-control/iam" + ], + "dashboard_name": "Monitoring Alerts", + "path": "stackdrivermonitoring.projects.id.monitoring_alert_policies.id", + "conditions": [ + "and", + [ + "stackdrivermonitoring.projects.id.monitoring_alert_policies.id.vpc_network_route_change", + "false", + "" + ] + ], + "id_suffix": "vpc_network_route_change" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index 611ae8b3b..14c1991e1 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -132,6 +132,102 @@ "enabled": true, "level": "warning" } + ], + "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } ] } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 7c53eac47..f0d3618e1 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -457,6 +457,102 @@ "enabled": true, "level": "warning" } + ], + "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ + { + "enabled": true, + "level": "warning" + } ] } } From dc25a2ca985aa4db933460e0e7cf6ba7b0770595 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Thu, 8 Apr 2021 12:31:15 -0400 Subject: [PATCH 590/979] Enhancement/gcp sql refactor 6.6 (#1238) * refactor gcp sql rules and added rule 6.6 * fix issue * Update ScoutSuite/providers/gcp/rules/rulesets/default.json Co-authored-by: Xavier Garceau-Aranda * Update ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json Co-authored-by: Xavier Garceau-Aranda Co-authored-by: Sophie Co-authored-by: Xavier Garceau-Aranda --- .../cloudsql-instance-backups-disabled.json | 13 +++++++-- ...loudsql-instance-is-open-to-the-world.json | 14 ++++++++- .../cloudsql-instance-ssl-not-required.json | 10 +++++-- .../cloudsql-instances-public-ips.json | 29 +++++++++++++++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 8 ++++- .../providers/gcp/rules/rulesets/default.json | 6 ++++ 6 files changed, 74 insertions(+), 6 deletions(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json index 5c47c1d1e..b6c4b2dc1 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-backups-disabled.json @@ -1,8 +1,17 @@ { "description": "Instance with Automatic Backups Disabled", - "rationale": "Automatic backups should be configured for Cloud SQL instances in order to ensure backups are created regularly.", + "rationale": "Backups provide a way to restore a Cloud SQL instance to recover lost data or recover from a problem with that instance. Automated backups need to be set for any instance that contains data that should be protected from loss or damage.", + "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the instance where the backups need to be configured.
    3. Click Edit
    4. In the Backups section, check `Enable automated backups', and choose a backup window.
    5. Click Save
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.7" + } + ], "references": [ - "https://cloud.google.com/sql/docs/mysql/backup-recovery/backups" + "https://cloud.google.com/sql/docs/mysql/backup-recovery/backups", + "https://cloud.google.com/sql/docs/postgres/backup-recovery/backing-up" ], "dashboard_name": "Instances", "path": "cloudsql.projects.id.instances.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json index 734723b62..4100bda55 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json @@ -1,13 +1,25 @@ { "description": "Instance Allowing All Incoming Connections", - "rationale": "Database instances should accept connections from trusted IPs and networks only.", + "rationale": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it.An authorized network should not have IPs/networks configured to 0.0.0.0/0which will allow access to the instance from anywhere in the world.", + "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Under the Configuration section click Edit configurations.
    4. Under Configuration options expand the Connectivity section.
    5. Click the delete icon for the authorized network 0.0.0.0/0.
    6. Click Save to update the instance.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", "version": "1.0.0", "reference": "6.2" + }, + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.5" } ], + "references": [ + "https://cloud.google.com/sql/docs/mysql/configure-ip", + "https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks", + "https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints", + "https://cloud.google.com/sql/docs/mysql/connection-org-policy" + ], "dashboard_name": "Instances", "display_path": "cloudsql.projects.id.instances.id", "path": "cloudsql.projects.id.instances.id.authorized_networks.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json index a9b1853d4..a4817120a 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-ssl-not-required.json @@ -1,15 +1,21 @@ { "description": "Instance Not Requiring SSL for Incoming Connections", - "rationale": "All incoming connections to databases should require the use of SSL.", + "rationale": "SQL database connections if successfully trapped (MITM); can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance.", + "remediation": "From console:
    1. Go to https://console.cloud.google.com/sql/instances.
    2. Click on an instance name to see its configuration overview.
    3. In the left-side panel, select Connections
    4. In the SSL connections section, click Allow only SSL connections.
    5. Under Configure SSL server certificates click Create new certificate.
    6. Under Configure SSL server certificates click Create a client certificate.
    7. Follow the instructions shown to learn how to connect to your instance.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", "version": "1.0.0", "reference": "6.1" + }, + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.4" } ], "references": [ - "https://cloud.google.com/sql/docs/mysql/authorize-ssl" + "https://cloud.google.com/sql/docs/postgres/configure-ssl-instance" ], "dashboard_name": "Instances", "path": "cloudsql.projects.id.instances.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json new file mode 100644 index 000000000..07df46728 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json @@ -0,0 +1,29 @@ +{ + "description": "Cloud SQL Database Instances Have Public IPs", + "rationale": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", + "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Select the Connections tab.
    4. Deselect the Public IP checkbox.
    5. Click Save to update the instance.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.6" + } + ], + "references": [ + "https://cloud.google.com/sql/docs/mysql/configure-private-ip", + "https://cloud.google.com/sql/docs/mysql/private-ip", + "https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints", + "https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictPublicIp" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEmpty", + "" + ] + ], + "id_suffix": "public_ip" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index 611ae8b3b..216bb58f2 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -1,6 +1,12 @@ { "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.", "rules": { + "cloudsql-instances-public-ips.json": [ + { + "enabled": true, + "level": "danger" + } + ], "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ { "enabled": true, @@ -135,4 +141,4 @@ ] } -} \ No newline at end of file +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 7c53eac47..6d31926dd 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -37,6 +37,12 @@ "level": "warning" } ], + "cloudsql-instances-public-ips.json": [ + { + "enabled": true, + "level": "danger" + } + ], "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ { "enabled": true, From cdd5e65897965ee0414bc3999b06fbd0c4737cd2 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Fri, 9 Apr 2021 13:21:24 -0400 Subject: [PATCH 591/979] Enhancement/gcp sql 6.2 (#1237) * added rule 6.2 from gcp * fix issue * fix issue * fix issue Co-authored-by: Sophie --- ...rvices.cloudsql.projects.id.instances.html | 8 +++ .../resources/cloudsql/database_instances.py | 52 ++++++++++++++++++- ...tgresql-instances-log-checkpoints-off.json | 27 ++++++++++ ...tgresql-instances-log-connections-off.json | 27 ++++++++++ ...esql-instances-log-disconnections-off.json | 27 ++++++++++ ...stgresql-instances-log-lock-waits-off.json | 27 ++++++++++ ...-instances-log-min-duration-not-set-1.json | 27 ++++++++++ ...ql-instances-log-min-messages-not-set.json | 27 ++++++++++ ...ql-instances-log-temp-files-not-set-0.json | 27 ++++++++++ .../gcp/rules/rulesets/cis-1.1.0.json | 42 +++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 42 +++++++++++++++ 11 files changed, 332 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html index 08ffcbb6b..78494547d 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudsql.projects.id.instances.html @@ -17,6 +17,14 @@

    Information

    Cross db Ownership Chaining Flag is Off: {{value_or_none cross_db_ownership_chaining_off}}
    Contained Database Authentication Flag is Off: {{value_or_none contained_database_authentication_off}}
    +
    Log Checkpoints Flag is On: {{value_or_none log_checkpoints_on}}
    +
    Log Connections Flag is On: {{value_or_none log_connections_on}}
    +
    Log Disconnections Flag is On: {{value_or_none log_disconnections_on}}
    +
    Log Lock Waits Flag is On: {{value_or_none log_lock_waits_on}}
    +
    Log Min Messages Flag set Appropriately: {{value_or_none log_min_messages}}
    +
    Log Temp Files Flag set to 0: {{value_or_none log_temp_files_0}}
    +
    Log Min Duration Statement Flag set to -1: {{value_or_none log_min_duration_statement_-1}}
    + {{#if authorized_networks}}
    Authorized Networks:
      diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index c10841acb..22857213a 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -42,13 +42,31 @@ def _parse_instance(self, raw_instance): if raw_instance['settings'].get('databaseFlags', None): instance_dict['local_infile_off'] = self._mysql_local_infile_flag_off(raw_instance) + instance_dict['log_checkpoints_on'] = self._postgres_flags_on(raw_instance, 'log_checkpoints') + instance_dict['log_connections_on'] = self._postgres_flags_on(raw_instance, 'log_connections') + instance_dict['log_disconnections_on'] = self._postgres_flags_on(raw_instance, 'log_disconnections') + instance_dict['log_lock_waits_on'] = self._postgres_flags_on(raw_instance, 'log_lock_waits') + instance_dict['log_min_messages'] = self._postgres_log_min_error_statement_flags(raw_instance) + instance_dict['log_temp_files_0'] = self._postgres_log_temp_files_flags_0(raw_instance) + instance_dict['log_min_duration_statement_-1'] = self._postgres_log_min_duration_statement_flags_1( + raw_instance) + instance_dict['cross_db_ownership_chaining_off'] = self._sqlservers_cross_db_ownership_chaining_flag_off( raw_instance, 'cross db ownership chaining') instance_dict['contained_database_authentication_off'] = self._sqlservers_cross_db_ownership_chaining_flag_off( raw_instance, 'contained database authentication') + else: instance_dict['local_infile_off'] = True + instance_dict['log_checkpoints_on'] = self._check_database_type(raw_instance) + instance_dict['log_connections_on'] = self._check_database_type(raw_instance) + instance_dict['log_disconnections_on'] = self._check_database_type(raw_instance) + instance_dict['log_lock_waits_on'] = self._check_database_type(raw_instance) + instance_dict['log_min_messages'] = self._check_database_type(raw_instance) + instance_dict['log_temp_files_0'] = self._check_database_type(raw_instance) + instance_dict['log_min_duration_statement_-1'] = self._check_database_type(raw_instance) + instance_dict['cross_db_ownership_chaining_off'] = True instance_dict['contained_database_authentication_off'] = True @@ -87,7 +105,6 @@ def _get_last_backup_timestamp(self, backups): lambda k: backups[k]['creation_timestamp'])) return backups[last_backup_id]['creation_timestamp'] - def _mysql_local_infile_flag_off(self, raw_instance): if 'MYSQL' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: @@ -95,6 +112,39 @@ def _mysql_local_infile_flag_off(self, raw_instance): return False return True + def _check_database_type(self, raw_instance): + if 'POSTGRES' in raw_instance['databaseVersion']: + return False + return True + + def _postgres_flags_on(self, raw_instance, flag_name: str): + if 'POSTGRES' in raw_instance['databaseVersion']: + for flag in raw_instance['settings']['databaseFlags']: + if flag['name'] == flag_name and flag['value'] == 'off': + return False + return True + + def _postgres_log_min_error_statement_flags(self, raw_instance): + if 'POSTGRES' in raw_instance['databaseVersion']: + for flag in raw_instance['settings']['databaseFlags']: + if flag['name'] == 'log_min_error_statement' and flag['value'] is not None: + return True + return False + + def _postgres_log_temp_files_flags_0(self, raw_instance): + if 'POSTGRES' in raw_instance['databaseVersion']: + for flag in raw_instance['settings']['databaseFlags']: + if flag['name'] == 'log_temp_files' and flag['value'] != 0: + return False + return True + + def _postgres_log_min_duration_statement_flags_1(self, raw_instance): + if 'POSTGRES' in raw_instance['databaseVersion']: + for flag in raw_instance['settings']['databaseFlags']: + if flag['name'] == 'log_min_duration_statement' and flag['value'] != -1: + return False + return True + def _sqlservers_cross_db_ownership_chaining_flag_off(self, raw_instance, flag_name: str): if 'SQLSERVER' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json new file mode 100644 index 000000000..b1ad37341 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json @@ -0,0 +1,27 @@ +{ + "description": "Log Checkpoints Database Flag For PostgreSQL Instance Is Off", + "rationale": "Enabling log_checkpoints causes checkpoints and restart points to be logged in the server log. Some statistics are included in the log messages, including the number of buffers written and the time spent writing them. This parameter can only be set in the postgresql.conf file or on the server command line. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_checkpoints from the drop-down menu, and set its value to off.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.1" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT", + "https://cloud.google.com/sql/docs/postgres/flags#setting_a_database_flag" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_checkpoints_on", + "false", + "" + ] + ], + "id_suffix": "log_checkpoints_on" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json new file mode 100644 index 000000000..89bd43db0 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json @@ -0,0 +1,27 @@ +{ + "description": "Log Connections Database Flag For PostgreSQL Instance Is Off", + "rationale": "PostgreSQL does not log attempted connections by default.Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_connections from the drop-down menu, and set its value to off.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.2" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_connections_on", + "false", + "" + ] + ], + "id_suffix": "log_connections_on" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json new file mode 100644 index 000000000..74e0ae1be --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json @@ -0,0 +1,27 @@ +{ + "description": "Log Disconnections Database Flag For PostgreSQL Instance Is Off", + "rationale": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period. The log_disconnections and log_connections work hand in hand and generally, the pair would be enabled/disabled together. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_disconnections from the drop-down menu, and set its value to off.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.3" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_disconnections_on", + "false", + "" + ] + ], + "id_suffix": "log_disconnections_on" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json new file mode 100644 index 000000000..e71d5c59c --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json @@ -0,0 +1,27 @@ +{ + "description": "Log Lock Waits Database Flag For PostgreSQL Instance Is Off", + "rationale": "The deadlock timeout defines the time to wait on a lock before checking for any conditions. Frequent run overs on deadlock timeout can be an indication of an underlying issue. Logging such waits on locks by enabling the log_lock_waits flag can be used to identify poor performance due to locking delays or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_lock_waits from the drop-down menu, and set its value to off.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.4" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-MIN-DURATION-STATEMENT", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_lock_waits_on", + "false", + "" + ] + ], + "id_suffix": "log_lock_waits_on" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json new file mode 100644 index 000000000..b7926fd89 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json @@ -0,0 +1,27 @@ +{ + "description": "Log Min Duration Statement Database Flag For PostgreSQL Instance Is Not Set To -1", + "rationale": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_min_duration_statement from the drop-down menu, and set its value to -1.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.7" + } + ], + "references": [ + "https://www.postgresql.org/docs/current/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_min_duration_statement_-1", + "false", + "" + ] + ], + "id_suffix": "log_min_duration_statement_-1" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json new file mode 100644 index 000000000..7e7308458 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json @@ -0,0 +1,27 @@ +{ + "description": "Log Min Messages Database Flag For PostgreSQL Instance Is Not Set", + "rationale": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make it difficult to find actual errors, while considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set in accordance with the organization's logging policy. This recommendation is applicable to PostgreSQL database instances.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_min_error_statement from the drop-down menu, and set appropriate value.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.5" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHEN", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_min_messages", + "false", + "" + ] + ], + "id_suffix": "log_min_messages" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json new file mode 100644 index 000000000..b978c7869 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json @@ -0,0 +1,27 @@ +{ + "description": "Log Temp Files Database Flag For PostgreSQL Instance Is Not Set To 0", + "rationale": "If all temporary files are not logged, it may be more difficult to identify potential performance issues that may be due to either poor application coding or deliberate resource starvation attempts.", + "remediation": "From console:
      1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
      2. Select the PostgreSQL instance where the database flag needs to be enabled.
      3. Click Edit
      4. Scroll down to the Flags section.
      5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_temp_files from the drop-down menu, and set its value to 0.
      6. Click Save
      7. Confirm the changes under Flags on the Overview page.
      ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "6.2.6" + } + ], + "references": [ + "https://www.postgresql.org/docs/9.6/runtime-config-logging.html#GUC-LOG-TEMP-FILES", + "https://cloud.google.com/sql/docs/postgres/flags" + ], + "dashboard_name": "Instances", + "path": "cloudsql.projects.id.instances.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.log_temp_files_0", + "false", + "" + ] + ], + "id_suffix": "log_temp_files_0" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index e8944a1fb..40d8b57d3 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -1,6 +1,48 @@ { "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.", "rules": { + "cloudsql-postgresql-instances-log-checkpoints-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-connections-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-disconnections-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-lock-waits-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-temp-files-not-set-0.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudsql-instances-public-ips.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 8b0e62ef0..c0e87197e 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -37,6 +37,30 @@ "level": "warning" } ], + "cloudsql-postgresql-instances-log-checkpoints-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-connections-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-disconnections-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-lock-waits-off.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudsql-instances-public-ips.json": [ { "enabled": true, @@ -49,12 +73,30 @@ "level": "warning" } ], + "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ { "enabled": true, "level": "warning" } ], + "cloudsql-postgresql-instances-log-temp-files-not-set-0.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudsql-mysql-instances-local-infile-on.json": [ { "enabled": true, From 557f2cdf31edc745bb0b58c48244616f1dc370f2 Mon Sep 17 00:00:00 2001 From: Andy Gu Date: Sun, 11 Apr 2021 23:19:40 -0400 Subject: [PATCH 592/979] comments --- .../computeengine-vpc-flow-logs-disabled.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json index dbfc66d28..2d8482163 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json @@ -2,6 +2,16 @@ "description": "VPC Flow Logs Not Enabled", "rationale": "VPC Flow Logs were not enabled for this subnet. It is best practice to enable Flow Logs to some degree in order to have network visibility in the event of resource compromise, as well as source data for threat detections.", "dashboard_name": "Subnetwork", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "3.8" + } + ], + "references": [ + "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" + ], "path": "computeengine.projects.id.regions.id.subnetworks.id", "conditions": [ "and", @@ -11,5 +21,5 @@ "" ] ], - "id_suffix": "name" + "id_suffix": "flowlogs_enabled" } From 05285f0b150c2db2538dbab0fa9d472f5afa4572 Mon Sep 17 00:00:00 2001 From: xga Date: Mon, 12 Apr 2021 10:46:44 +0200 Subject: [PATCH 593/979] Remove faulty requirement --- .../providers/gcp/resources/cloudstorage/buckets.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py index 38e7caa55..9c3dff437 100755 --- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py +++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py @@ -58,10 +58,9 @@ def _get_cloudstorage_bucket_iam_member_bindings(self, raw_bucket): member_bindings = {} if bucket_iam_policy: for binding in bucket_iam_policy._bindings: - if 'legacy' not in binding['role']: - for member in binding['members']: - if member not in member_bindings: - member_bindings[member] = [binding['role']] - else: - member_bindings[member].append(binding['role']) + for member in binding['members']: + if member not in member_bindings: + member_bindings[member] = [binding['role']] + else: + member_bindings[member].append(binding['role']) return member_bindings From a7caed46091df176c1668927354552750435358b Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 12 Apr 2021 14:10:28 +0200 Subject: [PATCH 594/979] Removed } at the end which caused parsing errors --- .../aws/rules/findings/iam-root-account-with-active-keys.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json index 8c2592bfe..51d533d66 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-with-active-keys.json @@ -48,4 +48,4 @@ ] ] ] -}} +} From 82058935da3080b2a45c187710659b9335288051 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 12 Apr 2021 14:11:28 +0200 Subject: [PATCH 595/979] Added Lightspin vulnerability finding to default ruleset --- ScoutSuite/providers/aws/rules/rulesets/default.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index 3e986a574..20ef90c2f 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -567,6 +567,12 @@ "level": "danger" } ], + "iam-lightspin-user-action-denied-for-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], "iam-managed-policy-allows-NotActions.json": [ { "enabled": true, From cd3dfe7d177f8d75ad2fb6bae4f728b56ff01992 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 12 Apr 2021 14:12:06 +0200 Subject: [PATCH 596/979] Added new test to match regex in lists --- ScoutSuite/core/conditions.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index df9f7fbe2..5a6ec9ed0 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -181,6 +181,18 @@ def pass_condition(b, test, a): if re.match(c, b): result = True break + elif test == 'matchInList': + if type(a) != list: + a = [a] + if type(b) !=list: + b = [b] + for c in a: + for d in b: + if re.match(c, d): + result = True + break + if result: + break elif test == 'notMatch': result = (not pass_condition(b, 'match', a)) From 96293b3d3ff56fd653dba9f945f12d604f43afc7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 12 Apr 2021 14:17:17 +0200 Subject: [PATCH 597/979] New finding for Lightspin vulnerability --- ...ightspin-user-action-denied-for-group.json | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json diff --git a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json new file mode 100644 index 000000000..487318c3c --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json @@ -0,0 +1,87 @@ +{ + "description": "Policy with Denied User Actions for Group Objects (Lightspin Vulnerability)", + "rationale": "When a deny policy is specified for User object actions on a group resource, this will only affect the specific IAM group but not the group members. This could lead to privilege escalation if the user can perform other privileged actions targeting the sepecific members of the group.", + "remediation": "Define all relevant users in the resource field of the affected policies to avoid ineffective IAM actions and deny all group actions. The alternative would be to use the condition \"iam:ResourceTag\" in the policy.", + "references": [ + "https://blog.lightspin.io/aws-iam-groups-authorization-bypass", + "https://github.com/lightspin-tech/red-shadow" + ], + "dashboard_name": "Policies", + "display_path": "iam.policies.id", + "path": "iam.policies.id.PolicyDocument.Statement.id", + "conditions": [ + "and", + [ + "iam.policies.id.PolicyDocument.Statement.id.Effect", + "equal", + "Deny" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id.Resource", + "matchInList", + "arn:aws:iam::[0-9]+:group/.*" + ], + [ + "and", + [ + "iam.policies.id.PolicyDocument.Statement.id.", + "withKey", + "Action" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id.Action", + "containAtLeastOneOf", + [ + "*", + "iam:CreateUser", + "iam:GetUser", + "iam:UpdateUser", + "iam:DeleteUser", + "iam:GetUserPolicy", + "iam:PutUserPolicy", + "iam:DeleteUserPolicy", + "iam:ListUserPolicies", + "iam:AttachUserPolicy", + "iam:DetachUserPolicy", + "iam:ListAttachedUserPolicies", + "iam:SimulatePrincipalPolicy", + "iam:GetContextKeysForPrincipalPolicy", + "iam:TagUser", + "iam:UpdateSSHPublicKey", + "iam:UntagUser", + "iam:GetSSHPublicKey", + "iam:ListUserTags", + "iam:DeleteSSHPublicKey", + "iam:GetLoginProfile", + "iam:GetAccessKeyLastUsed", + "iam:UpdateLoginProfile", + "iam:UploadSigningCertificate", + "iam:DeleteLoginProfile", + "iam:ListSigningCertificates", + "iam:CreateLoginProfile", + "iam:UpdateSigningCertificate", + "iam:EnableMFADevice", + "iam:DeleteSigningCertificate", + "iam:ResyncMFADevice", + "iam:ListServiceSpecificCredentials", + "iam:ListMFADevices", + "iam:ResetServiceSpecificCredential", + "iam:DeactivateMFADevice", + "iam:CreateServiceSpecificCredential", + "iam:ChangePassword", + "iam:UpdateServiceSpecificCredential", + "iam:CreateAccessKey", + "iam:DeleteServiceSpecificCredential", + "iam:ListAccessKeys", + "iam:PutUserPermissionsBoundary", + "iam:UpdateAccessKey", + "iam:DeleteUserPermissionsBoundary", + "iam:DeleteAccessKey", + "iam:ListGroupsForUser", + "iam:ListSSHPublicKeys", + "iam:UploadSSHPublicKey" + ] + ] + ] + ] +} \ No newline at end of file From 2b3aca385be1f054f64cf8bda7621c30f798771c Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 13 Apr 2021 11:10:12 +0200 Subject: [PATCH 598/979] Expose partition in AWSFacade --- ScoutSuite/providers/aws/facade/base.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index c4e17a59d..d40fe0f2b 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -26,7 +26,7 @@ from ScoutSuite.providers.aws.facade.sns import SNSFacade from ScoutSuite.providers.aws.facade.sqs import SQSFacade from ScoutSuite.providers.aws.facade.secretsmanager import SecretsManagerFacade -from ScoutSuite.providers.aws.utils import get_aws_account_id +from ScoutSuite.providers.aws.utils import get_aws_account_id, get_partition_name from ScoutSuite.providers.utils import run_concurrently from ScoutSuite.core.conditions import print_error @@ -66,6 +66,7 @@ class AWSFacade(AWSBaseFacade): def __init__(self, credentials=None): super().__init__() self.owner_id = get_aws_account_id(credentials.session) + self.partition = get_partition_name(credentials.session) self.session = credentials.session self._instantiate_facades() From 2fc4164b37d6f236ef285a33364833d4d71bff02 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 13 Apr 2021 11:11:00 +0200 Subject: [PATCH 599/979] Get partition from the facade for each resource type --- ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py | 2 +- ScoutSuite/providers/aws/resources/directconnect/connections.py | 2 +- ScoutSuite/providers/aws/resources/ec2/ami.py | 2 +- ScoutSuite/providers/aws/resources/ec2/instances.py | 2 +- ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py | 2 +- ScoutSuite/providers/aws/resources/ec2/securitygroups.py | 2 +- ScoutSuite/providers/aws/resources/ec2/snapshots.py | 2 +- ScoutSuite/providers/aws/resources/ec2/volumes.py | 2 +- ScoutSuite/providers/aws/resources/efs/filesystems.py | 2 +- ScoutSuite/providers/aws/resources/elasticache/cluster.py | 2 +- ScoutSuite/providers/aws/resources/elb/load_balancers.py | 2 +- ScoutSuite/providers/aws/resources/elb/policies.py | 2 +- ScoutSuite/providers/aws/resources/kms/grants.py | 2 +- .../aws/resources/redshift/cluster_parameter_groups.py | 2 +- .../providers/aws/resources/redshift/cluster_parameters.py | 2 +- ScoutSuite/providers/aws/resources/redshift/clusters.py | 2 +- ScoutSuite/providers/aws/resources/route53/domains.py | 2 +- ScoutSuite/providers/aws/resources/route53/hosted_zones.py | 2 +- ScoutSuite/providers/aws/resources/ses/identities.py | 2 +- ScoutSuite/providers/aws/resources/ses/identity_policies.py | 2 +- ScoutSuite/providers/aws/resources/vpc/flow_logs.py | 2 +- ScoutSuite/providers/aws/resources/vpc/network_acls.py | 2 +- ScoutSuite/providers/aws/resources/vpc/peering_connections.py | 2 +- ScoutSuite/providers/aws/resources/vpcs.py | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py index 339b271fc..aa3911cc5 100644 --- a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py @@ -8,7 +8,7 @@ class MetricFilters(AWSResources): def __init__(self, facade: AWSFacade, region: str): super(MetricFilters, self).__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'cloudwatch' self.resource_type = 'metric-filter' diff --git a/ScoutSuite/providers/aws/resources/directconnect/connections.py b/ScoutSuite/providers/aws/resources/directconnect/connections.py index 6884b296d..e0e4534ba 100755 --- a/ScoutSuite/providers/aws/resources/directconnect/connections.py +++ b/ScoutSuite/providers/aws/resources/directconnect/connections.py @@ -7,7 +7,7 @@ class Connections(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'directconnect' self.resource_type = 'connection' diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index f65a897a5..45660121f 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -7,7 +7,7 @@ class AmazonMachineImages(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'amazon-machine-image' diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index b8e0b9781..3ea82c513 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -10,7 +10,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'instance' diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py index 1315ea96c..2961b9fb4 100755 --- a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py +++ b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'network-interface' diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index 2890ed730..0bb0a6b62 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -12,7 +12,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'security-group' diff --git a/ScoutSuite/providers/aws/resources/ec2/snapshots.py b/ScoutSuite/providers/aws/resources/ec2/snapshots.py index 3f9111753..6ac808ef6 100755 --- a/ScoutSuite/providers/aws/resources/ec2/snapshots.py +++ b/ScoutSuite/providers/aws/resources/ec2/snapshots.py @@ -7,7 +7,7 @@ class Snapshots(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'snapshot' diff --git a/ScoutSuite/providers/aws/resources/ec2/volumes.py b/ScoutSuite/providers/aws/resources/ec2/volumes.py index 5f1ca0701..fed2bbf63 100755 --- a/ScoutSuite/providers/aws/resources/ec2/volumes.py +++ b/ScoutSuite/providers/aws/resources/ec2/volumes.py @@ -7,7 +7,7 @@ class Volumes(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ec2' self.resource_type = 'volume' diff --git a/ScoutSuite/providers/aws/resources/efs/filesystems.py b/ScoutSuite/providers/aws/resources/efs/filesystems.py index f416be827..b69aac044 100755 --- a/ScoutSuite/providers/aws/resources/efs/filesystems.py +++ b/ScoutSuite/providers/aws/resources/efs/filesystems.py @@ -7,7 +7,7 @@ class FileSystems(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'elasticfilesystem' self.resource_type = 'file-system' diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index a2aeb9cfd..4eabf96ac 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'elasticache' self.resource_type = 'cluster' diff --git a/ScoutSuite/providers/aws/resources/elb/load_balancers.py b/ScoutSuite/providers/aws/resources/elb/load_balancers.py index 49bf16a20..4e4a719b4 100755 --- a/ScoutSuite/providers/aws/resources/elb/load_balancers.py +++ b/ScoutSuite/providers/aws/resources/elb/load_balancers.py @@ -9,7 +9,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'elb' self.resource_type = 'load-balancer' diff --git a/ScoutSuite/providers/aws/resources/elb/policies.py b/ScoutSuite/providers/aws/resources/elb/policies.py index d461e5ad2..a5869379c 100755 --- a/ScoutSuite/providers/aws/resources/elb/policies.py +++ b/ScoutSuite/providers/aws/resources/elb/policies.py @@ -8,7 +8,7 @@ class Policies(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'elb' self.resource_type = 'policy' diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py index 54cc20c56..e8c762920 100755 --- a/ScoutSuite/providers/aws/resources/kms/grants.py +++ b/ScoutSuite/providers/aws/resources/kms/grants.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, key_id: str): super().__init__(facade) self.region = region self.key_id = key_id - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'kms' self.resource_type = 'grant' diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py index 407e72880..50dff3de5 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py @@ -14,7 +14,7 @@ class ClusterParameterGroups(AWSCompositeResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'redshift' self.resource_type = 'parametergroup' diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py index 93d8bae34..56b4b9670 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, parameter_group_name: str): super().__init__(facade) self.region = region self.parameter_group_name = parameter_group_name - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'redshift' self.resource_type = 'cluster-parameter' diff --git a/ScoutSuite/providers/aws/resources/redshift/clusters.py b/ScoutSuite/providers/aws/resources/redshift/clusters.py index c02425ffc..33e26b9ad 100755 --- a/ScoutSuite/providers/aws/resources/redshift/clusters.py +++ b/ScoutSuite/providers/aws/resources/redshift/clusters.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str, vpc: str): super().__init__(facade) self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'redshift' self.resource_type = 'cluster' diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index 833091dc4..e0fd64bf7 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -8,7 +8,7 @@ class Domains(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'route53' self.resource_type = 'domain' diff --git a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py index d2a44d692..e7894c794 100755 --- a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py +++ b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py @@ -7,7 +7,7 @@ class HostedZones(AWSResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'route53' self.resource_type = 'hosted-zone' diff --git a/ScoutSuite/providers/aws/resources/ses/identities.py b/ScoutSuite/providers/aws/resources/ses/identities.py index be092195d..86680469a 100755 --- a/ScoutSuite/providers/aws/resources/ses/identities.py +++ b/ScoutSuite/providers/aws/resources/ses/identities.py @@ -14,7 +14,7 @@ class Identities(AWSCompositeResources): def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ses' self.resource_type = 'identity' diff --git a/ScoutSuite/providers/aws/resources/ses/identity_policies.py b/ScoutSuite/providers/aws/resources/ses/identity_policies.py index 6f2671a1a..cd2ae4118 100755 --- a/ScoutSuite/providers/aws/resources/ses/identity_policies.py +++ b/ScoutSuite/providers/aws/resources/ses/identity_policies.py @@ -11,7 +11,7 @@ def __init__(self, facade: AWSFacade, region: str, identity_name: str): super().__init__(facade) self.region = region self.identity_name = identity_name - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'ses' self.resource_type = 'identity-policy' diff --git a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py index f0666b4b7..e4cfd1e53 100755 --- a/ScoutSuite/providers/aws/resources/vpc/flow_logs.py +++ b/ScoutSuite/providers/aws/resources/vpc/flow_logs.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.facade = facade self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'vpc' self.resource_type = 'flow-log' diff --git a/ScoutSuite/providers/aws/resources/vpc/network_acls.py b/ScoutSuite/providers/aws/resources/vpc/network_acls.py index 5492be967..479e62715 100755 --- a/ScoutSuite/providers/aws/resources/vpc/network_acls.py +++ b/ScoutSuite/providers/aws/resources/vpc/network_acls.py @@ -10,7 +10,7 @@ class NetworkACLs(AWSResources): def __init__(self, facade: AWSFacade, region: str, vpc: str): self.region = region self.vpc = vpc - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'vpc' self.resource_type = 'network-acl' diff --git a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py index 97c44a8a4..3907a72ab 100755 --- a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py +++ b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py @@ -8,7 +8,7 @@ def __init__(self, facade: AWSFacade, region: str): super().__init__(facade) self.facade = facade self.region = region - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'vpc' self.resource_type = 'peering-connection' diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py index 157a5b6c7..627891472 100755 --- a/ScoutSuite/providers/aws/resources/vpcs.py +++ b/ScoutSuite/providers/aws/resources/vpcs.py @@ -11,7 +11,7 @@ def __init__(self, facade, region: str, add_ec2_classic=False): super().__init__(facade) self.region = region self.add_ec2_classic = add_ec2_classic - self.partition = get_partition_name(facade.session) + self.partition = facade.partition self.service = 'vpc' self.resource_type = 'virtual-private-cloud' From c82baa1b1bae56f003e83a3afee9221124e6127e Mon Sep 17 00:00:00 2001 From: lowSoA <66413174+lowSoA@users.noreply.github.com> Date: Tue, 13 Apr 2021 14:01:15 +0200 Subject: [PATCH 600/979] Ammend rule description field Co-authored-by: Xavier Garceau-Aranda --- .../findings/iam-lightspin-user-action-denied-for-group.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json index 487318c3c..82ec71e28 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json @@ -1,5 +1,5 @@ { - "description": "Policy with Denied User Actions for Group Objects (Lightspin Vulnerability)", + "description": "Policy with Denied User Actions for Group Objects", "rationale": "When a deny policy is specified for User object actions on a group resource, this will only affect the specific IAM group but not the group members. This could lead to privilege escalation if the user can perform other privileged actions targeting the sepecific members of the group.", "remediation": "Define all relevant users in the resource field of the affected policies to avoid ineffective IAM actions and deny all group actions. The alternative would be to use the condition \"iam:ResourceTag\" in the policy.", "references": [ @@ -84,4 +84,4 @@ ] ] ] -} \ No newline at end of file +} From fcd446c3f8ed786d50d04a994aa22b7f4986a92d Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 13 Apr 2021 10:05:38 -0400 Subject: [PATCH 601/979] fix rule 6.6 from gcp cis (#1267) Co-authored-by: Sophie --- .../gcp/rules/findings/cloudsql-instances-public-ips.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json index 07df46728..725d806df 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json @@ -23,6 +23,11 @@ "cloudsql.projects.id.instances.id.public_ip", "notEmpty", "" + ], + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEqual", + "None" ] ], "id_suffix": "public_ip" From 2dbe2750d812abdb8d7c4134f85457ae03ae2d8c Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 13 Apr 2021 10:06:17 -0400 Subject: [PATCH 602/979] Enhancement/gcp fix errors (#1251) * fix error in kms keys * revert to old way * fix problem with rule * fix comments Co-authored-by: Sophie --- ScoutSuite/providers/gcp/resources/kms/keys.py | 5 ++++- .../kms-encryption-keys-not-rotated.json | 16 ++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/kms/keys.py b/ScoutSuite/providers/gcp/resources/kms/keys.py index db9603a41..755cc3c5c 100755 --- a/ScoutSuite/providers/gcp/resources/kms/keys.py +++ b/ScoutSuite/providers/gcp/resources/kms/keys.py @@ -40,9 +40,12 @@ def _parse_key(self, raw_key): key_dict['algorithm'] = raw_key.get('primary', {}).get('algorithm', None) key_dict['next_rotation_datetime'] = raw_key.get('nextRotationTime', None) key_dict['purpose'] = raw_key['purpose'] + key_dict['rotation_period'] = raw_key.get('rotationPeriod', None) if key_dict['rotation_period']: - key_dict['rotation_period'] = int("".join(filter(str.isdigit, key_dict['rotation_period']))) + rotation_period = int("".join(filter(str.isdigit, key_dict['rotation_period']))) + # get values in days instead of seconds + key_dict['rotation_period'] = rotation_period//(24*3600) key_dict['next_rotation_time_days'] = None if key_dict['next_rotation_datetime']: diff --git a/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json b/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json index e1069435e..fd283eaa7 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json +++ b/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json @@ -22,26 +22,26 @@ "or", [ "kms.projects.id.keyrings.id.keys.id.rotation_period", - "greaterThan", - "7776000" + "equal", + "None" ], [ "kms.projects.id.keyrings.id.keys.id.rotation_period", - "equal", - "None" + "moreThan", + "90" ] ], [ "or", [ "kms.projects.id.keyrings.id.keys.id.next_rotation_time_days", - "greaterThan", - "90" + "equal", + "None" ], [ "kms.projects.id.keyrings.id.keys.id.next_rotation_time_days", - "equal", - "None" + "moreThan", + "90" ] ] ], From fe7c7cbd09c360fc60a6e52ce5acb36488e17ab5 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Tue, 13 Apr 2021 10:54:09 -0400 Subject: [PATCH 603/979] Enhancement/gcp name fix (#1270) * fix error in kms keys * revert to old way * fix problem with rule * fix comments * added name value in dictionary Co-authored-by: Sophie --- .../providers/gcp/resources/iam/bindings_separation_duties.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py b/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py index cd2be9bc4..bdbbc1f2e 100644 --- a/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py +++ b/ScoutSuite/providers/gcp/resources/iam/bindings_separation_duties.py @@ -11,11 +11,11 @@ async def fetch_all(self): raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id) binding_id, binding = await self._parse_binding_separation(raw_bindings) self[binding_id] = binding - x=1 async def _parse_binding_separation(self, raw_bindings): binding_dict = {} binding_dict['id'] = self.project_id + binding_dict['name'] = self.project_id binding_dict["account_separation_duties"] = self.ensure_seperation_duties(raw_bindings) binding_dict["kms_separation_duties"] = self.ensure_KMS_seperation_duties(raw_bindings) From 535c5779ac4646754d3eed6226a70c9c37e2b6c1 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Tue, 13 Apr 2021 19:21:31 +0200 Subject: [PATCH 604/979] Removed unused import due to previous refactoring --- ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py | 2 +- ScoutSuite/providers/aws/resources/directconnect/connections.py | 2 +- ScoutSuite/providers/aws/resources/ec2/ami.py | 2 +- ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py | 2 +- ScoutSuite/providers/aws/resources/ec2/securitygroups.py | 2 +- ScoutSuite/providers/aws/resources/efs/filesystems.py | 2 +- ScoutSuite/providers/aws/resources/elasticache/cluster.py | 2 +- ScoutSuite/providers/aws/resources/elb/policies.py | 2 +- ScoutSuite/providers/aws/resources/kms/grants.py | 2 +- .../aws/resources/redshift/cluster_parameter_groups.py | 2 +- .../providers/aws/resources/redshift/cluster_parameters.py | 2 +- ScoutSuite/providers/aws/resources/redshift/clusters.py | 2 +- ScoutSuite/providers/aws/resources/route53/domains.py | 2 +- ScoutSuite/providers/aws/resources/route53/hosted_zones.py | 2 +- ScoutSuite/providers/aws/resources/s3/buckets.py | 2 +- ScoutSuite/providers/aws/resources/ses/identities.py | 2 +- ScoutSuite/providers/aws/resources/ses/identity_policies.py | 2 +- ScoutSuite/providers/aws/resources/vpc/peering_connections.py | 2 +- ScoutSuite/providers/aws/resources/vpcs.py | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py index aa3911cc5..a2b1f32f8 100644 --- a/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/metric_filters.py @@ -1,7 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.utils import get_non_provider_id -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class MetricFilters(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/directconnect/connections.py b/ScoutSuite/providers/aws/resources/directconnect/connections.py index e0e4534ba..b09955703 100755 --- a/ScoutSuite/providers/aws/resources/directconnect/connections.py +++ b/ScoutSuite/providers/aws/resources/directconnect/connections.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Connections(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/ec2/ami.py b/ScoutSuite/providers/aws/resources/ec2/ami.py index 45660121f..041f62cbe 100755 --- a/ScoutSuite/providers/aws/resources/ec2/ami.py +++ b/ScoutSuite/providers/aws/resources/ec2/ami.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class AmazonMachineImages(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py index 2961b9fb4..6fbbfe4bb 100755 --- a/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py +++ b/ScoutSuite/providers/aws/resources/ec2/networkinterfaces.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class NetworkInterfaces(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py index 0bb0a6b62..836c04aa5 100755 --- a/ScoutSuite/providers/aws/resources/ec2/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/ec2/securitygroups.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn from ScoutSuite.utils import manage_dictionary from ScoutSuite.core.fs import load_data diff --git a/ScoutSuite/providers/aws/resources/efs/filesystems.py b/ScoutSuite/providers/aws/resources/efs/filesystems.py index b69aac044..5777adf22 100755 --- a/ScoutSuite/providers/aws/resources/efs/filesystems.py +++ b/ScoutSuite/providers/aws/resources/efs/filesystems.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class FileSystems(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index 4eabf96ac..289c3c205 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Clusters(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/elb/policies.py b/ScoutSuite/providers/aws/resources/elb/policies.py index a5869379c..06982bb2d 100755 --- a/ScoutSuite/providers/aws/resources/elb/policies.py +++ b/ScoutSuite/providers/aws/resources/elb/policies.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn from ScoutSuite.providers.utils import get_non_provider_id diff --git a/ScoutSuite/providers/aws/resources/kms/grants.py b/ScoutSuite/providers/aws/resources/kms/grants.py index e8c762920..b3ed47917 100755 --- a/ScoutSuite/providers/aws/resources/kms/grants.py +++ b/ScoutSuite/providers/aws/resources/kms/grants.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Grants(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py index 50dff3de5..222f7ddb9 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameter_groups.py @@ -1,7 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSCompositeResources from ScoutSuite.providers.utils import get_non_provider_id -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn from .cluster_parameters import ClusterParameters diff --git a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py index 56b4b9670..efd879ae7 100755 --- a/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py +++ b/ScoutSuite/providers/aws/resources/redshift/cluster_parameters.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class ClusterParameters(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/redshift/clusters.py b/ScoutSuite/providers/aws/resources/redshift/clusters.py index 33e26b9ad..71f96a642 100755 --- a/ScoutSuite/providers/aws/resources/redshift/clusters.py +++ b/ScoutSuite/providers/aws/resources/redshift/clusters.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Clusters(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/route53/domains.py b/ScoutSuite/providers/aws/resources/route53/domains.py index e0fd64bf7..35dafb7ef 100755 --- a/ScoutSuite/providers/aws/resources/route53/domains.py +++ b/ScoutSuite/providers/aws/resources/route53/domains.py @@ -1,7 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.utils import get_non_provider_id -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Domains(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py index e7894c794..fc12e22b9 100755 --- a/ScoutSuite/providers/aws/resources/route53/hosted_zones.py +++ b/ScoutSuite/providers/aws/resources/route53/hosted_zones.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.resources.base import AWSResources from ScoutSuite.providers.aws.facade.base import AWSFacade -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class HostedZones(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/s3/buckets.py b/ScoutSuite/providers/aws/resources/s3/buckets.py index 19760f51c..4a912e06c 100755 --- a/ScoutSuite/providers/aws/resources/s3/buckets.py +++ b/ScoutSuite/providers/aws/resources/s3/buckets.py @@ -1,5 +1,5 @@ from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn from ScoutSuite.providers.utils import get_non_provider_id diff --git a/ScoutSuite/providers/aws/resources/ses/identities.py b/ScoutSuite/providers/aws/resources/ses/identities.py index 86680469a..94efa9a26 100755 --- a/ScoutSuite/providers/aws/resources/ses/identities.py +++ b/ScoutSuite/providers/aws/resources/ses/identities.py @@ -1,7 +1,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSCompositeResources from ScoutSuite.providers.utils import get_non_provider_id -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn from .identity_policies import IdentityPolicies diff --git a/ScoutSuite/providers/aws/resources/ses/identity_policies.py b/ScoutSuite/providers/aws/resources/ses/identity_policies.py index cd2ae4118..1ff4821f2 100755 --- a/ScoutSuite/providers/aws/resources/ses/identity_policies.py +++ b/ScoutSuite/providers/aws/resources/ses/identity_policies.py @@ -2,7 +2,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class IdentityPolicies(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py index 3907a72ab..7f7b155f7 100755 --- a/ScoutSuite/providers/aws/resources/vpc/peering_connections.py +++ b/ScoutSuite/providers/aws/resources/vpc/peering_connections.py @@ -1,6 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class PeeringConnections(AWSResources): diff --git a/ScoutSuite/providers/aws/resources/vpcs.py b/ScoutSuite/providers/aws/resources/vpcs.py index 627891472..a7b3f3256 100755 --- a/ScoutSuite/providers/aws/resources/vpcs.py +++ b/ScoutSuite/providers/aws/resources/vpcs.py @@ -1,5 +1,5 @@ from ScoutSuite.providers.aws.resources.base import AWSCompositeResources -from ScoutSuite.providers.aws.utils import get_partition_name, format_arn +from ScoutSuite.providers.aws.utils import format_arn class Vpcs(AWSCompositeResources): """ From d5fa2799ca13f4c56043ab4e59708f3f0d977cc1 Mon Sep 17 00:00:00 2001 From: Sophie Date: Wed, 14 Apr 2021 12:00:08 -0400 Subject: [PATCH 605/979] fix id in html for dns --- .../gcp/services.dns.projects.id.managed_zones.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html b/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html index bf7ead99e..87d54db50 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.dns.projects.id.managed_zones.html @@ -19,9 +19,9 @@
      Key Algorithm: {{key_algorithm}} -
    • Key Type: {{key_type}}
      • -
    • Length: {{length}}
      • +
    • Key Algorithm: {{key_algorithm}}
      • +
    • Key Type: {{key_type}}
      • +
    • Length: {{length}}
    {{else}}
  • None
    • From 1188aa4142c95b7eb8ec63803676038759c67541 Mon Sep 17 00:00:00 2001 From: Sophie Dorval <42855086+SophieDorval@users.noreply.github.com> Date: Wed, 14 Apr 2021 13:46:00 -0400 Subject: [PATCH 606/979] fix sql error in azure (#1278) Co-authored-by: Sophie --- ScoutSuite/providers/azure/facade/sqldatabase.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/facade/sqldatabase.py b/ScoutSuite/providers/azure/facade/sqldatabase.py index 1c3af4a47..4d922cfcd 100755 --- a/ScoutSuite/providers/azure/facade/sqldatabase.py +++ b/ScoutSuite/providers/azure/facade/sqldatabase.py @@ -67,7 +67,7 @@ async def get_server_azure_ad_administrators(self, resource_group_name, server_n try: client = self.get_client(subscription_id) return await run_concurrently( - lambda: client.server_azure_ad_administrators.get(resource_group_name, server_name, 'activeDirectory') + lambda: client.server_azure_ad_administrators.list_by_server(resource_group_name, server_name) ) except Exception as e: print_exception(f'Failed to retrieve server azure ad administrators: {e}') From b9b8e201a45bd63835f611eec67fe3bb7c892a0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Bellemare-Alford?= Date: Wed, 14 Apr 2021 16:41:39 -0400 Subject: [PATCH 607/979] Add dummy workflow (#1274) --- .github/workflows/frontend-build.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/workflows/frontend-build.yml diff --git a/.github/workflows/frontend-build.yml b/.github/workflows/frontend-build.yml new file mode 100644 index 000000000..b27f41a23 --- /dev/null +++ b/.github/workflows/frontend-build.yml @@ -0,0 +1,15 @@ +name: Fronted Build CI (dummy version) + +on: + # Triggers the workflow on push or pull request events but only for the master branch + push: + branches: [ v6-master ] + +jobs: + test: + runs-on: ubuntu-18.04 + steps: + - name: Show environment v1 + run: env | grep ^GITHUB + - name: Show ref v1 + run: echo "===============> Version from $GITHUB_REF" \ No newline at end of file From 61facf05e433445e7c48aa1ef8470e988c98e115 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 19 Apr 2021 16:28:22 +0200 Subject: [PATCH 608/979] Added 'scope' to IAM policy --- ScoutSuite/providers/aws/resources/iam/policies.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/aws/resources/iam/policies.py b/ScoutSuite/providers/aws/resources/iam/policies.py index 6ffb742da..8a7ae90df 100755 --- a/ScoutSuite/providers/aws/resources/iam/policies.py +++ b/ScoutSuite/providers/aws/resources/iam/policies.py @@ -15,5 +15,6 @@ def _parse_policy(self, raw_policy): policy['arn'] = raw_policy.pop('Arn') policy['PolicyDocument'] = raw_policy.pop('PolicyDocument') policy['attached_to'] = raw_policy.pop('attached_to') + policy['scope'] = 'AWS' if policy['arn'].startswith('arn:aws:iam::aws:') else 'Local' return policy['id'], policy From 444f304c8a8e4c911d7f09309cd30530858678eb Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 19 Apr 2021 16:45:39 +0200 Subject: [PATCH 609/979] Contemplate other partition cases --- ScoutSuite/providers/aws/resources/iam/policies.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/iam/policies.py b/ScoutSuite/providers/aws/resources/iam/policies.py index 8a7ae90df..17a4e075c 100755 --- a/ScoutSuite/providers/aws/resources/iam/policies.py +++ b/ScoutSuite/providers/aws/resources/iam/policies.py @@ -15,6 +15,6 @@ def _parse_policy(self, raw_policy): policy['arn'] = raw_policy.pop('Arn') policy['PolicyDocument'] = raw_policy.pop('PolicyDocument') policy['attached_to'] = raw_policy.pop('attached_to') - policy['scope'] = 'AWS' if policy['arn'].startswith('arn:aws:iam::aws:') else 'Local' + policy['scope'] = 'AWS' if policy['arn'].startswith(f"arn:{self.facade.partition}:iam::aws:") else 'Local' return policy['id'], policy From a664ca38a77eaa1075bed30deb43a42bcc48914c Mon Sep 17 00:00:00 2001 From: Sophie Date: Tue, 20 Apr 2021 12:03:13 -0400 Subject: [PATCH 610/979] blank commit --- ScoutSuite/providers/gcp/rules/rulesets/default.json | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index de47991a9..0734847df 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -610,3 +610,4 @@ ] } } + From 1108809d5804213d3a92f6cd9c79d74814a0e39b Mon Sep 17 00:00:00 2001 From: Rogerio Bastos <2397391+rogeriobastos@users.noreply.github.com> Date: Mon, 3 May 2021 12:14:42 -0300 Subject: [PATCH 611/979] Downloda awscli from AWS official URL --- docker/bin/container-install-aws2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/bin/container-install-aws2.sh b/docker/bin/container-install-aws2.sh index d8f9e521b..b35bb7a0d 100755 --- a/docker/bin/container-install-aws2.sh +++ b/docker/bin/container-install-aws2.sh @@ -15,7 +15,7 @@ echo -e "\n\nAWS2 CLI Installation Starting...\n\n" # install AWS CLI v2 # ===================================== cd ${TMPDIR} -curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip ./aws/install --update From f0c3961d660a9d0a92955d6a9bade43331b22742 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Fri, 7 May 2021 16:04:40 +0100 Subject: [PATCH 612/979] Fix small bug with GCP monitoring alerts --- .../stackdrivermonitoring/monitoring_alert_policies.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py index 7c03ca07b..4c1fa5ee0 100644 --- a/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py +++ b/ScoutSuite/providers/gcp/resources/stackdrivermonitoring/monitoring_alert_policies.py @@ -28,7 +28,7 @@ def _parse_alert_policy(self, raw_alert_policies): def _specific_alert_policy_present(self, alert_policies): for alert_policy in alert_policies: - for condition in alert_policy.conditions._values: + for condition in alert_policy.conditions: if condition.condition_threshold.filter == 'metric.type=\"logging.googleapis.com/user/\"' and alert_policy.enabled.value: return True From a15cff3bd9845bcf9046a02241525366e784f7ba Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Fri, 7 May 2021 16:31:27 +0100 Subject: [PATCH 613/979] Fixed small typo in new rule --- .../findings/iam-lightspin-user-action-denied-for-group.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json index 82ec71e28..0d9ea6cf3 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json @@ -1,6 +1,6 @@ { "description": "Policy with Denied User Actions for Group Objects", - "rationale": "When a deny policy is specified for User object actions on a group resource, this will only affect the specific IAM group but not the group members. This could lead to privilege escalation if the user can perform other privileged actions targeting the sepecific members of the group.", + "rationale": "When a deny policy is specified for User object actions on a group resource, this will only affect the specific IAM group but not the group members. This could lead to privilege escalation if the user can perform other privileged actions targeting the specific members of the group.", "remediation": "Define all relevant users in the resource field of the affected policies to avoid ineffective IAM actions and deny all group actions. The alternative would be to use the condition \"iam:ResourceTag\" in the policy.", "references": [ "https://blog.lightspin.io/aws-iam-groups-authorization-bypass", From 9b4ca9bd79aff6ca716ea5c55a0477772251419a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 18 May 2021 16:32:15 +0200 Subject: [PATCH 614/979] Fix bug in evaluation --- .../providers/gcp/resources/cloudsql/database_instances.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 22857213a..17d615515 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -128,8 +128,8 @@ def _postgres_log_min_error_statement_flags(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: if flag['name'] == 'log_min_error_statement' and flag['value'] is not None: - return True - return False + return False + return True def _postgres_log_temp_files_flags_0(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: From c3a15fe6d5fd3b1757a44a98880335ab86d22140 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 18 May 2021 17:29:26 +0200 Subject: [PATCH 615/979] Fix bug in evaluation logic --- .../resources/cloudsql/database_instances.py | 40 ++++++++++++------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 17d615515..509318cc1 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -115,39 +115,49 @@ def _mysql_local_infile_flag_off(self, raw_instance): def _check_database_type(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: return False - return True + return None def _postgres_flags_on(self, raw_instance, flag_name: str): if 'POSTGRES' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: - if flag['name'] == flag_name and flag['value'] == 'off': - return False - return True + if flag['name'] == flag_name and flag['value'] != 'off': + return True + return False + else: + return None def _postgres_log_min_error_statement_flags(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: if flag['name'] == 'log_min_error_statement' and flag['value'] is not None: - return False - return True + return True + return False + else: + return None def _postgres_log_temp_files_flags_0(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: - if flag['name'] == 'log_temp_files' and flag['value'] != 0: - return False - return True + if flag['name'] == 'log_temp_files' and flag['value'] == 0: + return True + return False + else: + return None def _postgres_log_min_duration_statement_flags_1(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: - if flag['name'] == 'log_min_duration_statement' and flag['value'] != -1: - return False - return True + if flag['name'] == 'log_min_duration_statement' and flag['value'] == -1: + return True + return False + else: + return None def _sqlservers_cross_db_ownership_chaining_flag_off(self, raw_instance, flag_name: str): if 'SQLSERVER' in raw_instance['databaseVersion']: for flag in raw_instance['settings']['databaseFlags']: - if flag['name'] == flag_name and flag['value'] == 'on': - return False - return True + if flag['name'] == flag_name and flag['value'] == 'off': + return True + return False + else: + return None From e4de10eed0f2bbda27d26f5cdfdae86eb7ac53aa Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 13:13:50 +0200 Subject: [PATCH 616/979] Added case where SQL database threat detection period is 0/unlimited --- ...sqldatabase-databases-threat-detection-low-retention.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json index 9bb02201a..5f880e6d7 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-threat-detection-low-retention.json @@ -13,6 +13,11 @@ "path": "sqldatabase.subscriptions.id.servers.id.databases.id", "conditions": [ "and", + [ + "sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.retention_days", + "notEqual", + "0" + ], [ "sqldatabase.subscriptions.id.servers.id.databases.id.threat_detection.retention_days", "lessThan", From bd75c2c9cd87b7c13f453ab98924a0034e90350a Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 13:14:23 +0200 Subject: [PATCH 617/979] Added case where SQL server threat detection period is 0/unlimited --- .../sqldatabase-servers-threat-detection-low-retention.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json index 4faaea54e..065be89d0 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-low-retention.json @@ -13,6 +13,11 @@ "path": "sqldatabase.subscriptions.id.servers.id", "conditions": [ "and", + [ + "sqldatabase.subscriptions.id.servers.id.threat_detection.retention_days", + "notEqual", + "0" + ], [ "sqldatabase.subscriptions.id.servers.id.threat_detection.retention_days", "lessThan", From 7c290f29e9e79ceedc7e8e6931f7c044e0395919 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 13:15:08 +0200 Subject: [PATCH 618/979] Added case where SQL server auditing retention period is 0/unlimited --- .../findings/sqldatabase-servers-auditing-low-retention.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json index c4fe98624..72551cbfc 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-auditing-low-retention.json @@ -13,6 +13,11 @@ "path": "sqldatabase.subscriptions.id.servers.id", "conditions": [ "and", + [ + "sqldatabase.subscriptions.id.servers.id.auditing.retention_days", + "notEqual", + "0" + ], [ "sqldatabase.subscriptions.id.servers.id.auditing.retention_days", "lessThan", From 5b649f6f0944521ff0ffb470cf87e036a418c7dc Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 14:04:34 +0200 Subject: [PATCH 619/979] Expose partition in credential report --- ScoutSuite/providers/aws/resources/iam/credentialreports.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index 966c0180c..c0f77af84 100755 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -37,6 +37,8 @@ async def _parse_credential_reports(self, raw_credential_report): else: raw_credential_report['mfa_active_hardware'] = False + raw_credential_report['partition'] = self.facade.partition + return raw_credential_report['id'], raw_credential_report async def _user_has_hardware_mfa_devices(self, username): From 7f5df6aebccee062963ad4048647cfed6515f348 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 14:06:08 +0200 Subject: [PATCH 620/979] Check if not GovCloud partition for root account without hardware MFA finding --- .../aws/rules/findings/iam-root-account-no-hardware-mfa.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json index c1a8fe3ce..18fcc06c1 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json @@ -44,6 +44,11 @@ "false", "" ] + ], + [ + "iam.credential_reports.id.partition", + "notEqual", + "aws-us-gov" ] ], "keys": [ From 9dc915e000b7fadd01920e88bc99236aa6880967 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Mon, 24 May 2021 14:06:39 +0200 Subject: [PATCH 621/979] Check if not GovCloud partition for root account without MFA finding --- .../aws/rules/findings/iam-root-account-no-mfa.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json index 9d6da2c60..5c604feb4 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-mfa.json @@ -31,6 +31,11 @@ "iam.credential_reports.id.mfa_active", "notTrue", "" + ], + [ + "iam.credential_reports.id.partition", + "notEqual", + "aws-us-gov" ] ], "keys": [ From 9a1580f8d3550a2a3b326ff1f53a1936375f2a40 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 11 Jun 2021 17:32:10 +0200 Subject: [PATCH 622/979] Added formatted service name for CodeBuild --- ScoutSuite/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index ab48c82f6..ab945185a 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -17,6 +17,7 @@ 'cloudwatch': 'CloudWatch', 'cloudfront': 'CloudFront', 'credentials': 'Credentials', + 'codebuild': 'CodeBuild', 'cognito': 'Cognito', 'config': 'Config', 'directconnect': 'Direct Connect', From b81f1785dd3eb3e9b45ffc0f78f9e1ded7196cb1 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 11 Jun 2021 17:33:31 +0200 Subject: [PATCH 623/979] Added preprocessing step to check security groups usage with CodeBuild --- ScoutSuite/providers/aws/provider.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index f9d4c81af..1e2395130 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -82,6 +82,9 @@ def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): if 'ec2' in self.service_list and 'vpc' in self.service_list: self._match_instances_and_vpcs() self._match_instances_and_subnets() + + if 'ec2' in self.service_list and 'codebuild' in self.service_list: + self._update_sg_usage_codebuild() if 'awslambda' in self.service_list and 'iam' in self.service_list: self._match_lambdas_and_roles() @@ -831,3 +834,17 @@ def parse_elb_policies_callback(self, current_config, path, current_path, region policy['protocols'] = protocols policy['options'] = options policy['ciphers'] = ciphers + + def _update_sg_usage_codebuild(self): + try: + for region in self.services['codebuild']['regions']: + for codebuild_project in self.services['codebuild']['regions'][region]['build_projects']: + if 'vpc' in self.services['codebuild']['regions'][region]['build_projects'][codebuild_project] and 'security_groups' in self.services['codebuild']['regions'][region]['build_projects'][codebuild_project]: + cb_project = self.services['codebuild']['regions'][region]['build_projects'][codebuild_project] + for cb_project_sg in cb_project['security_groups']: + manage_dictionary(self.services['ec2']['regions'][region]['vpcs'][cb_project['vpc']]['security_groups'][cb_project_sg], 'used_by', {'resource_type': {'codebuild_project': []}}) + self.services['ec2']['regions'][region]['vpcs'][cb_project['vpc']]['security_groups'][cb_project_sg]['used_by']['resource_type']['codebuild_project'].append({ + 'id': cb_project['arn'], 'name': cb_project['name'] + }) + except Exception as e: + print_exception(f'Failed to update security group usage for CodeBuild: {e}') From 5c00f1c6b6ab0c3120d35372680a2afe42ff6ea7 Mon Sep 17 00:00:00 2001 From: Viatcheslav Zhilin Date: Fri, 11 Jun 2021 17:35:27 +0200 Subject: [PATCH 624/979] Implemented support for CodeBuild service --- ScoutSuite/providers/aws/facade/base.py | 2 ++ ScoutSuite/providers/aws/facade/codebuild.py | 30 +++++++++++++++++++ .../aws/resources/codebuild/__init__.py | 0 .../providers/aws/resources/codebuild/base.py | 13 ++++++++ .../aws/resources/codebuild/build_projects.py | 27 +++++++++++++++++ ScoutSuite/providers/aws/services.py | 2 ++ 6 files changed, 74 insertions(+) create mode 100644 ScoutSuite/providers/aws/facade/codebuild.py create mode 100644 ScoutSuite/providers/aws/resources/codebuild/__init__.py create mode 100644 ScoutSuite/providers/aws/resources/codebuild/base.py create mode 100644 ScoutSuite/providers/aws/resources/codebuild/build_projects.py diff --git a/ScoutSuite/providers/aws/facade/base.py b/ScoutSuite/providers/aws/facade/base.py index c4e17a59d..2cf452881 100755 --- a/ScoutSuite/providers/aws/facade/base.py +++ b/ScoutSuite/providers/aws/facade/base.py @@ -7,6 +7,7 @@ from ScoutSuite.providers.aws.facade.cloudtrail import CloudTrailFacade from ScoutSuite.providers.aws.facade.cloudwatch import CloudWatch from ScoutSuite.providers.aws.facade.cloudfront import CloudFront +from ScoutSuite.providers.aws.facade.codebuild import CodeBuild from ScoutSuite.providers.aws.facade.config import ConfigFacade from ScoutSuite.providers.aws.facade.directconnect import DirectConnectFacade from ScoutSuite.providers.aws.facade.dynamodb import DynamoDBFacade @@ -257,6 +258,7 @@ def _instantiate_facades(self): self.elasticache = ElastiCacheFacade(self.session) self.route53 = Route53Facade(self.session) self.cloudfront = CloudFront(self.session) + self.codebuild = CodeBuild(self.session) self.elb = ELBFacade(self.session) self.elbv2 = ELBv2Facade(self.session) self.iam = IAMFacade(self.session) diff --git a/ScoutSuite/providers/aws/facade/codebuild.py b/ScoutSuite/providers/aws/facade/codebuild.py new file mode 100644 index 000000000..befc59c6a --- /dev/null +++ b/ScoutSuite/providers/aws/facade/codebuild.py @@ -0,0 +1,30 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade +from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils +from ScoutSuite.providers.utils import run_concurrently, map_concurrently + + +class CodeBuild(AWSBaseFacade): + async def get_projects(self, region: str): + codebuild_client = AWSFacadeUtils.get_client('codebuild', self.session, region) + try: + projects = await run_concurrently(lambda: codebuild_client.list_projects()['projects']) + except Exception as e: + print_exception(f'Failed to get CodeBuild projects: {e}') + return [] + else: + if not projects: + return [] + return await map_concurrently(self._get_project_details, projects, region=region) + + async def _get_project_details(self, project: str, region: str): + codebuild_client = AWSFacadeUtils.get_client('codebuild', self.session, region) + try: + project_details = await run_concurrently(lambda: codebuild_client.batch_get_projects(names=[project])) + except Exception as e: + print_exception(f'Failed to get CodeBuild project details: {e}') + return project + else: + project_details.pop('ResponseMetadata') + project_details.pop('projectsNotFound') + return project_details diff --git a/ScoutSuite/providers/aws/resources/codebuild/__init__.py b/ScoutSuite/providers/aws/resources/codebuild/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/aws/resources/codebuild/base.py b/ScoutSuite/providers/aws/resources/codebuild/base.py new file mode 100644 index 000000000..8431d5e2c --- /dev/null +++ b/ScoutSuite/providers/aws/resources/codebuild/base.py @@ -0,0 +1,13 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.regions import Regions + +from .build_projects import BuildProjects + + +class CodeBuild(Regions): + _children = [ + (BuildProjects, 'build_projects') + ] + + def __init__(self, facade: AWSFacade): + super().__init__('codebuild', facade) diff --git a/ScoutSuite/providers/aws/resources/codebuild/build_projects.py b/ScoutSuite/providers/aws/resources/codebuild/build_projects.py new file mode 100644 index 000000000..98238f4cc --- /dev/null +++ b/ScoutSuite/providers/aws/resources/codebuild/build_projects.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id + + +class BuildProjects(AWSResources): + def __init__(self, facade: AWSFacade, region: str): + super().__init__(facade) + self.region = region + + async def fetch_all(self): + raw_projects = await self.facade.codebuild.get_projects(self.region) + for list_raw_project in raw_projects: + for raw_project in list_raw_project.get('projects'): + id, build_project = self._parse_build_projects(raw_project) + self[id] = build_project + + def _parse_build_projects(self, raw_build_project): + project_dict = {} + project_dict['id'] = raw_build_project.get('arn') + project_dict['arn'] = raw_build_project.get('arn') + project_dict['name'] = raw_build_project.get('name') + if 'vpcConfig' in raw_build_project: + project_dict['vpc'] = raw_build_project.get('vpcConfig').get('vpcId') + project_dict['subnets'] = raw_build_project.get('vpcConfig').get('subnets') + project_dict['security_groups'] = raw_build_project.get('vpcConfig').get('securityGroupIds') + return project_dict['id'], project_dict diff --git a/ScoutSuite/providers/aws/services.py b/ScoutSuite/providers/aws/services.py index b1a8d9d08..4b9656b28 100755 --- a/ScoutSuite/providers/aws/services.py +++ b/ScoutSuite/providers/aws/services.py @@ -5,6 +5,7 @@ from ScoutSuite.providers.aws.resources.cloudtrail.base import CloudTrail from ScoutSuite.providers.aws.resources.cloudwatch.base import CloudWatch from ScoutSuite.providers.aws.resources.cloudfront.base import CloudFront +from ScoutSuite.providers.aws.resources.codebuild.base import CodeBuild from ScoutSuite.providers.aws.resources.config.base import Config from ScoutSuite.providers.aws.resources.directconnect.base import DirectConnect from ScoutSuite.providers.aws.resources.dynamodb.base import DynamoDB @@ -94,6 +95,7 @@ def __init__(self, credentials=None, **kwargs): self.cloudtrail = CloudTrail(facade) self.cloudwatch = CloudWatch(facade) self.cloudfront = CloudFront(facade) + self.codebuild = CodeBuild(facade) self.config = Config(facade) self.directconnect = DirectConnect(facade) self.dynamodb = DynamoDB(facade) From 2cdd25ac2b8b0a0974a640e561509cca62e92ee0 Mon Sep 17 00:00:00 2001 From: lm-t Date: Wed, 14 Jul 2021 14:20:12 -0700 Subject: [PATCH 625/979] fixed typo --- .../rules/findings/cloudtrail-no-cloudwatch-integration.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json index daed6594e..2f15c9b66 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json @@ -1,6 +1,6 @@ { "description": "Trail Is Not Integrated with CloudWatch", - "rationale": "The lack of integration with CloudWatch hinders ral-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", + "rationale": "The lack of integration with CloudWatch hinders real-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", "remediation": "Configure each Trail to have a CloudWatch Logs group attached", "compliance": [ { @@ -47,4 +47,4 @@ ] ], "id_suffix": "TrailCloudwatchNoIntegration" -} \ No newline at end of file +} From e69062f8092994bdbb69c9e179c4b5d7cb470c17 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 29 Jul 2021 16:26:08 +0200 Subject: [PATCH 626/979] Resolve https://github.com/nccgroup/ScoutSuite/issues/1317 --- .../services.kubernetesengine.clusters.html | 52 ++++++++++--------- ScoutSuite/providers/gcp/facade/gke.py | 6 +-- ScoutSuite/providers/gcp/metadata.json | 2 +- .../providers/gcp/resources/gke/base.py | 12 +---- .../providers/gcp/resources/gke/clusters.py | 7 +-- .../providers/gcp/resources/gke/zones.py | 8 --- ...esengine-basic-authentication-enabled.json | 4 +- ...ne-certificate-authentication-enabled.json | 4 +- ...netesengine-cluster-alias-ip-disabled.json | 4 +- ...ubernetesengine-cluster-has-no-labels.json | 4 +- ...rnetesengine-cluster-logging-disabled.json | 4 +- ...r-master-authorized-networks-disabled.json | 4 +- ...tesengine-cluster-monitoring-disabled.json | 4 +- ...ngine-cluster-network-policy-disabled.json | 4 +- ...r-pod-security-policy-config-disabled.json | 4 +- ...luster-private-google-access-disabled.json | 4 +- .../kubernetesengine-dashboard-enabled.json | 4 +- ...esengine-default-service-account-used.json | 4 +- .../kubernetesengine-legacy-abac-enabled.json | 4 +- ...ine-legacy-metadata-endpoints-enabled.json | 6 +-- ...netesengine-node-auto-repair-disabled.json | 6 +-- ...etesengine-node-auto-upgrade-disabled.json | 6 +-- ...-node-container-optimized-os-not-used.json | 4 +- ...rnetesengine-private-cluster-disabled.json | 4 +- .../kubernetesengine-scopes-not-limited.json | 4 +- 25 files changed, 78 insertions(+), 91 deletions(-) delete mode 100644 ScoutSuite/providers/gcp/resources/gke/zones.py diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 0b426a6f8..e179fe005 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -1,27 +1,29 @@ - diff --git a/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.domains.html b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.domains.html new file mode 100755 index 000000000..54f9079a3 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.iam.projects.id.domains.html @@ -0,0 +1,36 @@ + + + + + + + + + From be3bcecfbd93d96500a2151724a004b30bf75d7b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 16 Sep 2021 13:05:00 +0200 Subject: [PATCH 658/979] Add domains --- .../providers/gcp/resources/iam/domains.py | 32 +++++++++++++++++++ .../gcp/resources/iam/member_bindings.py | 5 +-- .../findings/iam-role-assigned-to-domain.json | 6 ++-- 3 files changed, 38 insertions(+), 5 deletions(-) create mode 100755 ScoutSuite/providers/gcp/resources/iam/domains.py diff --git a/ScoutSuite/providers/gcp/resources/iam/domains.py b/ScoutSuite/providers/gcp/resources/iam/domains.py new file mode 100755 index 000000000..381a27e3e --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/iam/domains.py @@ -0,0 +1,32 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.utils import get_non_provider_id + + +class Domains(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_bindings = await self.facade.cloudresourcemanager.get_member_bindings(self.project_id) + parsed_domains = self._parse_binding(raw_bindings) + for domain_id in parsed_domains.keys(): + self[parsed_domains[domain_id]['id']] = parsed_domains[domain_id] + + def _parse_binding(self, raw_bindings): + + parsed_groups = {} + for binding in raw_bindings: + role = binding['role'].split('/')[-1] + if 'members' in binding: + for member in binding['members']: + member_type, entity = member.split(':')[:2] + if member_type == 'domain': + if entity not in parsed_groups.keys(): + parsed_groups[entity] = {'id': get_non_provider_id(entity), + 'name': entity, + 'roles': [role]} + else: + parsed_groups[entity]['roles'].append(role) + return parsed_groups diff --git a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py index ae2027f42..c972e07ef 100755 --- a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py +++ b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py @@ -31,7 +31,7 @@ async def _parse_binding(self, raw_binding): return binding_dict['id'], binding_dict def _parse_members(self, raw_binding): - members_dict = {'users': [], 'groups': [], 'service_accounts': []} + members_dict = {'users': [], 'groups': [], 'service_accounts': [], 'domains': []} if 'members' not in raw_binding: return members_dict @@ -39,7 +39,8 @@ def _parse_members(self, raw_binding): type_map = { 'user': 'users', 'group': 'groups', - 'serviceAccount': 'service_accounts' + 'serviceAccount': 'service_accounts', + 'domain': 'domains' } # We want to group the members by type, so we need to parse their type and entity. diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-domain.json b/ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-domain.json index 02d390dfb..207ba6d7e 100755 --- a/ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-domain.json +++ b/ScoutSuite/providers/gcp/rules/findings/iam-role-assigned-to-domain.json @@ -1,16 +1,16 @@ { "description": "IAM Role Assigned to Domain", - "rationale": "Best practices recommends granting roles to a Google Suite group instead of to individual users when possible. It is easier to add members to and remove members from a group instead of updating a Cloud IAM policy to add or remove users.", + "rationale": "Roles granted to Workspace domains grant permissions to all users of the domain's Organization, which goes against the principle of least privilege.", "references": [ "https://cloud.google.com/iam/docs/understanding-roles", "https://cloud.google.com/iam/docs/using-iam-securely" ], "dashboard_name": "Bindings", - "path": "iam.projects.id.domains.id", + "path": "iam.projects.id.bindings.id", "conditions": [ "and", [ - "iam.projects.id.domains.id.roles", + "iam.projects.id.bindings.id.members.domains", "notEmpty", "" ] From 978be4bd26d8f1b0eaa52c2185c8e1b963a8740c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 16 Sep 2021 13:05:34 +0200 Subject: [PATCH 659/979] Update gitignore --- .gitignore | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 1dd20a453..f4c677d81 100755 --- a/.gitignore +++ b/.gitignore @@ -51,8 +51,9 @@ inc-scoutsuite-run* report-* *.db -# PyCharm +# IntelliJ files .idea/ +*.iml # Vs Code .vscode/ @@ -69,4 +70,4 @@ report-* /private*/ /**/private*/ -!docker/bin +!docker/bin \ No newline at end of file From 0ef07a482a537f544e47764de5b2c21f3fecd390 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 16 Sep 2021 15:06:51 +0200 Subject: [PATCH 660/979] Improve wording --- .../rules/findings/kubernetesengine-dashboard-enabled.json | 4 ++-- .../kubernetesengine-default-service-account-used.json | 2 +- .../rules/findings/kubernetesengine-legacy-abac-enabled.json | 2 +- .../kubernetesengine-legacy-metadata-endpoints-enabled.json | 2 +- .../findings/kubernetesengine-node-auto-repair-disabled.json | 4 ++-- .../findings/kubernetesengine-node-auto-upgrade-disabled.json | 2 +- ...kubernetesengine-node-container-optimized-os-not-used.json | 2 +- .../findings/kubernetesengine-private-cluster-disabled.json | 2 +- .../rules/findings/kubernetesengine-scopes-not-limited.json | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json index 3c49af98a..14d4fe202 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-dashboard-enabled.json @@ -1,6 +1,6 @@ { - "description": "The GKE Dashboard Enabled", - "rationale": "You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account.", + "description": "Kubernetes Dashboard Enabled", + "rationale": "You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account. The Cloud Console provides much of the same functionality, so you don't need this functionality.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json index 0ffd937c7..57ed6df29 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-default-service-account-used.json @@ -1,6 +1,6 @@ { "description": "Default Service Account in Use", - "rationale": "You should create and use a minimally privileged service account to run your Kubernetes Engine cluster instead of using the Compute Engine default service account.", + "rationale": "Each GKE node has a Service Account associated with it. By default, nodes are given the Compute Engine default service account. This account has broad access by default, making it useful to wide variety of applications, but it has more permissions than are required to run your Kubernetes Engine cluster. You should create and use a minimally privileged service account to run your GKE cluster instead of using the Compute Engine default service account.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json index 792f671fc..9e20d8383 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-abac-enabled.json @@ -1,6 +1,6 @@ { "description": "Legacy Authorization (ABAC) Enabled", - "rationale": "The legacy authorizer in Kubernetes Engine grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.", + "rationale": "The legacy authorizer in Kubernetes grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json index f4f2cd12b..9867864b8 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json @@ -1,6 +1,6 @@ { "description": "Legacy Metadata Endpoints Enabled", - "rationale": "Unless your app uses the legacy metadata endpoints, you should disable them.", + "rationale": "The instance metadata server exposed legacy v0.1 and v1beta1 endpoints, which do not enforce metadata query headers. This is a feature in the v1 APIs that makes it more difficult for a potential attacker to retrieve instance metadata, such as Server-Side Request Forgery (SSRF). Unless specifically required, we recommend you disable these legacy APIs.", "compliance": [ { "name": "CIS GKE Benchmark", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json index afe55e5ae..951f2a196 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-repair-disabled.json @@ -1,6 +1,6 @@ { - "description": "Nodes Auto-Repair Disabled", - "rationale": "Auto-repair helps you keep the nodes in your cluster in a healthy, running state.", + "description": "Nodes with Auto-Repair Disabled", + "rationale": "Auto-repair helps maintain the cluster nodes in a healthy, running state.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json index c1829776d..b0af4d824 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json @@ -1,5 +1,5 @@ { - "description": "Nodes Auto-Upgrade Disabled", + "description": "Nodes with Auto-Upgrade Disabled", "rationale": "Auto-upgrades automatically ensures that security updates are applied and kept up to date.", "compliance": [ { diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json index 9643ce33e..ea62af734 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json @@ -1,6 +1,6 @@ { "description": "Lack of Container-Optimized OS Node Images", - "rationale": "The Container-Optimized OS image provides better support, security, and stability than previous images.", + "rationale": "It is recommended to use container-optimized OS images, as they provide improved support, security and stability.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json index 042fbb479..78aa314d1 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json @@ -1,6 +1,6 @@ { "description": "Private Cluster Disabled", - "rationale": "A private cluster is a cluster that makes your master inaccessible from the public internet. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the internet. Nodes have addressed only in the private RFC 1918 address space. Nodes and masters communicate with each other privately using VPC peering.", + "rationale": "A private cluster makes the cluster master inaccessible from the public Internet. In a private cluster, nodes do not have public IP addresses, so workloads run in an environment that is isolated from the internet. Nodes have addressed only in the private RFC 1918 address space. Nodes and masters communicate with each other privately using VPC peering.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json index 0dd367834..d8e709582 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-scopes-not-limited.json @@ -1,6 +1,6 @@ { "description": "Lack of Access Scope Limitation", - "rationale": "If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the possibility of a privilege escalation in an attack. This ensures that your default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required scopes needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.", + "rationale": "If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the oportunity for privilege escalation. This ensures that the default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required ones needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", From 9318d1316010e4f4ecad1029c073a98fa4d24cb9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 16 Sep 2021 15:37:53 +0200 Subject: [PATCH 661/979] Add 2 GKE findings --- .../services.kubernetesengine.clusters.html | 14 ++++++++++--- .../providers/gcp/resources/gke/node_pools.py | 16 +++++++++----- ...ne-node-integrity-monitoring-disabled.json | 21 +++++++++++++++++++ ...netesengine-node-secure-boot-disabled.json | 21 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 12 +++++++++++ 5 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-secure-boot-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index e179fe005..6140b984d 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -61,14 +61,22 @@

    Node pools

    {{#each node_pools}} {{@key}} + +
    + Integrity Monitoring: {{convert_bool_to_enabled integrity_monitoring_enabled}} +
    +
    + Secure Boot: {{convert_bool_to_enabled secure_boot_enabled}} +
    +
    - Automatic node upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}} + Automatic Node Upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}}
    - Automatic node repair: {{convert_bool_to_enabled auto_repair_enabled}} + Automatic Node Repair: {{convert_bool_to_enabled auto_repair_enabled}}
    - Legacy metadata endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}} + Legacy Metadata Endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}}
    {{/each}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/node_pools.py b/ScoutSuite/providers/gcp/resources/gke/node_pools.py index e39b70873..b1676afa0 100644 --- a/ScoutSuite/providers/gcp/resources/gke/node_pools.py +++ b/ScoutSuite/providers/gcp/resources/gke/node_pools.py @@ -18,10 +18,16 @@ def fetch_all(self): def _parse_node_pool(self, raw_node_pool): node_pool_dict = {} node_pool_dict['id'] = raw_node_pool['name'] - node_pool_dict['auto_repair_enabled'] = raw_node_pool.get('management', {}).get('autoRepair', False) - node_pool_dict['auto_upgrade_enabled'] = raw_node_pool.get('management', {}).get('autoUpgrade', False) - node_pool_dict['legacy_metadata_endpoints_enabled'] = self._is_legacy_metadata_endpoints_enabled(raw_node_pool) + node_pool_dict['status'] = raw_node_pool['status'] + node_pool_dict['auto_repair_enabled'] = \ + raw_node_pool.get('management', {}).get('autoRepair', False) + node_pool_dict['auto_upgrade_enabled'] = \ + raw_node_pool.get('management', {}).get('autoUpgrade', False) + node_pool_dict['secure_boot_enabled'] = \ + raw_node_pool.get('config', {}).get('shieldedInstanceConfig', {}).get('enableSecureBoot', False) + node_pool_dict['integrity_monitoring_enabled'] = \ + raw_node_pool.get('config', {}).get('shieldedInstanceConfig', {}).get('enableIntegrityMonitoring', False) + node_pool_dict['legacy_metadata_endpoints_enabled'] = \ + raw_node_pool['config'].get('metadata', {}).get('disable-legacy-endpoints') == 'false' return node_pool_dict['id'], node_pool_dict - def _is_legacy_metadata_endpoints_enabled(self, raw_node_pool): - return raw_node_pool['config'].get('metadata', {}).get('disable-legacy-endpoints') == 'false' diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json new file mode 100644 index 000000000..56cc0b1b5 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json @@ -0,0 +1,21 @@ +{ + "description": "Nodes with Integrity Monitoring Disabled", + "rationale": "The Integrity Monitoring feature should be enabled for GKE cluster nodes in order to monitor and automatically check the runtime boot integrity of shielded cluster nodes using Cloud Monitoring service.", + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.integrity_monitoring_enabled", + "false", + "" + ] + ], + "id_suffix": "integrity_monitoring_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-secure-boot-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-secure-boot-disabled.json new file mode 100644 index 000000000..9f93187d3 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-node-secure-boot-disabled.json @@ -0,0 +1,21 @@ +{ + "description": "Nodes with Secure Boot Disabled", + "rationale": "The Secure Boot feature should be enabled for GKE cluster nodes in order to protect them against malware and rootkits. Secure Boot helps ensure that the system runs only authentic software by verifying the digital signature of all boot components, and halting the boot process if the signature verification fails.", + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.secure_boot_enabled", + "false", + "" + ] + ], + "id_suffix": "secure_boot_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 0d09dac10..4f1151e83 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -470,6 +470,18 @@ "level": "warning" } ], + "kubernetesengine-node-secure-boot-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-integrity-monitoring-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-node-auto-upgrade-disabled.json": [ { "enabled": true, From 9180e53bbc269beb60656900d7616b09324584a4 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 17 Sep 2021 17:29:06 +0200 Subject: [PATCH 662/979] Add condition --- .../iam-lack-of-service-account-key-rotation.json | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json b/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json index 09ed2d69b..4d1110534 100755 --- a/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json +++ b/ScoutSuite/providers/gcp/rules/findings/iam-lack-of-service-account-key-rotation.json @@ -1,6 +1,6 @@ { - "description": "Lack of Service Account Key Rotation", - "rationale": "Rotating Service Account keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. Service Account keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen. It should be ensured that keys are rotated every 90 days.", + "description": "Lack of User-Managed Service Account Key Rotation", + "rationale": "Rotating Service Account keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. User-managed Service Account keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen. It should be ensured that keys are rotated every 90 days.
    This issue does not apply to system-managed keys, as they are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime.", "remediation": "From console:
    Delete any external (user-managed) Service Account Key older than 90 days:
    1. Go to APIs & Services\\Credentials using https://console.cloud.google.com/apis/credentials
    2. In the Section Service Account Keys, for every external (user-managed) service account key where creation date is greater than or equal to the past 90 days, click Delete Bin Icon to Delete Service Account key

    Create a new external (user-managed) Service Account Key for a Service Account:
    1. Go to APIs & Services\\Credentials using https://console.cloud.google.com/apis/credentials
    2. Click Create Credentials and Select Service Account Key.
    3. Choose the service account in the drop-down list for which an External (user-managed) Service Account key needs to be created.
    4. Select the desired key type format among JSON or P12.
    5. Click Create. It will download the private key. Keep it safe.
    6. Click close if prompted
    7. The site will redirect to the APIs & Services\\Credentials page. Make a note of the new ID displayed in the Service account keys section.
    ", "compliance": [ { @@ -17,7 +17,8 @@ "references": [ "https://cloud.google.com/iam/docs/understanding-service-accounts#managing_service_account_keys", "https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/keys/list", - "https://cloud.google.com/iam/docs/service-accounts" + "https://cloud.google.com/iam/docs/service-accounts", + "https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys" ], "dashboard_name": "Service Accounts", "display_path": "iam.projects.id.service_accounts.id", @@ -31,6 +32,11 @@ "90", "days" ] + ], + [ + "iam.projects.id.service_accounts.id.keys.id.key_type", + "equal", + "USER_MANAGED" ] ], "id_suffix": "valid_after" From ff639029732d2ef0100177a2e638bf5cdd205218 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 11:18:27 +0200 Subject: [PATCH 663/979] Support new finding --- .../services.kubernetesengine.clusters.html | 1 + .../providers/gcp/resources/gke/clusters.py | 4 +++ ...application-later-encryption-disabled.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 4 files changed, 37 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index e179fe005..31c928e80 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -11,6 +11,7 @@

    Information

    Location: {{location}}
    Type: {{type}}
    Dashboard: {{dashboard_status}}
    +
    Application-Layer Secrets Encryption : {{convert_bool_to_enabled application_layer_encryption_enabled}}
    Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
    Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    Client Certificate Authentication: {{convert_bool_to_enabled client_certificate_enabled}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 5dce8f64c..c99b2f10a 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -42,6 +42,10 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster) + + + cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' + return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json new file mode 100644 index 000000000..11bdda637 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Application-Layer Secrets Encryption Disabled", + "rationale": "By default, GKE encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption without any additional action.
    Application-layer Secrets Encryption provides an additional layer of security for sensitive data, such as user defined Secrets and Secrets required for the operation of the cluster, such as service account keys, which are all stored in etcd.
    Using this functionality, you can use a key, that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to etcd.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.3.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "application_layer_encryption_enabled", + "true", + "" + ] + ], + "id_suffix": "application_layer_encryption_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 0d09dac10..aa2ba96bb 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -470,6 +470,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-node-auto-upgrade-disabled.json": [ { "enabled": true, From 29a38a476887a270fcb983f15892b08c7f30c064 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 11:26:54 +0200 Subject: [PATCH 664/979] Support new finding --- .../services.kubernetesengine.clusters.html | 3 ++- .../providers/gcp/resources/gke/clusters.py | 1 + ...ne-cluster-workload-identity-disabled.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 31c928e80..9218bbea1 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -11,6 +11,8 @@

    Information

    Location: {{location}}
    Type: {{type}}
    Dashboard: {{dashboard_status}}
    +
    Service Account: {{service_account}}
    +
    Workload Identity : {{convert_bool_to_enabled workload_identity_enabled}}
    Application-Layer Secrets Encryption : {{convert_bool_to_enabled application_layer_encryption_enabled}}
    Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
    Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    @@ -22,7 +24,6 @@

    Information

    Network Policy: {{convert_bool_to_enabled network_policy_enabled}}
    Private Cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    -
    Service Account: {{service_account}}
    Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
    Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
    Scopes: diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index c99b2f10a..cb43db12f 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -45,6 +45,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' + cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json new file mode 100644 index 000000000..d1a787aab --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Workload Identity Disabled", + "rationale": "Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.
    Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.2.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "workload_identity_enabled", + "true", + "" + ] + ], + "id_suffix": "workload_identity_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index aa2ba96bb..b2eecdbea 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -470,6 +470,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-workload-identity-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ { "enabled": true, From c6e951b53f8253b9e5ac0df6e610f658a8dbe083 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 11:37:43 +0200 Subject: [PATCH 665/979] Add finding --- .../providers/gcp/resources/gke/clusters.py | 6 +++++ .../providers/gcp/resources/gke/node_pools.py | 2 ++ ...gine-cluster-metadata-server-disabled.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 4 files changed, 40 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index cb43db12f..c4f051344 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -46,9 +46,15 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None + cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) return cluster_dict['id'], cluster_dict + def _metadata_server_enabled(self, node_pools): + for pool in node_pools: + if pool.get('config', {}).get('workloadMetadataConfig', {}) == {}: + return False + return True def _get_master_authorized_networks_config(self, raw_cluster): if raw_cluster.get('masterAuthorizedNetworksConfig'): diff --git a/ScoutSuite/providers/gcp/resources/gke/node_pools.py b/ScoutSuite/providers/gcp/resources/gke/node_pools.py index e39b70873..15a8bc640 100644 --- a/ScoutSuite/providers/gcp/resources/gke/node_pools.py +++ b/ScoutSuite/providers/gcp/resources/gke/node_pools.py @@ -16,6 +16,8 @@ def fetch_all(self): del self.cluster def _parse_node_pool(self, raw_node_pool): + # TODO add GKE metadata server and place in div + node_pool_dict = {} node_pool_dict['id'] = raw_node_pool['name'] node_pool_dict['auto_repair_enabled'] = raw_node_pool.get('management', {}).get('autoRepair', False) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json new file mode 100644 index 000000000..1f6eaa6e7 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "GKE Metadata Server Disabled", + "rationale": "Every GKE node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM instance identity token, is sensitive and should not be exposed to a Kubernetes workload.
    Enabling the GKE Metadata server prevents pods (that are not running on the host network) from accessing this metadata and facilitates Workload Identity.
    When unspecified, the default setting allows running pods to have full access to the node's underlying metadata server.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.4.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata#concealment" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "metadata_server_enabled", + "true", + "" + ] + ], + "id_suffix": "metadata_server_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index b2eecdbea..ecb55a64c 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -476,6 +476,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-metadata-server-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ { "enabled": true, From 855a5f0f59704a4539bf8bb3e1912366f59613ba Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 11:49:46 +0200 Subject: [PATCH 666/979] Add finding --- .../services.kubernetesengine.clusters.html | 2 ++ .../providers/gcp/resources/gke/clusters.py | 2 ++ ...ernetesengine-cluster-release-channel.json | 29 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++ 4 files changed, 39 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 9218bbea1..16289c13b 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -10,6 +10,8 @@

    Information

    Project ID: {{project}}
    Location: {{location}}
    Type: {{type}}
    +
    Status: {{status}}
    +
    Release Channel: {{Release Channel}}
    Dashboard: {{dashboard_status}}
    Service Account: {{service_account}}
    Workload Identity : {{convert_bool_to_enabled workload_identity_enabled}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index c4f051344..13f8517b1 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -21,6 +21,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['id'] = get_non_provider_id(raw_cluster['name']) cluster_dict['name'] = raw_cluster['name'] cluster_dict['location'] = raw_cluster['location'] + cluster_dict['status'] = raw_cluster['status'] cluster_dict['type'] = "Zonal" if raw_cluster['location'].count("-") > 1 else "Regional" cluster_dict['alias_ip_enabled'] = raw_cluster.get('ipAllocationPolicy', {}).get('useIpAliases', False) cluster_dict['basic_authentication_enabled'] = self._is_basic_authentication_enabled(raw_cluster) @@ -47,6 +48,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) + cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json new file mode 100644 index 000000000..8d29ed587 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json @@ -0,0 +1,29 @@ +{ + "description": "Cluster Subscribed to Release Channel", + "rationale": "Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.
    The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.
    The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.
    Critical security patches are delivered to all release channels.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.release_channel", + "containNoneOf", + [ + "REGULAR", + "STABLE" + ] + ] + ], + "id_suffix": "release_channel" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index ecb55a64c..b86a8fa22 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -458,6 +458,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-release-channel.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ { "enabled": true, From 1e976f9d7e5b46c0cb77cc7cb26d7b4663670bea Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 11:54:04 +0200 Subject: [PATCH 667/979] Add finding --- .../services.kubernetesengine.clusters.html | 3 ++- .../providers/gcp/resources/gke/clusters.py | 1 + ...ngine-cluster-shielded-nodes-disabled.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 16289c13b..e48ce461f 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -14,7 +14,8 @@

    Information

    Release Channel: {{Release Channel}}
    Dashboard: {{dashboard_status}}
    Service Account: {{service_account}}
    -
    Workload Identity : {{convert_bool_to_enabled workload_identity_enabled}}
    +
    Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
    +
    Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
    Application-Layer Secrets Encryption : {{convert_bool_to_enabled application_layer_encryption_enabled}}
    Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
    Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 13f8517b1..d422b492a 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -49,6 +49,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) + cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNonde', {}).get('enabled', False) return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json new file mode 100644 index 000000000..4d41cfa2f --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Shielded GKE Nodes Disabled", + "rationale": "Shielded GKE nodes protects clusters against boot- or kernel-level malware or rootkits which persist beyond infected OS.
    Shielded GKE nodes run firmware which is signed and verified using Google's Certificate Authority, ensuring that the nodes' firmware is unmodified and establishing the root of trust for Secure Boot. GKE node identity is strongly protected via virtual Trusted Platform Module (vTPM) and verified remotely by the master node before the node joins the cluster.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.shielded_nodes_enabled", + "false", + "" + ] + ], + "id_suffix": "shielded_nodes" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index b86a8fa22..8cfe120f2 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -464,6 +464,12 @@ "level": "warning" } ], + "kubernetesengine-shielded-nodes-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ { "enabled": true, From 422a61dc5af845426407d964ec48884877095bea Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 12:02:05 +0200 Subject: [PATCH 668/979] Add finding --- .../services.kubernetesengine.clusters.html | 1 + .../providers/gcp/resources/gke/clusters.py | 3 ++- ...cluster-binary-authorization-disabled.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 4 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index e48ce461f..120f113f1 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -15,6 +15,7 @@

    Information

    Dashboard: {{dashboard_status}}
    Service Account: {{service_account}}
    Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
    +
    Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
    Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
    Application-Layer Secrets Encryption : {{convert_bool_to_enabled application_layer_encryption_enabled}}
    Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
    diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index d422b492a..2fcb8f4b7 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -49,7 +49,8 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) - cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNonde', {}).get('enabled', False) + cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNode', {}).get('enabled', False) + cluster_dict['binary_authorization_enabled'] = raw_cluster.get('binaryAuthorization', {}).get('enabled', False) return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json new file mode 100644 index 000000000..3c767b09d --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Binary Authorization Disabled", + "rationale": "Binary Authorization provides software supply-chain security for images that you deploy to GKE from Google Container Registry (GCR) or another container image registry.
    Binary Authorization requires images to be signed by trusted authorities during the development process. These signatures are then validated at deployment time. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/binary-authorization/" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.binary_authorization_enabled", + "false", + "" + ] + ], + "id_suffix": "binary_authorization" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 8cfe120f2..39f66399e 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -470,6 +470,12 @@ "level": "warning" } ], + "kubernetesengine-binary-authorization-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ { "enabled": true, From e11bc07138c393854b30b052c03b74b604d6b150 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 12:04:34 +0200 Subject: [PATCH 669/979] Change title --- .../findings/kubernetesengine-cluster-release-channel.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json index 8d29ed587..cb0ed50bb 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json @@ -1,5 +1,5 @@ { - "description": "Cluster Subscribed to Release Channel", + "description": "Cluster not Subscribed to Release Channel", "rationale": "Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.
    The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.
    The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.
    Critical security patches are delivered to all release channels.", "compliance": [ { From 9942ce3af786cd861c7c053536e6470a149547f1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 13:11:16 +0200 Subject: [PATCH 670/979] Minor changes --- ScoutSuite/providers/gcp/resources/gke/clusters.py | 2 -- ...esengine-cluster-application-layer-encryption-disabled.json} | 0 2 files changed, 2 deletions(-) rename ScoutSuite/providers/gcp/rules/findings/{kubernetesengine-cluster-application-later-encryption-disabled.json => kubernetesengine-cluster-application-layer-encryption-disabled.json} (100%) diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 2fcb8f4b7..5380051a1 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -43,8 +43,6 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster) - - cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json similarity index 100% rename from ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-later-encryption-disabled.json rename to ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json From 6a837d22923a27bdcde11de74d379dcdfdfd1ff7 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 13:25:01 +0200 Subject: [PATCH 671/979] Update wording --- ...kubernetesengine-cluster-private-google-access-disabled.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json index 519965a7d..27c016149 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json @@ -1,6 +1,6 @@ { "description": "Private Google Access Disabled", - "rationale": "Enabling Private Google Access allows VMs on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.", + "rationale": "Enabling Private Google Access allows hosts on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", From e9e09b53bc06db043a90fd8d010bcbcf028f1811 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 14:22:32 +0200 Subject: [PATCH 672/979] Update finding --- .../gcp/services.kubernetesengine.clusters.html | 2 +- ScoutSuite/providers/gcp/resources/gke/clusters.py | 5 +++-- ...n => kubernetesengine-private-nodes-disabled.json} | 11 ++++++----- .../providers/gcp/rules/rulesets/cis-1.0.0.json | 2 +- ScoutSuite/providers/gcp/rules/rulesets/default.json | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) rename ScoutSuite/providers/gcp/rules/findings/{kubernetesengine-private-cluster-disabled.json => kubernetesengine-private-nodes-disabled.json} (60%) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 120f113f1..dca0619f9 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -26,7 +26,6 @@

    Information

    Master Authorized Networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    Pod Security Policy: {{convert_bool_to_enabled pod_security_policy_enabled}}
    Network Policy: {{convert_bool_to_enabled network_policy_enabled}}
    -
    Private Cluster: {{convert_bool_to_enabled private_cluster_enabled}}
    Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
    Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
    @@ -64,6 +63,7 @@

    Node pools

    +
    Private Nodes: {{convert_bool_to_enabled private_nodes_enabled}}
    {{#each node_pools}} {{@key}} diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 5380051a1..9b718f411 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -38,8 +38,6 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['monitoring_enabled'] = self._is_monitoring_enabled(raw_cluster) cluster_dict['network_policy_enabled'] = raw_cluster.get('networkPolicy', {}).get('enabled', False) cluster_dict['node_pools'] = NodePools(raw_cluster) - cluster_dict['private_cluster_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) - cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['scopes'] = self._get_scopes(raw_cluster) cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster) @@ -49,6 +47,9 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNode', {}).get('enabled', False) cluster_dict['binary_authorization_enabled'] = raw_cluster.get('binaryAuthorization', {}).get('enabled', False) + cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) + + cluster_dict['private_nodes_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) return cluster_dict['id'], cluster_dict diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json similarity index 60% rename from ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json rename to ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json index 042fbb479..c91ed7d02 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-cluster-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json @@ -1,6 +1,6 @@ { - "description": "Private Cluster Disabled", - "rationale": "A private cluster is a cluster that makes your master inaccessible from the public internet. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the internet. Nodes have addressed only in the private RFC 1918 address space. Nodes and masters communicate with each other privately using VPC peering.", + "description": "Private Cluster Nodes Disabled", + "rationale": "Private Nodes are nodes with no public IP addresses. Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts.", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -21,17 +21,18 @@ "references": [ "https://www.cisecurity.org/benchmark/kubernetes/", "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", - "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on", + "https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters" ], "dashboard_name": "Clusters", "path": "kubernetesengine.projects.id.clusters.id", "conditions": [ "and", [ - "kubernetesengine.projects.id.clusters.id.private_cluster_enabled", + "kubernetesengine.projects.id.clusters.id.private_nodes_enabled", "false", "" ] ], - "id_suffix": "private_cluster_disabled" + "id_suffix": "private_nodes_enabled" } diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json index 7a24d82c0..67ff2d0c9 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.0.0.json @@ -169,7 +169,7 @@ "level": "warning" } ], - "kubernetesengine-private-cluster-disabled.json": [ + "kubernetesengine-private-nodes-disabled.json": [ { "enabled": true, "level": "warning" diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 39f66399e..91d813be8 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -518,7 +518,7 @@ "level": "warning" } ], - "kubernetesengine-private-cluster-disabled.json": [ + "kubernetesengine-private-nodes-disabled.json": [ { "enabled": true, "level": "warning" From b46f1384d8cf709631a43486152797142f3f289a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 14:45:54 +0200 Subject: [PATCH 673/979] Add fields --- .../partials/gcp/services.kubernetesengine.clusters.html | 3 +++ ScoutSuite/providers/gcp/resources/gke/clusters.py | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index dca0619f9..2efdc4dc7 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -29,6 +29,9 @@

    Information

    Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
    Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
    Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
    +
    Private Endpoint Status: {{convert_bool_to_enabled private_endpoint_enabled}}
    +
    Private Endpoint: {{private_endpoint}}
    +
    Public Endpoint: {{public_endpoint}}
    Scopes: {{#if scopes}}
      diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 9b718f411..e3d46d8bc 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -48,9 +48,12 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNode', {}).get('enabled', False) cluster_dict['binary_authorization_enabled'] = raw_cluster.get('binaryAuthorization', {}).get('enabled', False) cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) - cluster_dict['private_nodes_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) + cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateclusterconfig', {}).get('enablePrivateEndpoint', False) + cluster_dict['private_endpoint'] = raw_cluster.get('privateclusterconfig', {}).get('privateEndpoint', None) + cluster_dict['public_endpoint'] = raw_cluster.get('privateclusterconfig', {}).get('publicEndpoint', None) + return cluster_dict['id'], cluster_dict def _metadata_server_enabled(self, node_pools): From 2102d354ffc484b834a40d44cddb879d3c1366f9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 14:55:09 +0200 Subject: [PATCH 674/979] Fix file names --- ScoutSuite/providers/gcp/rules/rulesets/default.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index cc3306b29..e1de6196a 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -464,13 +464,13 @@ "level": "warning" } ], - "kubernetesengine-shielded-nodes-enabled.json": [ + "kubernetesengine-cluster-shielded-nodes-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-binary-authorization-enabled.json": [ + "kubernetesengine-cluster-binary-authorization-disabled.json": [ { "enabled": true, "level": "warning" From 70a29c0aa329a05a6903d34660b9849984cc6ef5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:29:00 +0200 Subject: [PATCH 675/979] Fix rule --- .../kubernetesengine-cluster-metadata-server-disabled.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json index 1f6eaa6e7..50562a2f3 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json @@ -18,7 +18,7 @@ "and", [ "metadata_server_enabled", - "true", + "false", "" ] ], From 58de3f31bce95f054bf8b0c5f4655f4ca500555c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:29:15 +0200 Subject: [PATCH 676/979] Improve partial --- .../services.kubernetesengine.clusters.html | 63 +++++++++---------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 4dc89b96b..591d12682 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -11,46 +11,45 @@

      Information

      Location: {{location}}
      Type: {{type}}
      Status: {{status}}
      -
      Release Channel: {{Release Channel}}
      -
      Dashboard: {{dashboard_status}}
      -
      Service Account: {{service_account}}
      -
      Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
      -
      Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
      -
      Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
      -
      Application-Layer Secrets Encryption : {{convert_bool_to_enabled application_layer_encryption_enabled}}
      -
      Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
      +
      Image Type: {{image_type}}
      +
      Release Channel: {{release_channel}}
      Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
      Client Certificate Authentication: {{convert_bool_to_enabled client_certificate_enabled}}
      -
      Image Type: {{image_type}}
      -
      Legacy Authorization: {{convert_bool_to_enabled legacy_abac_enabled}}
      -
      Master Authorized Networks: {{convert_bool_to_enabled master_authorized_networks_enabled}}
      +
      Dashboard: {{dashboard_status}}
      +
      Legacy Authorization (ABAC): {{convert_bool_to_enabled legacy_abac_enabled}}
      Pod Security Policy: {{convert_bool_to_enabled pod_security_policy_enabled}}
      Network Policy: {{convert_bool_to_enabled network_policy_enabled}}
      +
      Service Account: {{service_account}}
      +
      Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
      Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
      -
      Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
      -
      Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
      +
      Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
      Private Endpoint Status: {{convert_bool_to_enabled private_endpoint_enabled}}
      Private Endpoint: {{private_endpoint}}
      Public Endpoint: {{public_endpoint}}
      -
      Scopes: - {{#if scopes}} -
        - {{#each scopes}} -
      • {{this}}
        • - {{/each}} -
      - {{else}} - None - {{/if}} -
      +
      Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
      +
      Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
      +
      Application-Layer Secrets Encryption: {{convert_bool_to_enabled application_layer_encryption_enabled}}
      +
      Stackdriver Logging: {{convert_bool_to_enabled logging_enabled}}
      +
      Stackdriver Monitoring: {{convert_bool_to_enabled monitoring_enabled}}
      {{#if labels}}
      Labels: {{labels}}
      {{/if}}
    - +
    +

    Scopes

    + {{#if scopes}} +
      + {{#each scopes}} +
    • {{this}}
      • + {{/each}} +
    + {{else}} + None + {{/if}} +

    Master Authorized Networks

    -
    Status: {{convert_bool_to_enabled master_authorized_networks_config.enabled}}
    +
    Status: {{convert_bool_to_enabled master_authorized_networks_enabled}}
    CIDR Blocks: {{#if master_authorized_networks_config.cidrBlocks}}
      @@ -63,29 +62,27 @@

      Node pools

      Private Nodes: {{convert_bool_to_enabled private_nodes_enabled}}
      +
      Metadata Server: {{convert_bool_to_enabled metadata_server_enabled}}
      {{#each node_pools}} - {{@key}} - + {{@key}}
      Integrity Monitoring: {{convert_bool_to_enabled integrity_monitoring_enabled}}
      Secure Boot: {{convert_bool_to_enabled secure_boot_enabled}}
      -
      - Automatic Node Upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}} + Legacy Metadata Endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}}
      - Automatic Node Repair: {{convert_bool_to_enabled auto_repair_enabled}} + Automatic Node Upgrades: {{convert_bool_to_enabled auto_upgrade_enabled}}
      - Legacy Metadata Endpoints: {{convert_bool_to_enabled legacy_metadata_endpoints_enabled}} + Automatic Node Repair: {{convert_bool_to_enabled auto_repair_enabled}}
      {{/each}}
      From cec1c4ba2c47b616ea47392b79b9344ed9751b4d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:29:21 +0200 Subject: [PATCH 677/979] Remove comment --- ScoutSuite/providers/gcp/resources/gke/node_pools.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gke/node_pools.py b/ScoutSuite/providers/gcp/resources/gke/node_pools.py index 0c8248d93..b1676afa0 100644 --- a/ScoutSuite/providers/gcp/resources/gke/node_pools.py +++ b/ScoutSuite/providers/gcp/resources/gke/node_pools.py @@ -16,8 +16,6 @@ def fetch_all(self): del self.cluster def _parse_node_pool(self, raw_node_pool): - # TODO add GKE metadata server and place in div - node_pool_dict = {} node_pool_dict['id'] = raw_node_pool['name'] node_pool_dict['status'] = raw_node_pool['status'] From 10235eb9077e9f7719427726dcf97ac744c96ae0 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:38:55 +0200 Subject: [PATCH 678/979] Improve parsing and report --- .../partials/gcp/services.kubernetesengine.clusters.html | 7 ++++++- ScoutSuite/providers/gcp/resources/gke/clusters.py | 7 ++++--- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 591d12682..617cc3941 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -23,9 +23,14 @@

      Information

      Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
      Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
      Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
      -
      Private Endpoint Status: {{convert_bool_to_enabled private_endpoint_enabled}}
      +
      Endpoint: {{endpoint}}
      +
      Private Endpoint Enabled: {{convert_bool_to_enabled private_endpoint_enabled}}
      + {{#if private_endpoint}}
      Private Endpoint: {{private_endpoint}}
      + {{/if}} + {{#if public_endpoint}}
      Public Endpoint: {{public_endpoint}}
      + {{/if}}
      Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
      Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
      Application-Layer Secrets Encryption: {{convert_bool_to_enabled application_layer_encryption_enabled}}
      diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index e3d46d8bc..3c1e4864a 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -32,6 +32,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['image_type'] = raw_cluster.get('nodeConfig', {}).get('imageType', None) cluster_dict['labels'] = raw_cluster.get('resourceLabels', []) cluster_dict['has_labels'] = len(cluster_dict['labels']) > 0 + cluster_dict['endpoint'] = raw_cluster.get('endpoint') cluster_dict['legacy_abac_enabled'] = raw_cluster.get('legacyAbac', {}).get('enabled', False) cluster_dict['logging_enabled'] = self._is_logging_enabled(raw_cluster) cluster_dict['master_authorized_networks_enabled'] = raw_cluster.get('masterAuthorizedNetworksConfig', {}).get('enabled', False) @@ -50,9 +51,9 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['private_nodes_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) - cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateclusterconfig', {}).get('enablePrivateEndpoint', False) - cluster_dict['private_endpoint'] = raw_cluster.get('privateclusterconfig', {}).get('privateEndpoint', None) - cluster_dict['public_endpoint'] = raw_cluster.get('privateclusterconfig', {}).get('publicEndpoint', None) + cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateClusterconfig', {}).get('enablePrivateEndpoint', False) + cluster_dict['public_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('publicEndpoint', None) + cluster_dict['private_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('privateEndpoint', None) return cluster_dict['id'], cluster_dict From 94c22cc73139a86f10d26fc21fd1f15babca23dd Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:44:08 +0200 Subject: [PATCH 679/979] Fix partial paths --- .../services.kubernetesengine.clusters.html | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 617cc3941..794114cf3 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -7,12 +7,12 @@

      {{name}}

      Information

      Name: {{name}}
      -
      Project ID: {{project}}
      -
      Location: {{location}}
      -
      Type: {{type}}
      -
      Status: {{status}}
      +
      Project ID: {{project}}
      +
      Location: {{location}}
      +
      Type: {{type}}
      +
      Status: {{status}}
      Image Type: {{image_type}}
      -
      Release Channel: {{release_channel}}
      +
      Release Channel: {{release_channel}}
      Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
      Client Certificate Authentication: {{convert_bool_to_enabled client_certificate_enabled}}
      Dashboard: {{dashboard_status}}
      @@ -23,13 +23,13 @@

      Information

      Workload Identity: {{convert_bool_to_enabled workload_identity_enabled}}
      Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
      Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
      -
      Endpoint: {{endpoint}}
      -
      Private Endpoint Enabled: {{convert_bool_to_enabled private_endpoint_enabled}}
      +
      Endpoint: {{endpoint}}
      +
      Private Endpoint Enabled: {{convert_bool_to_enabled private_endpoint_enabled}}
      {{#if private_endpoint}} -
      Private Endpoint: {{private_endpoint}}
      +
      Private Endpoint: {{private_endpoint}}
      {{/if}} {{#if public_endpoint}} -
      Public Endpoint: {{public_endpoint}}
      +
      Public Endpoint: {{public_endpoint}}
      {{/if}}
      Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
      Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
      From 94ae43ad223b7a0e93301dcbee1b85ce9abf2e45 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 15:44:19 +0200 Subject: [PATCH 680/979] Add findings --- ...ine-cluster-private-endpoint-disabled.json | 33 +++++++++++++++++++ ...bernetesengine-private-nodes-disabled.json | 5 --- .../providers/gcp/rules/rulesets/default.json | 6 ++++ 3 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json new file mode 100644 index 000000000..c9e380b03 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Private Cluster Endpoint Disabled", + "rationale": "In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network.
      Although Kubernetes API requires an authorized token to perform sensitive actions, a vulnerability could potentially expose the Kubernetes publicly with unrestricted access. Additionally, an attacker may be able to identify the current cluster and Kubernetes API version and determine whether it is vulnerable to an attack.
      Unless required, disabling public endpoint will help prevent such threats, and require the attacker to be on the master's VPC network to perform any attack on the Kubernetes API.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.15" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on", + "https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.private_endpoint_enabled", + "false", + "" + ] + ], + "id_suffix": "private_endpoint_enabled" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json index c91ed7d02..cad008ad9 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-private-nodes-disabled.json @@ -7,11 +7,6 @@ "version": "1.0.0", "reference": "7.15" }, - { - "name": "CIS GKE Benchmark", - "version": "1.0.0", - "reference": "6.6.4" - }, { "name": "CIS GKE Benchmark", "version": "1.0.0", diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index e1de6196a..03f03f745 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -530,6 +530,12 @@ "level": "warning" } ], + "kubernetesengine-cluster-private-endpoint-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "kubernetesengine-private-nodes-disabled.json": [ { "enabled": true, From a4bae7ce6224ba3477fe6056f9d9a923f72d90e1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 16:16:35 +0200 Subject: [PATCH 681/979] Improve UI and parsing --- ScoutSuite/providers/gcp/resources/gke/clusters.py | 13 +++++++------ ...uster-application-layer-encryption-disabled.json | 2 +- ...ngine-cluster-binary-authorization-disabled.json | 2 +- ...netesengine-cluster-shielded-nodes-disabled.json | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 3c1e4864a..d53182d11 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -67,15 +67,16 @@ def _get_master_authorized_networks_config(self, raw_cluster): if raw_cluster.get('masterAuthorizedNetworksConfig'): config = raw_cluster.get('masterAuthorizedNetworksConfig') config['includes_public_cidr'] = False - for block in config['cidrBlocks']: - if block['cidrBlock'] == '0.0.0.0/0': + for block in config.get('cidrBlocks', []): + if block.get('cidrBlock') == '0.0.0.0/0': config['includes_public_cidr'] = True return config else: - return {'enabled': False, - 'cidrBlocks': [], - 'includes_public_cidr': False - } + return { + 'enabled': False, + 'cidrBlocks': [], + 'includes_public_cidr': False + } def _is_pod_security_policy_enabled(self, raw_cluster): if 'podSecurityPolicyConfig' in raw_cluster: diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json index 11bdda637..994d3496f 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json @@ -18,7 +18,7 @@ "and", [ "application_layer_encryption_enabled", - "true", + "false", "" ] ], diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json index 3c767b09d..01548ced5 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json @@ -22,5 +22,5 @@ "" ] ], - "id_suffix": "binary_authorization" + "id_suffix": "binary_authorization_enabled" } diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json index 4d41cfa2f..bc1c95641 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json @@ -22,5 +22,5 @@ "" ] ], - "id_suffix": "shielded_nodes" + "id_suffix": "shielded_nodes_enabled" } From b94901941c4ce34da7bf136d61781b563c81a8d8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Sep 2021 16:31:22 +0200 Subject: [PATCH 682/979] Improve UI and parsing --- .../partials/gcp/services.kubernetesengine.clusters.html | 8 ++++---- ScoutSuite/providers/gcp/resources/gke/clusters.py | 5 ++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html index 794114cf3..1c48ddb30 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.kubernetesengine.clusters.html @@ -12,7 +12,7 @@

      Information

      Type: {{type}}
      Status: {{status}}
      Image Type: {{image_type}}
      -
      Release Channel: {{release_channel}}
      +
      Release Channel: {{value_or_none release_channel}}
      Basic Authentication: {{convert_bool_to_enabled basic_authentication_enabled}}
      Client Certificate Authentication: {{convert_bool_to_enabled client_certificate_enabled}}
      Dashboard: {{dashboard_status}}
      @@ -24,12 +24,12 @@

      Information

      Private Google Access: {{convert_bool_to_enabled private_ip_google_access_enabled}}
      Alias IP: {{convert_bool_to_enabled alias_ip_enabled}}
      Endpoint: {{endpoint}}
      -
      Private Endpoint Enabled: {{convert_bool_to_enabled private_endpoint_enabled}}
      +
      Private Endpoint: {{convert_bool_to_enabled private_endpoint_enabled}}
      {{#if private_endpoint}} -
      Private Endpoint: {{private_endpoint}}
      +
      Private Endpoint IP: {{private_endpoint}}
      {{/if}} {{#if public_endpoint}} -
      Public Endpoint: {{public_endpoint}}
      +
      Public Endpoint IP: {{public_endpoint}}
      {{/if}}
      Binary Authorization: {{convert_bool_to_enabled binary_authorization_enabled}}
      Shielded Nodes: {{convert_bool_to_enabled shielded_nodes_enabled}}
      diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index d53182d11..3b6141eea 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -46,12 +46,11 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) - cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNode', {}).get('enabled', False) + cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNodes', {}).get('enabled', False) cluster_dict['binary_authorization_enabled'] = raw_cluster.get('binaryAuthorization', {}).get('enabled', False) cluster_dict['private_ip_google_access_enabled'] = raw_cluster.get('privateIpGoogleAccess', False) cluster_dict['private_nodes_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateNodes', False) - - cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateClusterconfig', {}).get('enablePrivateEndpoint', False) + cluster_dict['private_endpoint_enabled'] = raw_cluster.get('privateClusterConfig', {}).get('enablePrivateEndpoint', False) cluster_dict['public_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('publicEndpoint', None) cluster_dict['private_endpoint'] = raw_cluster.get('privateClusterConfig', {}).get('privateEndpoint', None) From 23bed98f8b9084aca5586e1ca655163728920859 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Tue, 28 Sep 2021 14:46:01 +0100 Subject: [PATCH 683/979] Update botocore version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c714205d6..014a29e6e 100755 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ coloredlogs<=10.0 asyncio-throttle==0.1.1 # AWS Provider -botocore>=1.12.210 +botocore>=1.20.21 boto3>=1.9.210 policyuniverse>=1.3.2.0 From 22fd782b1137693c905c01ae46a2bfad9b75f0d4 Mon Sep 17 00:00:00 2001 From: Diego Date: Mon, 4 Oct 2021 12:24:16 +0200 Subject: [PATCH 684/979] Fix #1081: returning an empty dict in case they "SecurityGroups" key is not set --- ScoutSuite/providers/aws/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 1e2395130..a44ca3281 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -712,7 +712,7 @@ def get_db_attack_surface(self, current_config, path, current_path, db_id, callb public_dns = current_config['ConfigurationEndpoint']['Address'].replace( '.cfg', '') listeners = [current_config['ConfigurationEndpoint']['Port']] - security_groups = current_config['SecurityGroups'] + security_groups = current_config.get('SecurityGroups', {}) self._security_group_to_attack_surface(service_config['external_attack_surface'], public_dns, current_path, [ g['SecurityGroupId'] for g in security_groups], From f08a6830137377d1818ce2afc07a14bc7a527140 Mon Sep 17 00:00:00 2001 From: Diego Date: Tue, 5 Oct 2021 12:18:18 +0200 Subject: [PATCH 685/979] Fix #1356: Restrict regexes including a $ at the end of the current expressions. --- ...53-domain-transferlock-not-authorized.json | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json index 9ce2d2530..045fce9ff 100755 --- a/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json +++ b/ScoutSuite/providers/aws/rules/findings/route53-domain-transferlock-not-authorized.json @@ -12,30 +12,30 @@ "name", "match", [ - ".*\\.fr", - ".*\\.qa", - ".*\\.co.nz", - ".*\\.nl", - ".*\\.fi", - ".*\\.es", - ".*\\.de", - ".*\\.se", - ".*\\.co.uk", - ".*\\.me.uk", - ".*\\.ru", - ".*\\.jp", - ".*\\.net.au", - ".*\\.ch", - ".*\\.co.za", - ".*\\.com.au", - ".*\\.com.ar", - ".*\\.cl", - ".*\\.org.uk", - ".*\\.it", - ".*\\.net.nz", - ".*\\.uk", - ".*\\.eu", - ".*\\.org.nz" + ".*\\.ch$", + ".*\\.cl$", + ".*\\.co.nz$", + ".*\\.co.uk$", + ".*\\.co.za$", + ".*\\.com.ar$", + ".*\\.com.au$", + ".*\\.de$", + ".*\\.es$", + ".*\\.eu$", + ".*\\.fi$", + ".*\\.fr$", + ".*\\.it$", + ".*\\.jp$", + ".*\\.me.uk$", + ".*\\.net.au$", + ".*\\.net.nz$", + ".*\\.nl$", + ".*\\.org.nz$", + ".*\\.org.uk$", + ".*\\.qa$", + ".*\\.ru$", + ".*\\.se$", + ".*\\.uk$" ] ] ], From a785f14a63c186b824b64f7dd18977bac07853ec Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 5 Oct 2021 12:34:02 +0200 Subject: [PATCH 686/979] fix bug --- ScoutSuite/providers/aws/facade/cloudtrail.py | 1 + ScoutSuite/providers/aws/resources/cloudtrail/trails.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/cloudtrail.py b/ScoutSuite/providers/aws/facade/cloudtrail.py index a0db4c2ff..d5652d739 100755 --- a/ScoutSuite/providers/aws/facade/cloudtrail.py +++ b/ScoutSuite/providers/aws/facade/cloudtrail.py @@ -32,6 +32,7 @@ async def _get_and_set_status(self, trail: {}, region: str): async def _get_and_set_selectors(self, trail: {}, region: str): client = AWSFacadeUtils.get_client('cloudtrail', self.session, region) try: + # this call will fail for organization trails stored in another account trail['EventSelectors'] = await run_concurrently( lambda: client.get_event_selectors(TrailName=trail['TrailARN'])['EventSelectors']) except Exception as e: diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py index 5f4033bb1..92ecfaa81 100755 --- a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py +++ b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py @@ -45,14 +45,14 @@ def _parse_trail(self, raw_trail): # using trail ARN instead of name as with Organizations the trail would be located in another account trail['wildcard_data_logging'] = self.data_logging_status(trail) - for event_selector in trail['EventSelectors']: + for event_selector in trail.get('EventSelectors', []): trail['DataEventsEnabled'] = len(event_selector['DataResources']) > 0 trail['ManagementEventsEnabled'] = event_selector['IncludeManagementEvents'] return trail_id, trail def data_logging_status(self, trail): - for event_selector in trail['EventSelectors']: + for event_selector in trail.get('EventSelectors', []): has_wildcard = \ {'Values': ['arn:aws:s3'], 'Type': 'AWS::S3::Object'} in event_selector['DataResources'] or \ {'Values': ['arn:aws:lambda'], 'Type': 'AWS::Lambda::Function'} in event_selector['DataResources'] From 04ecdaed668e66204cf93668b5ed3a32fba26a89 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 5 Oct 2021 12:35:20 +0200 Subject: [PATCH 687/979] fix bug --- ScoutSuite/providers/aws/resources/kms/keys.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py index 6d1e038b4..ea1849a66 100755 --- a/ScoutSuite/providers/aws/resources/kms/keys.py +++ b/ScoutSuite/providers/aws/resources/kms/keys.py @@ -50,7 +50,10 @@ async def _parse_key(self, raw_key): # enabled anyway elif key_dict['origin'] == 'AWS_KMS' and key_dict['key_manager'] == 'CUSTOMER': rotation_status = await self.facade.kms.get_key_rotation_status(self.region, key_dict['id']) - key_dict['rotation_enabled'] = rotation_status.get('KeyRotationEnabled', None) + if rotation_status: + key_dict['rotation_enabled'] = rotation_status.get('KeyRotationEnabled', None) + else: + key_dict['rotation_enabled'] = None else: key_dict['rotation_enabled'] = True From cc7612601ffb3f473e178f12ac9228d9259f384b Mon Sep 17 00:00:00 2001 From: Chance Russell Date: Tue, 19 Oct 2021 09:14:24 -0500 Subject: [PATCH 688/979] Issue 1371: Correct typo in cloudtrail-no-cloudwatch-integration rationale text --- .../rules/findings/cloudtrail-no-cloudwatch-integration.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json index daed6594e..2f15c9b66 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudtrail-no-cloudwatch-integration.json @@ -1,6 +1,6 @@ { "description": "Trail Is Not Integrated with CloudWatch", - "rationale": "The lack of integration with CloudWatch hinders ral-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", + "rationale": "The lack of integration with CloudWatch hinders real-time and historic activity logging as well as not allowing the configuration of alarms and notifications for anomalous account activity.", "remediation": "Configure each Trail to have a CloudWatch Logs group attached", "compliance": [ { @@ -47,4 +47,4 @@ ] ], "id_suffix": "TrailCloudwatchNoIntegration" -} \ No newline at end of file +} From daa0d5d14b4a3999d5644aebb5e7ce3fb5d1e110 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 11 Nov 2021 15:05:28 +0100 Subject: [PATCH 689/979] Update wording --- .../gcp/rules/findings/iam-primitive-role-in-use.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-primitive-role-in-use.json b/ScoutSuite/providers/gcp/rules/findings/iam-primitive-role-in-use.json index f9e0a5528..22cd431dc 100755 --- a/ScoutSuite/providers/gcp/rules/findings/iam-primitive-role-in-use.json +++ b/ScoutSuite/providers/gcp/rules/findings/iam-primitive-role-in-use.json @@ -1,6 +1,6 @@ { - "description": "Primitive Role in Use", - "rationale": "Primitive roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.

      Note: This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).", + "description": "Basic Role in Use", + "rationale": "Basic roles grant significant privileges. In most cases, usage of these roles is not recommended and does not follow security best practice.

      Note: This rule may flag Google-Managed Service Accounts. Google services rely on these Service Accounts having access to the project, and recommends not removing or changing the Service Account's role (see https://cloud.google.com/iam/docs/service-accounts#google-managed).", "remediation": "From Console:
      1. Go to IAM & admin/IAM using https://console.cloud.google.com/iam-admin/iam
      2. Got to the Members
      3. Identify User-Managed user created service account with roles containing *Admin or *admin or role matching Editor or role matching Owner
      4. Click the Delete bin icon to remove the role from the member (service account in this case)
      ", "compliance": [ { From 5bfb147907af5cceff167cc3671303d307c0c100 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 12 Nov 2021 15:06:13 +0100 Subject: [PATCH 690/979] Replace all direct returns --- ScoutSuite/providers/aws/resources/awslambda/functions.py | 3 ++- .../providers/aws/resources/cloudformation/stacks.py | 3 ++- ScoutSuite/providers/aws/resources/config/recorders.py | 3 ++- ScoutSuite/providers/aws/resources/config/rules.py | 3 ++- ScoutSuite/providers/aws/resources/elasticache/cluster.py | 3 ++- .../providers/aws/resources/elasticache/securitygroups.py | 3 ++- .../providers/aws/resources/elasticache/subnetgroups.py | 3 ++- ScoutSuite/providers/aws/resources/rds/instances.py | 3 ++- ScoutSuite/providers/aws/resources/rds/securitygroups.py | 3 ++- ScoutSuite/providers/aws/resources/rds/subnetgroups.py | 3 ++- ScoutSuite/providers/aws/resources/sns/topics.py | 3 ++- ScoutSuite/providers/aws/resources/sqs/queues.py | 7 ++++--- 12 files changed, 26 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/awslambda/functions.py b/ScoutSuite/providers/aws/resources/awslambda/functions.py index c8fed6d9a..12723c623 100755 --- a/ScoutSuite/providers/aws/resources/awslambda/functions.py +++ b/ScoutSuite/providers/aws/resources/awslambda/functions.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Functions(AWSResources): @@ -34,7 +35,7 @@ async def _parse_function(self, raw_function): await self._add_access_policy_information(function_dict) await self._add_env_variables(function_dict) - return function_dict['name'], function_dict + return get_non_provider_id(function_dict['name']), function_dict async def _add_role_information(self, function_dict, role_id): # Make it easier to build rules based on policies attached to execution roles diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index 18db43e9d..615489a09 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -2,6 +2,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Stacks(AWSResources): @@ -32,7 +33,7 @@ def _parse_stack(self, raw_stack): raw_stack['deletion_policy'] = template[group] break - return raw_stack['name'], raw_stack + return get_non_provider_id(raw_stack['name']), raw_stack @staticmethod def has_deletion_policy(template): diff --git a/ScoutSuite/providers/aws/resources/config/recorders.py b/ScoutSuite/providers/aws/resources/config/recorders.py index 81a7d2982..aab717162 100755 --- a/ScoutSuite/providers/aws/resources/config/recorders.py +++ b/ScoutSuite/providers/aws/resources/config/recorders.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Recorders(AWSResources): @@ -23,4 +24,4 @@ def _parse_recorder(self, raw_recorder): recorder['last_status'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStatus') recorder['last_start_time'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStartTime') recorder['last_status_change_time'] = raw_recorder['ConfigurationRecordersStatus'].get('lastStatusChangeTime') - return recorder['name'], recorder + return get_non_provider_id(recorder['name']), recorder diff --git a/ScoutSuite/providers/aws/resources/config/rules.py b/ScoutSuite/providers/aws/resources/config/rules.py index 484e083b0..dbfeeb6fa 100755 --- a/ScoutSuite/providers/aws/resources/config/rules.py +++ b/ScoutSuite/providers/aws/resources/config/rules.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Rules(AWSResources): @@ -24,4 +25,4 @@ def _parse_rule(self, raw_rule): rule['input_parameters'] = raw_rule.pop('InputParameters', None) rule['maximum_execution_frequency'] = raw_rule.pop('MaximumExecutionFrequency', None) rule['state'] = raw_rule.pop('ConfigRuleState', None) - return rule['name'], rule + return get_non_provider_id(rule['name']), rule diff --git a/ScoutSuite/providers/aws/resources/elasticache/cluster.py b/ScoutSuite/providers/aws/resources/elasticache/cluster.py index 70af3ec43..05ed6f67b 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/cluster.py +++ b/ScoutSuite/providers/aws/resources/elasticache/cluster.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Clusters(AWSResources): @@ -19,4 +20,4 @@ def _parse_cluster(self, raw_cluster): raw_cluster['arn'] = 'arn:aws:elasticache:{}:{}:cluster/{}'.format(self.region, self.facade.owner_id, raw_cluster.get('name')) - return raw_cluster['name'], raw_cluster + return get_non_provider_id(raw_cluster['name']), raw_cluster diff --git a/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py b/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py index d16234411..73aa6084a 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/elasticache/securitygroups.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class SecurityGroups(AWSResources): @@ -16,4 +17,4 @@ async def fetch_all(self): def _parse_security_group(self, raw_security_group): raw_security_group['name'] = raw_security_group.pop('CacheSecurityGroupName') - return raw_security_group['name'], raw_security_group + return get_non_provider_id(raw_security_group['name']), raw_security_group diff --git a/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py b/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py index 1e99e6bf0..834bd169e 100755 --- a/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py +++ b/ScoutSuite/providers/aws/resources/elasticache/subnetgroups.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class SubnetGroups(AWSResources): @@ -16,4 +17,4 @@ async def fetch_all(self): def _parse_subnet_group(self, raw_subnet_group): raw_subnet_group['name'] = raw_subnet_group.pop('CacheSubnetGroupName') - return raw_subnet_group['name'], raw_subnet_group + return get_non_provider_id(raw_subnet_group['name']), raw_subnet_group diff --git a/ScoutSuite/providers/aws/resources/rds/instances.py b/ScoutSuite/providers/aws/resources/rds/instances.py index e7b175530..4d2f24f32 100755 --- a/ScoutSuite/providers/aws/resources/rds/instances.py +++ b/ScoutSuite/providers/aws/resources/rds/instances.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class RDSInstances(AWSResources): @@ -27,7 +28,7 @@ def _parse_instance(self, raw_instance): instance['arn'] = 'arn:aws:rds:{}:{}:instance/{}'.format(self.region, self.facade.owner_id, raw_instance.get('DbiResourceId')) - return instance['name'], instance + return get_non_provider_id(instance['name']), instance @staticmethod def _is_read_replica(instance): diff --git a/ScoutSuite/providers/aws/resources/rds/securitygroups.py b/ScoutSuite/providers/aws/resources/rds/securitygroups.py index fcc7dff38..10c07afc7 100755 --- a/ScoutSuite/providers/aws/resources/rds/securitygroups.py +++ b/ScoutSuite/providers/aws/resources/rds/securitygroups.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class SecurityGroups(AWSResources): @@ -16,4 +17,4 @@ async def fetch_all(self): def _parse_security_group(self, raw_security_group): raw_security_group['arn'] = raw_security_group.pop('DBSecurityGroupArn') raw_security_group['name'] = raw_security_group.pop('DBSecurityGroupName') - return raw_security_group['name'], raw_security_group + return get_non_provider_id(raw_security_group['name']), raw_security_group diff --git a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py index 9719429c0..5c4c8c0ce 100755 --- a/ScoutSuite/providers/aws/resources/rds/subnetgroups.py +++ b/ScoutSuite/providers/aws/resources/rds/subnetgroups.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class SubnetGroups(AWSResources): @@ -16,4 +17,4 @@ async def fetch_all(self): def _parse_subnet_group(self, raw_subnet_group): raw_subnet_group['name'] = raw_subnet_group['DBSubnetGroupName'] - return raw_subnet_group['name'], raw_subnet_group + return get_non_provider_id(raw_subnet_group['name']), raw_subnet_group diff --git a/ScoutSuite/providers/aws/resources/sns/topics.py b/ScoutSuite/providers/aws/resources/sns/topics.py index b98fd3b10..bd48127ee 100755 --- a/ScoutSuite/providers/aws/resources/sns/topics.py +++ b/ScoutSuite/providers/aws/resources/sns/topics.py @@ -2,6 +2,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSCompositeResources +from ScoutSuite.providers.utils import get_non_provider_id from .subscriptions import Subscriptions @@ -41,4 +42,4 @@ def _parse_topic(self, raw_topic): for k in ['Policy', 'DeliveryPolicy', 'EffectiveDeliveryPolicy']: raw_topic[k] = json.loads(attributes[k]) if k in attributes else None - return raw_topic['name'], raw_topic + return get_non_provider_id(raw_topic['name']), raw_topic diff --git a/ScoutSuite/providers/aws/resources/sqs/queues.py b/ScoutSuite/providers/aws/resources/sqs/queues.py index cee4fe757..6fa02a868 100755 --- a/ScoutSuite/providers/aws/resources/sqs/queues.py +++ b/ScoutSuite/providers/aws/resources/sqs/queues.py @@ -2,6 +2,7 @@ from ScoutSuite.providers.aws.facade.base import AWSFacade from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.utils import get_non_provider_id class Queues(AWSResources): @@ -18,9 +19,9 @@ async def fetch_all(self): def _parse_queue(self, queue_url, queue_attributes): queue = {} - queue['QueueUrl'] = queue_url - queue['arn'] = queue_attributes.pop('QueueArn') queue['name'] = queue['arn'].split(':')[-1] + queue['arn'] = queue_attributes.pop('QueueArn') + queue['QueueUrl'] = queue_url queue['kms_master_key_id'] = queue_attributes.pop('KmsMasterKeyId', None) queue['CreatedTimestamp'] = queue_attributes.pop('CreatedTimestamp', None) @@ -29,4 +30,4 @@ def _parse_queue(self, queue_url, queue_attributes): else: queue['Policy'] = {'Statement': []} - return queue['name'], queue + return get_non_provider_id(queue['name']), queue From 17b8b6cc890e14d6d52762aacd67a40f28702c5c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 12 Nov 2021 15:15:24 +0100 Subject: [PATCH 691/979] Fix parsing --- ScoutSuite/providers/aws/resources/sqs/queues.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/sqs/queues.py b/ScoutSuite/providers/aws/resources/sqs/queues.py index 6fa02a868..481d6a9e1 100755 --- a/ScoutSuite/providers/aws/resources/sqs/queues.py +++ b/ScoutSuite/providers/aws/resources/sqs/queues.py @@ -19,11 +19,11 @@ async def fetch_all(self): def _parse_queue(self, queue_url, queue_attributes): queue = {} + queue['arn'] = queue_attributes.get('QueueArn') queue['name'] = queue['arn'].split(':')[-1] - queue['arn'] = queue_attributes.pop('QueueArn') queue['QueueUrl'] = queue_url - queue['kms_master_key_id'] = queue_attributes.pop('KmsMasterKeyId', None) - queue['CreatedTimestamp'] = queue_attributes.pop('CreatedTimestamp', None) + queue['kms_master_key_id'] = queue_attributes.get('KmsMasterKeyId', None) + queue['CreatedTimestamp'] = queue_attributes.get('CreatedTimestamp', None) if 'Policy' in queue_attributes: queue['Policy'] = json.loads(queue_attributes['Policy']) From 2d085a3fcb67d3d6a23989bc66fa0a0a8ac8ef63 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 12 Nov 2021 15:19:41 +0100 Subject: [PATCH 692/979] Fix fetching bug --- ScoutSuite/providers/aws/facade/cloudtrail.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/cloudtrail.py b/ScoutSuite/providers/aws/facade/cloudtrail.py index a0db4c2ff..1a24e9379 100755 --- a/ScoutSuite/providers/aws/facade/cloudtrail.py +++ b/ScoutSuite/providers/aws/facade/cloudtrail.py @@ -33,6 +33,6 @@ async def _get_and_set_selectors(self, trail: {}, region: str): client = AWSFacadeUtils.get_client('cloudtrail', self.session, region) try: trail['EventSelectors'] = await run_concurrently( - lambda: client.get_event_selectors(TrailName=trail['TrailARN'])['EventSelectors']) + lambda: client.get_event_selectors(TrailName=trail['TrailARN']).get('EventSelectors', [])) except Exception as e: print_exception(f'Failed to get CloudTrail event selectors: {e}') From c2524f4049a844964cdb1199a682cd44b10b3334 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 12 Nov 2021 15:28:15 +0100 Subject: [PATCH 693/979] Fix typo --- .../rules/findings/cloudfront-distribution-insecure-origin.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json index 088158113..ddc12009d 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json @@ -14,7 +14,7 @@ "http-only" ], [ - "cloudfront.distributions.id.view_certificate.MinimumProtocolVersion.", + "cloudfront.distributions.id.viewer_certificate.MinimumProtocolVersion.", "containNoneOf", [ "TLSv1.1", From 45dc6ee2d107038262b744cb05f85c9d32f89872 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 19 Nov 2021 13:01:19 +0100 Subject: [PATCH 694/979] Fix typo --- .../html/partials/aws/services.cloudfront.distributions.html | 2 +- .../findings/cloudfront-distribution-insecure-origin.json | 2 +- .../cloudfront-distribution-insufficient-viewer-security.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html index 3dff4c20d..dfd612156 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html @@ -16,7 +16,7 @@

      Information

      Web ACL ID: {{value_or_none web_acl_id}}
      IPv6 Enabled: {{value_or_none is_ipv6_enabled}}
      HTTP Version: {{value_or_none http_version}}
      -
      Certificate: {{value_or_none view_certificate}}
      +
      Certificate: {{value_or_none view_certificate}}

      Origins

      diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json index 088158113..ddc12009d 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json @@ -14,7 +14,7 @@ "http-only" ], [ - "cloudfront.distributions.id.view_certificate.MinimumProtocolVersion.", + "cloudfront.distributions.id.viewer_certificate.MinimumProtocolVersion.", "containNoneOf", [ "TLSv1.1", diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json index df84d29fb..5c9e87e93 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insufficient-viewer-security.json @@ -11,8 +11,8 @@ [ "this", "withoutKey", - "view_certificate" + "viewer_certificate" ] ], - "id_suffix": "certificate" + "id_suffix": "viewer_certificate" } From fb7b346669ccaf4b76203118f46b244116489d25 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 19 Nov 2021 13:03:16 +0100 Subject: [PATCH 695/979] Add missing protocol version --- .../findings/cloudfront-distribution-insecure-origin.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json index ddc12009d..ebdf99bac 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json @@ -20,7 +20,8 @@ "TLSv1.1", "TLSv1.1_2016", "TLSv1.2_2018", - "TLSv1.2_2019" + "TLSv1.2_2019", + "TLSv1.2_2021" ] ] ], From fd0e0b8732f9008ffc7121c0f3766d0f001ee914 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 29 Nov 2021 13:50:02 +0100 Subject: [PATCH 696/979] Improve condition evaluation --- .../policy-statement-poor-condition.json | 46 ++++++++++++++++++- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json index 36df1c036..c70bb5768 100755 --- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json +++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json @@ -16,7 +16,18 @@ [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceArn" ], [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ], [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "kms:CallerAccount" ] + [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "iam:PassedToService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "StringEqualsIgnoreCase" ], + [ "and", + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceArn" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceOwner" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "kms:ViaService" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "iam:PassedToService" ] ] ], [ "or", @@ -25,7 +36,38 @@ [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "AWS:SourceArn" ], [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "AWS:SourceOwner" ], [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "kms:CallerAccount" ] + [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "iam:PassedToService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEquals" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "AWS:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "AWS:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "kms:ViaService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "iam:PassedToService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEqualsIgnoreCase" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "kms:ViaService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "iam:PassedToService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringLike" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "AWS:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "AWS:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "kms:ViaService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "iam:PassedToService" ] ] ] ] From a1bb49fbb7aee5adb2e98288634843183dd012eb Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 29 Nov 2021 13:56:31 +0100 Subject: [PATCH 697/979] Apply condition to additional statements --- .../aws/rules/findings/iam-inline-policy-for-role.json | 9 +++++++++ .../iam-managed-policy-allows-full-privileges.json | 9 +++++++++ .../aws/rules/findings/iam-managed-policy-for-role.json | 9 +++++++++ 3 files changed, 27 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json index 4ec48ae8e..a763b0914 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-inline-policy-for-role.json @@ -51,6 +51,15 @@ [ "iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id" ] + ], + [ + "_INCLUDE_(conditions/policy-statement-poor-condition.json)", + [ + "_STATEMENT_" + ], + [ + "iam._ARG_0_s.id.inline_policies.id.PolicyDocument.Statement.id" + ] ] ], "key": "iam-inline-_ARG_0_-policy-allows-_ARG_1_-_ARG_2_", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json index 528443047..c7c85e6fd 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-allows-full-privileges.json @@ -49,6 +49,15 @@ ] ] ], + [ + "_INCLUDE_(conditions/policy-statement-poor-condition.json)", + [ + "_STATEMENT_" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id" + ] + ], [ "iam.policies.id.PolicyDocument.Statement.id.Resource", "containAtLeastOneOf", diff --git a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json index 12d721242..68eaf7cfe 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-managed-policy-for-role.json @@ -56,6 +56,15 @@ [ "iam.policies.id.PolicyDocument.Statement.id" ] + ], + [ + "_INCLUDE_(conditions/policy-statement-poor-condition.json)", + [ + "_STATEMENT_" + ], + [ + "iam.policies.id.PolicyDocument.Statement.id" + ] ] ], "key": "iam-managed-policy-allows-_ARG_0_-_ARG_1_", From 2ffa0e1bbc0208b54ca3edf9df840a052a9d3ff9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 2 Dec 2021 10:43:11 +0100 Subject: [PATCH 698/979] Update IP ranges --- ScoutSuite/data/aws/ip-ranges/aws.json | 20126 +++++++++++++++++++++-- 1 file changed, 18898 insertions(+), 1228 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index 6b7fb93ab..334aa023e 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,6 +1,6 @@ { - "syncToken": "1608731058", - "createDate": "2020-12-23-13-44-18", + "syncToken": "1638337994", + "createDate": "2021-12-01-05-53-14", "prefixes": [ { "ip_prefix": "3.5.140.0/22", @@ -8,12 +8,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.37.64/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "43.224.79.154/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.174/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.153.170/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.234/32", "region": "us-west-1", @@ -32,30 +56,102 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.219.170.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "99.87.32.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "120.52.22.96/27", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.86/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.81.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.54/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.11.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.24.160/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.50.32/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.52.96/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.39.60/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.48/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.212/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.68/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.248/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.94.152.9/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.219.168.0/24", "region": "eu-central-1", @@ -68,6 +164,30 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.108.0.0/14", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.43.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.52.0/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.181.232.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "15.230.39.208/31", "region": "us-east-2", @@ -80,6 +200,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.127.163/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.164/31", "region": "us-west-2", @@ -110,6 +236,24 @@ "service": "AMAZON", "network_border_group": "us-east-1-iah-1" }, + { + "ip_prefix": "13.34.43.96/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.48.0/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.62.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.248.56.0/22", "region": "ap-east-1", @@ -170,24 +314,60 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.252.248/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.154.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "15.230.39.44/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.249.45.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.4.0.0/14", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.174/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.68/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.27/32", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.192.92/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.227.192/26", "region": "ap-northeast-2", @@ -206,18 +386,54 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.80/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "13.248.70.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.73.192/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "43.224.76.28/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "50.16.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.189.108/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.127.133/32", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.198.0/25", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.208.0/22", "region": "us-east-1", @@ -230,18 +446,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.104/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "104.255.59.114/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "150.222.84.0/24", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.129.244/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.82/31", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.50/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "205.251.249.0/24", "region": "GLOBAL", @@ -254,12 +494,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.49.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.193.3.0/24", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "43.224.76.152/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.169/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.153.148/32", "region": "eu-west-2", @@ -296,6 +554,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.34.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.205.0.0/16", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "15.230.39.10/31", "region": "us-east-2", @@ -308,6 +578,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.190.68/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.82.169.16/28", "region": "cn-northwest-1", @@ -338,18 +614,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.131.192.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "150.222.122.104/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.17.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.236.0.0/14", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.158.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.206.0.0/15", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.77.192/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.220.0/22", "region": "eu-north-1", @@ -404,6 +710,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "142.4.160.56/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "150.222.135.0/24", "region": "ap-east-1", @@ -422,6 +734,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.0.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-6" + }, + { + "ip_prefix": "13.34.53.192/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.60.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.83.0/24", "region": "ap-southeast-2", @@ -434,6 +764,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.252.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "15.221.35.0/24", "region": "ap-southeast-1", @@ -446,6 +782,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.248.28.0/22", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.0/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.35.212/32", "region": "ap-east-1", @@ -470,6 +818,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.94.152.44/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.182.0/23", "region": "ap-northeast-3", @@ -494,12 +848,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.41.192/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.230.39.196/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.9/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "43.224.76.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.70/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.200/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.192/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.119.252.0/22", "region": "us-west-2", @@ -512,6 +902,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "69.107.7.16/29", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "99.77.130.0/24", "region": "us-west-2", @@ -524,18 +920,72 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.11.78/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.52/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.68/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "180.163.57.128/26", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.50.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.68.192/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.230.131.144/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.200.0.0/16", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.76.144/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.102/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.212/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.206.0.0/16", "region": "ap-southeast-2", @@ -572,6 +1022,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.15.32/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.34.29.224/27", "region": "us-east-1", @@ -590,30 +1046,96 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.222.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "15.230.67.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.94/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.222/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.136/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.192.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.77.132.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "104.255.59.82/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.120.242/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.146.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.181.247.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.230.200.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.232.0.0/14", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.0/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.82.169.0/28", "region": "cn-northwest-1", @@ -644,6 +1166,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.118.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.54.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.119.0/24", "region": "eu-west-1", @@ -656,6 +1190,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.179.16/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.93.81.0/24", "region": "eu-west-1", @@ -674,6 +1214,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.15.124/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.114.0/24", "region": "ap-east-1", @@ -692,6 +1238,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.39.32/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.230.39.206/31", "region": "us-east-2", @@ -704,6 +1256,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.190.144/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.98/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.83.0.0/16", "region": "cn-northwest-1", @@ -728,6 +1292,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.122.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "69.107.7.56/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "150.222.2.0/24", "region": "us-east-1", @@ -740,6 +1316,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.164.220/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.240.245/32", "region": "eu-south-1", @@ -752,12 +1334,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.248.67.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.230.138.0/24", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "43.224.79.254/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.32/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.47.0.0/16", "region": "eu-west-3", @@ -776,6 +1376,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.95.136.0/23", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.255.64/28", "region": "eu-west-1", @@ -795,10 +1401,10 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "52.219.48.0/22", - "region": "ap-southeast-1", + "ip_prefix": "52.219.143.0/24", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-east-2" }, { "ip_prefix": "54.240.236.22/32", @@ -818,6 +1424,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.38.64/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "13.208.0.0/16", "region": "ap-northeast-3", @@ -837,29 +1449,65 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.50.136/31", - "region": "us-east-1", + "ip_prefix": "15.230.70.0/26", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "52.93.50.166/31", - "region": "us-east-1", + "ip_prefix": "15.230.74.128/26", + "region": "ap-northeast-2", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.93.66.155/32", - "region": "ap-northeast-1", + "ip_prefix": "15.230.76.0/26", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.93.96.0/24", - "region": "eu-west-1", + "ip_prefix": "43.224.79.96/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.64/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.50.136/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.50.166/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.96.0/24", + "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.122.203/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.194/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.156.0.0/14", "region": "us-east-1", @@ -878,12 +1526,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.18/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.98/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.3.160/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "15.181.160.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "15.230.29.0/24", "region": "ap-southeast-1", @@ -902,6 +1580,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.56/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.210.0/26", "region": "eu-west-1", @@ -920,12 +1604,42 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.232.88/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.55.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.82.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.80.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "52.46.191.60/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.156/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.112/32", "region": "ap-southeast-1", @@ -987,16 +1701,22 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.39.34/31", - "region": "us-east-2", + "ip_prefix": "13.34.39.64/27", + "region": "eu-central-2", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "eu-central-2" }, { - "ip_prefix": "15.230.44.0/22", - "region": "ap-south-1", + "ip_prefix": "13.247.0.0/16", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "15.230.39.34/31", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { "ip_prefix": "18.192.0.0/15", @@ -1005,10 +1725,16 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.92.60.0/22", - "region": "ap-northeast-1", + "ip_prefix": "52.46.191.68/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.234/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "52.93.126.132/32", @@ -1058,6 +1784,30 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "54.239.102.234/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "104.255.59.103/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "150.222.28.136/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.59.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.100.0/24", "region": "eu-north-1", @@ -1070,6 +1820,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.183.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.46.190.204/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.5.0/24", "region": "ca-central-1", @@ -1088,6 +1850,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.55.146/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.120.178/32", "region": "us-west-1", @@ -1124,12 +1892,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.28.130/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.28.140/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.129.62/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.5.160.0/22", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.221.36.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.40.0/24", "region": "us-east-1", @@ -1196,12 +1988,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.3.224/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.39.192/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "15.221.7.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.132.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.202.0/30", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.194/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.208.0/21", "region": "eu-north-1", @@ -1214,12 +2036,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.193.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.12.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.95.187.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "63.32.0.0/14", "region": "eu-west-1", @@ -1244,6 +2078,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.45.160/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.36.0.0/14", "region": "eu-west-3", @@ -1263,10 +2103,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.92.72.0/22", - "region": "sa-east-1", + "ip_prefix": "52.93.91.101/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.240.188/31", @@ -1274,18 +2114,42 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "70.232.80.0/21", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.82.184.0/22", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.0.19/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.28.108/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.121.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.34/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "172.96.98.0/24", "region": "eu-west-1", @@ -1293,10 +2157,16 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.66.0/26", - "region": "us-east-1", + "ip_prefix": "13.34.20.0/27", + "region": "me-south-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "13.34.35.160/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" }, { "ip_prefix": "15.230.131.32/28", @@ -1304,18 +2174,54 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.188/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.136/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.252.0/22", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.126.198/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.94.152.67/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.255.16/28", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.219.141.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.240.236.38/32", "region": "eu-south-1", @@ -1329,10 +2235,22 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.131.8/31", - "region": "eu-central-1", + "ip_prefix": "13.34.55.64/27", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.0.12/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.87.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "18.236.0.0/15", @@ -1340,6 +2258,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "51.20.0.0/14", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.46.188.72/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.244/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.230/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.142/31", "region": "us-east-1", @@ -1364,6 +2306,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.95.139.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "54.240.198.0/24", "region": "us-west-1", @@ -1376,6 +2324,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.77.183.0/24", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "150.222.227.0/24", "region": "us-east-1", @@ -1388,6 +2342,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.52.64/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.32.0/20", "region": "ap-east-1", @@ -1418,12 +2378,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.28.106/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.243.9/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "161.188.148.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "176.32.125.230/31", "region": "us-east-1", @@ -1436,6 +2408,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.20.64/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "13.34.23.224/27", "region": "us-west-2", @@ -1460,6 +2438,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.116.0.0/14", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.192.0.0/15", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.46.189.16/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.235/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.218/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.239/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.153/32", "region": "eu-south-1", @@ -1502,12 +2516,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.38.160/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "43.224.77.28/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.92.0/22", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.190.104/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.158/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.178/31", "region": "us-east-1", @@ -1544,6 +2588,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.152/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.100/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.187/32", "region": "us-west-1", @@ -1574,6 +2648,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "63.246.113.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.136.0/24", "region": "eu-central-1", @@ -1586,12 +2666,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.158.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "13.34.26.96/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.74.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.230.78.192/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "43.224.76.184/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.69/32", "region": "us-east-1", @@ -1640,17 +2744,53 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.35.224/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.230.178.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.230.192.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.58/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.120/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.121/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.240.194/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.168.0/24", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.144.224.128/26", @@ -1682,12 +2822,48 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.37.0/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.230.39.40/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.7/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.104/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.212/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.228/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.240.0/24", "region": "sa-east-1", @@ -1742,12 +2918,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.4.3.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-1" + }, { "ip_prefix": "15.222.0.0/15", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "43.224.79.198/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.62.0/24", "region": "us-east-2", @@ -1760,6 +2948,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.94.176.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "69.235.128.0/18", "region": "cn-northwest-1", @@ -1767,20 +2961,56 @@ "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "13.34.24.96/27", - "region": "us-west-2", + "ip_prefix": "150.222.234.142/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.20.0/24", + "ip_prefix": "13.34.6.224/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.24.96/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, { - "ip_prefix": "52.93.127.96/32", - "region": "cn-northwest-1", + "ip_prefix": "13.34.43.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.61.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.221.50.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.96.0.0/12", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.20.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.96/32", + "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, @@ -1814,6 +3044,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.64/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.45.64/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.46.0/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.76.0/24", "region": "ap-northeast-2", @@ -1826,12 +3074,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.135.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.77.96/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.180/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.52/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.30.0.0/15", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.8.0/24", "region": "ap-northeast-1", @@ -1886,6 +3170,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.56/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.156.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.3.24.0/22", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.30.0.0/15", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "13.34.23.64/27", "region": "us-east-2", @@ -1898,12 +3206,36 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.181.253.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "15.197.0.0/23", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "43.249.47.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.46.188.48/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.55.156/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.226.0.0/15", "region": "us-east-1", @@ -1928,12 +3260,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.144.0.0/13", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.49.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.131.166/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.46.191.24/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.166/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.128.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.244.0/24", "region": "eu-west-1", @@ -1958,18 +3320,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "172.96.110.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.56.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.18.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.149.11/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "18.231.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "43.224.79.136/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.8/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.201/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.234/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.192.96/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.252.0.0/16", "region": "ap-southeast-2", @@ -1988,6 +3398,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.142/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.79.0/24", "region": "us-east-1", @@ -2000,12 +3416,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.248.68.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.230.39.2/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.208/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.162/31", "region": "us-east-1", @@ -2072,6 +3506,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.45.224/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.72.0/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.46.190.40/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.62/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.34.126/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.159/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.141.220/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.248.0/24", "region": "ap-east-1", @@ -2090,6 +3566,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "99.77.56.0/21", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "142.4.160.40/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "150.222.120.248/31", "region": "eu-central-1", @@ -2115,16 +3603,28 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "52.93.57.0/24", - "region": "af-south-1", + "ip_prefix": "15.230.14.18/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.92.67/32", - "region": "us-west-1", + "ip_prefix": "52.46.189.128/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.192/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.57.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" }, { "ip_prefix": "52.93.127.93/32", @@ -2132,18 +3632,42 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.254/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.95.63.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.40/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "142.4.160.8/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, { "ip_prefix": "150.222.3.212/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "157.241.0.0/16", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "13.34.32.32/27", "region": "us-west-1", @@ -2151,7 +3675,61 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.92.65/32", + "ip_prefix": "13.34.40.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.57.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.181.112.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "15.230.16.20/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.131.15/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.189.128/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.50/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.34.40/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" @@ -2162,6 +3740,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.177/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.127.196/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.217/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.180/31", "region": "us-west-2", @@ -2198,6 +3794,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "99.151.120.0/21", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "108.136.0.0/15", "region": "ap-southeast-3", @@ -2234,12 +3836,42 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.35.0/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.34.38.0/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.51.192/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "35.176.0.0/15", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.234/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.192.91/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.193.195/32", "region": "ca-central-1", @@ -2270,6 +3902,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "161.188.136.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, + { + "ip_prefix": "13.34.43.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.53.32/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.56.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.61.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.221.6.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.79.64/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.230.131.3/32", "region": "eu-central-1", @@ -2282,6 +3956,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "69.107.7.88/29", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "99.77.155.0/24", "region": "eu-west-1", @@ -2294,6 +3974,66 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.252.250/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.40.96/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.46.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.53.160/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.57.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.230.67.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.16/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.82/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.220/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.179/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.206/32", "region": "us-west-1", @@ -2306,6 +4046,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.193.89/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.255.32/28", "region": "ap-southeast-1", @@ -2330,6 +4076,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.84/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.112/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.128/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "160.1.0.0/16", "region": "us-gov-west-1", @@ -2342,12 +4106,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.181.241.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.230.21.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.67.128/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.131.64/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -2360,6 +4142,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.76.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.76/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.76/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.37.222/32", "region": "us-west-1", @@ -2385,10 +4191,22 @@ "network_border_group": "ap-northeast-3" }, { - "ip_prefix": "3.104.0.0/14", - "region": "ap-southeast-2", + "ip_prefix": "150.222.234.78/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.104.0.0/14", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.62.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { "ip_prefix": "15.193.5.0/24", @@ -2396,6 +4214,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.197.16.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.24/31", "region": "us-east-2", @@ -2408,12 +4232,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.112/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.184.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.106/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.176/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.80.0.0/16", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.94.250.16/28", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "52.95.216.0/22", "region": "us-east-1", @@ -2433,10 +4287,10 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "54.231.244.0/22", - "region": "us-east-1", + "ip_prefix": "64.252.121.0/24", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "99.150.32.0/21", @@ -2444,6 +4298,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "108.156.0.0/14", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "150.222.99.0/24", "region": "us-east-1", @@ -2452,9 +4312,15 @@ }, { "ip_prefix": "150.222.218.0/24", - "region": "us-west-2", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.234.104/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "175.41.128.0/18", @@ -2468,12 +4334,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.59.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.194/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.152.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.46.189.68/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.167/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.215/32", "region": "us-west-1", @@ -2498,18 +4388,54 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "161.188.130.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "13.34.37.96/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.230.193.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.229.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.46.189.72/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.148/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.174/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.127.238/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.178.182/32", "region": "us-west-1", @@ -2528,18 +4454,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.219.195.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.219.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.28.122/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.32.0.0/16", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.230.0.6/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "35.182.0.0/15", "region": "ca-central-1", @@ -2547,16 +4491,28 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "52.93.122.255/32", - "region": "us-west-1", + "ip_prefix": "43.224.76.24/30", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "52.95.236.0/24", - "region": "ap-south-2", + "ip_prefix": "43.224.77.44/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-south-2" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.178/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.122.255/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "54.230.192.0/21", @@ -2564,6 +4520,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "70.232.124.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.191.0/24", "region": "us-east-1", @@ -2582,6 +4544,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.62.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.250.0.0/15", "region": "ap-southeast-1", @@ -2594,12 +4562,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.80/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "44.192.0.0/11", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.189.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.168/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.17/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.127.99/32", "region": "cn-northwest-1", @@ -2608,9 +4600,9 @@ }, { "ip_prefix": "52.95.166.0/23", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.144.216.2/31", @@ -2630,6 +4622,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.58.32/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.230.39.136/31", "region": "us-east-2", @@ -2642,6 +4640,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.10/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.215.0/31", "region": "eu-west-1", @@ -2690,6 +4694,36 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "161.188.140.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "13.34.46.192/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.60.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.78.64/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.191.2/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.129/32", "region": "us-east-1", @@ -2750,6 +4784,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.21.96/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.168.0.0/16", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.230.14.252/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.32.0/24", "region": "eu-west-1", @@ -2763,16 +4815,28 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.178.179/32", - "region": "us-west-1", + "ip_prefix": "15.230.79.0/26", + "region": "ca-central-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ca-central-1" }, { - "ip_prefix": "54.231.248.0/22", - "region": "ap-southeast-2", + "ip_prefix": "43.224.77.184/30", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.178.179/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "54.240.236.18/32", @@ -2816,6 +4880,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.37.160/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.230.39.72/31", "region": "us-east-2", @@ -2828,12 +4898,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.180/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.74/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.56.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.55.162/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.92.74/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.248/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.153.149/32", "region": "eu-west-2", @@ -2870,6 +4970,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.0/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "150.222.100.0/24", "region": "us-east-1", @@ -2877,10 +4983,10 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.27.0/27", - "region": "eu-west-2", + "ip_prefix": "13.34.24.64/27", + "region": "ap-south-2", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-south-2" }, { "ip_prefix": "13.34.33.64/27", @@ -2888,6 +4994,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.48.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.105.0/24", "region": "ap-south-1", @@ -2900,6 +5012,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.46.189.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.188/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.58.0.0/15", "region": "eu-central-1", @@ -2912,6 +5036,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.121.195/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.25/32", "region": "eu-west-1", @@ -2936,6 +5066,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.62.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.0.0/20", "region": "ap-northeast-3", @@ -2954,6 +5096,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.219/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.177/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.192.90/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.152.63/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.29.0/26", "region": "us-east-2", @@ -2966,12 +5132,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.219.142.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.77.152.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.217.248/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.131.0.0/16", "region": "us-east-2", @@ -2984,12 +5162,60 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.53.224/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.59.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.158/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.73.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.46.191.88/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.236/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.122.202/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.18/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.195/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.219.0.0/20", "region": "ap-northeast-1", @@ -3015,10 +5241,10 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.240.239/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.1/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "176.32.125.252/31", @@ -3026,6 +5252,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.133.26/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.46.189.100/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.124/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.130/32", "region": "us-west-1", @@ -3038,6 +5282,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.234.5/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "205.251.246.0/24", "region": "us-east-1", @@ -3050,6 +5300,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.197.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.79.190/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.176/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.108/32", "region": "ap-southeast-1", @@ -3080,6 +5348,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "69.107.3.184/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.232/31", "region": "ap-southeast-1", @@ -3092,12 +5366,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.6/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.252.0/22", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "13.34.18.192/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -3110,6 +5396,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.190.228/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.115/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.151.0/24", "region": "sa-east-1", @@ -3134,6 +5432,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.133/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "3.4.1.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-3" + }, + { + "ip_prefix": "13.34.42.192/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.56.0.0/16", "region": "us-west-1", @@ -3164,6 +5480,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.190.212/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.125.43/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.131/32", "region": "ap-south-1", @@ -3194,6 +5522,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.128.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "205.251.200.0/21", "region": "GLOBAL", @@ -3218,12 +5552,30 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "15.230.162.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.160.0.0/13", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "43.194.0.0/16", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.46.191.148/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.48.0.0/14", "region": "eu-west-1", @@ -3231,17 +5583,29 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.94.198.80/28", - "region": "ap-south-1", + "ip_prefix": "52.93.124.97/32", + "region": "eu-west-3", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-west-3" }, { - "ip_prefix": "54.231.0.0/17", + "ip_prefix": "52.93.193.88/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.11/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.198.80/28", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "99.77.137.0/24", "region": "eu-north-1", @@ -3272,6 +5636,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.181.144.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.39.66/31", "region": "us-east-2", @@ -3279,16 +5649,52 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.68.0.0/15", - "region": "ap-northeast-1", + "ip_prefix": "15.230.89.0/24", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-west-1" }, { - "ip_prefix": "52.144.231.64/26", - "region": "ap-southeast-1", + "ip_prefix": "15.230.131.14/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "43.200.0.0/14", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "43.224.77.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.96/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.68.0.0/15", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.144.231.64/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "54.67.0.0/16", @@ -3302,6 +5708,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.59.224/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.181.254.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.230.72.192/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "18.60.0.0/15", "region": "ap-south-2", @@ -3314,6 +5738,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.126.123/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.124.0/22", "region": "us-east-1", @@ -3326,6 +5756,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "99.151.80.0/21", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "120.253.245.128/26", "region": "GLOBAL", @@ -3362,18 +5798,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.1.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.224.0.0/14", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "43.224.76.88/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.176/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.121.197/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.24/32", "region": "eu-west-1", @@ -3416,6 +5870,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.110/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.142.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "13.34.51.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.97.0/24", "region": "eu-central-1", @@ -3434,6 +5906,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.55.152/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.143/32", "region": "us-west-1", @@ -3446,6 +5924,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "104.255.59.119/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "150.222.129.252/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.213.40/32", "region": "us-west-1", @@ -3470,11 +5960,101 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.196.0.0/15", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "43.224.79.30/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.250/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.236/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.218/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.96/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.193.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.134/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "150.222.11.92/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.31.192/27", - "region": "us-west-1", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.39.96/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.56.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.62.0/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.197.8.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" }, { "ip_prefix": "15.230.39.154/31", @@ -3482,12 +6062,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.70.192/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "43.224.77.176/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.72/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.152/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.73.0/26", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.91.105/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.72/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.137/32", "region": "us-west-1", @@ -3530,18 +6146,48 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.90/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.230.124/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.26/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.56.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.58.0/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.50.0.0/16", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.251.0.12/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.44.0.0/15", "region": "us-east-1", @@ -3555,10 +6201,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.92.40.0/21", - "region": "eu-west-1", + "ip_prefix": "52.93.55.144/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "52.219.32.0/21", @@ -3596,30 +6242,96 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.234.84/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.252.246/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.228.0/22", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.3.128/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.30.64/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.181.176.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "15.230.133.16/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.149.8/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "43.224.79.196/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.8.0/22", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.91.111/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.123.255/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.124.213/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.94.152.65/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "150.222.3.236/31", "region": "ap-southeast-1", @@ -3632,18 +6344,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.47.0/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.181.48.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "15.230.4.19/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.76.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.116/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.82.176.0/22", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.192.89/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.150/31", "region": "us-west-2", @@ -3674,12 +6416,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "142.4.160.64/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "3.24.0.0/14", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.58.64/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.197.18.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.190.202/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.133.133/32", "region": "eu-south-1", @@ -3704,6 +6476,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.130/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "150.222.13.0/24", "region": "eu-west-1", @@ -3746,24 +6524,66 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.79.38/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.182/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "64.252.103.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.24/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "150.222.28.126/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.122.102/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.132/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.240.135/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "3.116.0.0/14", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.56.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.86.0/24", "region": "ap-east-1", @@ -3776,18 +6596,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.221.49.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.76.128/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.230.91.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "18.144.0.0/15", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.46.188.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.90.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.114/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.123.6/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.127.105/32", "region": "cn-northwest-1", @@ -3842,12 +6698,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.0/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.230.173.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.190.128/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.251.0.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.0.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.188.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.184.0/23", "region": "cn-northwest-1", @@ -3897,17 +6783,41 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "150.222.234.0/24", - "region": "us-west-1", + "ip_prefix": "205.251.208.0/20", + "region": "GLOBAL", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "GLOBAL" }, { - "ip_prefix": "205.251.208.0/20", + "ip_prefix": "208.110.48.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.33.35.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.45.128/27", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.46.189.96/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.184/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.12.12/32", "region": "us-west-2", @@ -3950,12 +6860,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.14/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.126/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.3.28.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.22.192/27", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.48.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.120.0/24", "region": "eu-west-2", @@ -3969,58 +6903,118 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.54.0.0/15", - "region": "us-east-1", + "ip_prefix": "15.230.76.64/26", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.93.3.0/24", - "region": "us-east-1", + "ip_prefix": "16.62.0.0/15", + "region": "eu-central-2", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "eu-central-2" }, { - "ip_prefix": "52.95.230.0/24", + "ip_prefix": "43.224.77.108/30", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-lax-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "54.240.225.0/24", - "region": "ap-northeast-1", + "ip_prefix": "43.224.79.226/31", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "54.240.236.85/32", - "region": "eu-south-1", + "ip_prefix": "52.46.191.136/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "99.78.212.0/22", - "region": "ap-southeast-2", + "ip_prefix": "52.54.0.0/15", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.3.208/31", - "region": "ap-southeast-1", + "ip_prefix": "52.93.3.0/24", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.106.0/24", + "ip_prefix": "52.93.55.158/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, { - "ip_prefix": "150.222.129.118/31", - "region": "eu-central-1", + "ip_prefix": "52.93.153.179/32", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.193.91/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.95.230.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "54.222.80.0/21", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "54.240.225.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "54.240.236.85/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "99.78.212.0/22", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "104.255.59.138/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "150.222.3.208/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.106.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.129.118/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" }, { "ip_prefix": "150.222.230.108/31", @@ -4028,6 +7022,42 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.230.77.64/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.165.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.177.0/31", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.251.0.5/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.128/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.74.0.0/16", "region": "ap-southeast-1", @@ -4052,11 +7082,23 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.154/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.31.160/27", - "region": "us-west-1", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.54.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "15.177.89.0/24", @@ -4070,12 +7112,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.131.160/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.156.0.0/14", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.92/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.10/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.144/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.244/32", "region": "ap-south-1", @@ -4094,6 +7166,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.95.140.0/23", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.119.196.0/22", "region": "us-east-1", @@ -4136,6 +7214,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.35.192/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.214.0.0/15", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.177.77.0/24", "region": "ap-northeast-3", @@ -4148,12 +7238,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.79.34/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.224.0/20", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.93.91.100/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.146/32", "region": "af-south-1", @@ -4190,6 +7298,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.4.6.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-3" + }, + { + "ip_prefix": "13.34.60.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.79.0/24", "region": "ap-northeast-1", @@ -4202,6 +7322,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.18/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "16.12.2.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.77.24/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.112/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.118/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.190/31", "region": "us-east-1", @@ -4250,6 +7400,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.36.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.44.0/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.152/31", "region": "us-east-2", @@ -4274,6 +7436,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.191.80/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.194/32", "region": "us-west-1", @@ -4322,6 +7490,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.36.160/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.45.0/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.118/31", "region": "us-east-2", @@ -4334,6 +7514,42 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "18.186.0.0/15", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.79.42/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.64/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.144/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.176/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.148/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.184/32", "region": "us-west-1", @@ -4358,6 +7574,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "54.239.1.224/28", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "54.239.64.0/21", "region": "eu-central-1", @@ -4394,6 +7616,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.108/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.46/31", "region": "us-east-2", @@ -4406,12 +7634,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.22/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "43.204.0.0/15", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.79.162/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "46.51.224.0/19", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.190.76/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.124.96/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.93.124.212/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.111.0/24", "region": "ap-northeast-2", @@ -4430,6 +7700,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "67.220.240.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "130.176.128.0/18", "region": "GLOBAL", @@ -4442,6 +7718,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.3.8.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.50.0/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.53.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "13.248.127.0/24", "region": "ap-southeast-1", @@ -4454,6 +7748,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.189.200/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.66/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.193.92/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.224.64/26", "region": "ap-southeast-2", @@ -4497,16 +7809,22 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.64.0/26", - "region": "eu-west-2", + "ip_prefix": "15.230.75.192/26", + "region": "ap-northeast-3", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-northeast-3" }, { - "ip_prefix": "52.93.92.66/32", - "region": "us-west-1", + "ip_prefix": "15.230.81.0/24", + "region": "ap-northeast-2", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.46.191.128/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.178.159/32", @@ -4544,12 +7862,30 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.144.233.192/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "70.232.88.0/22", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.131.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "104.255.59.122/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.178/32", "region": "ap-southeast-1", @@ -4592,6 +7928,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.76.148/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.78/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.61.0.0/16", "region": "us-gov-west-1", @@ -4616,6 +7964,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "54.231.0.0/16", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.150.48.0/21", "region": "ap-northeast-1", @@ -4628,6 +7982,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.164.222/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.45.96/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.96.0/24", "region": "eu-west-1", @@ -4640,6 +8006,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.65.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.185.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.188.128/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.46.191.104/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.182/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.250/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.93.127.155/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.158.0/23", "region": "ap-northeast-3", @@ -4688,12 +8096,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.100/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.64.192/26", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.12.0.0/15", "region": "us-west-2", @@ -4713,16 +8133,16 @@ "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.220.0.0/15", - "region": "ap-southeast-1", + "ip_prefix": "52.93.240.202/31", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "54.231.252.0/24", - "region": "ap-southeast-2", + "ip_prefix": "52.220.0.0/15", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "54.239.1.128/28", @@ -4736,24 +8156,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.50.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.140/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.2/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.163.0.0/16", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "43.224.76.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.192/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.176/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.182/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.250.0/23", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.34.122/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.240.168/31", "region": "us-west-2", @@ -4802,6 +8264,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.69.64/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.230.149.2/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "18.142.0.0/15", "region": "ap-southeast-1", @@ -4814,6 +8288,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.188.24/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.112/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.181/32", "region": "us-west-1", @@ -4832,18 +8318,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.223.0.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.222.32.0/22", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "64.252.123.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "99.151.112.0/21", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.164.208/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "205.251.232.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.51.224/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.32/31", "region": "us-east-2", @@ -4893,10 +8409,28 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.34.31.96/27", - "region": "us-east-1", + "ip_prefix": "150.222.28.132/31", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.31.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.72.64/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "52.46.188.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.126.138/32", @@ -4904,6 +8438,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.141.228/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.153.80/32", "region": "eu-west-2", @@ -4934,6 +8474,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.20/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.77.124/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.221/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.248.224/28", "region": "us-gov-west-1", @@ -4970,18 +8528,54 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.40.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.41.64/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.54.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.197.4.0/22", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "16.168.0.0/15", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.191.238/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.133.155/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.141.213/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.16.0/24", "region": "eu-west-3", @@ -5000,18 +8594,54 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.37.128/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.181.0.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "15.230.164.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.79.242/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "43.250.192.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.124.211/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.126.133/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "54.239.102.232/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.113.0/24", "region": "eu-west-1", @@ -5024,12 +8654,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.151.104.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "99.151.128.0/21", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "176.32.112.0/21", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.153.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.164/31", "region": "us-east-1", @@ -5042,6 +8696,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.196/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.209.192/26", "region": "eu-west-2", @@ -5066,6 +8726,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.41.224/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.42.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.44.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.47.64/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.124/31", "region": "us-east-2", @@ -5090,6 +8780,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.127.70/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.94.69.0/24", "region": "eu-central-1", @@ -5102,6 +8798,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.144.133.32/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "54.239.40.152/29", "region": "ap-northeast-2", @@ -5120,12 +8822,30 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.18/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.21.64/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.29.64/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.47.224/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.248.121.0/24", "region": "eu-west-1", @@ -5138,6 +8858,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.191.212/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.192/32", "region": "us-west-1", @@ -5156,12 +8882,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.35.32/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.34.61.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.122.0/24", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.248.36.0/22", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.46.189.180/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.244/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.55.148/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.139/32", "region": "eu-central-1", @@ -5222,6 +8984,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.129.152/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.217.228/30", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.234.74/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.54.64/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.59.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "46.137.224.0/19", "region": "ap-southeast-1", @@ -5234,6 +9026,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.180.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "65.0.0.0/14", "region": "ap-south-1", @@ -5252,12 +9050,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.5.45/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.32.64/27", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "43.224.76.84/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.96/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.76.124/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.77.128/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.116/32", "region": "ap-southeast-1", @@ -5282,12 +9110,54 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "63.246.119.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.122.96/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.140/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.44.64/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.55.32/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.16.12/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.179.8/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.76.40/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", @@ -5300,12 +9170,30 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.192.94/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.152/31", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.198/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.94.152.3/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "99.79.0.0/16", "region": "ca-central-1", @@ -5324,24 +9212,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.164.211/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.36.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.131.0/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.251.0.3/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "44.224.0.0/11", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.189.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.124/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.130/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.81.0.0/16", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.93.120.177/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.93.135.195/32", "region": "eu-south-1", @@ -5360,6 +9290,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.19/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.240.207/32", "region": "eu-south-1", @@ -5372,6 +9308,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.38.128/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.61.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.4.0/23", "region": "us-east-1", @@ -5384,6 +9332,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.70.64/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.79.156/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.161/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.172/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.211.64/26", "region": "eu-west-2", @@ -5408,18 +9380,42 @@ "service": "AMAZON", "network_border_group": "us-east-1-bos-1" }, + { + "ip_prefix": "3.48.0.0/12", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.5.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.29.0/27", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.197.12.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.93.126.137/32", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.153.176/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.200/32", "region": "us-west-1", @@ -5450,6 +9446,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.79.158/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.139/32", "region": "ap-southeast-2", @@ -5474,6 +9476,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.72.0/21", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "174.129.0.0/16", "region": "us-east-1", @@ -5492,12 +9500,54 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.131.96/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.174.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "52.46.189.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.72/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.34.120/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.198/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.93.134.181/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.141.238/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.211/32", "region": "us-west-1", @@ -5528,12 +9578,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.4/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.80/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.0.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.19.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.38.96/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.230.31.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.153.169/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.169/32", "region": "us-west-1", @@ -5558,6 +9644,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.83.84.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.248/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.36/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.42/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.28.64/27", "region": "us-west-2", @@ -5576,6 +9686,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.224.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.230.4.162/31", "region": "ap-southeast-1", @@ -5583,17 +9699,29 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.65.192/26", + "ip_prefix": "18.208.0.0/13", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "18.208.0.0/13", + "ip_prefix": "52.46.189.216/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.142/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.240.204/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.245.0/24", "region": "us-east-1", @@ -5637,17 +9765,41 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "46.51.216.0/21", - "region": "ap-southeast-1", + "ip_prefix": "15.221.51.0/24", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.93.127.97/32", - "region": "cn-northwest-1", + "ip_prefix": "15.230.189.0/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "46.51.216.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.93.127.97/32", + "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.253/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.94.152.60/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.144.223.128/26", "region": "ap-south-1", @@ -5666,12 +9818,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.86/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.242.99/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.252.244/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.125.254/31", "region": "us-east-1", @@ -5696,12 +9860,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.134.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.140.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.46.189.8/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.75.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.123.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.101/32", "region": "cn-northwest-1", @@ -5774,6 +9962,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.192/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.108/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.199/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.127.106/32", "region": "ap-southeast-1", @@ -5798,24 +10004,84 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.0.16/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.43.0/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.52.32/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.54.32/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.58.128/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.161.0.0/16", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.76.60/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.126/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.230/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.129.95/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.141.214/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.193.196/32", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.94.132.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.222.52.0/22", "region": "cn-north-1", @@ -5834,6 +10100,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.35.64/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "18.188.0.0/16", "region": "us-east-2", @@ -5846,12 +10118,42 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "43.224.76.64/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.110/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "46.51.128.0/18", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.44/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.204/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.232/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.165/32", "region": "us-west-1", @@ -5918,12 +10220,42 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.42.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.232.0.0/14", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.220.0.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "15.248.16.0/22", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.46.190.254/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.124/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.180/31", "region": "us-east-1", @@ -5948,6 +10280,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.28.116/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.208.84/31", "region": "af-south-1", @@ -5984,6 +10322,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.133.28/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.79.246/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.148/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.156/32", "region": "us-west-1", @@ -6026,6 +10382,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.15.130/31", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.156/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.62/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "184.72.128.0/17", "region": "us-east-1", @@ -6040,9 +10414,15 @@ }, { "ip_prefix": "13.34.31.224/27", - "region": "us-west-1", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.220.16.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" }, { "ip_prefix": "52.93.127.115/32", @@ -6050,12 +10430,60 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.107.7.72/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.246/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "161.188.134.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "13.34.0.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.1.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.13/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.41.160/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.51.128/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.57.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.51.0.0/16", "region": "eu-north-1", @@ -6080,6 +10508,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.197/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.207/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.80.0/20", "region": "ca-central-1", @@ -6116,6 +10556,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "104.255.59.101/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "108.166.232.0/21", "region": "us-east-2", @@ -6134,18 +10580,48 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.34.96/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "35.181.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "43.224.76.240/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.220/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.138.252/32", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.153.171/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.95.190.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.80.0.0/13", "region": "us-east-1", @@ -6170,6 +10646,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.139.124/30", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.98.0/24", "region": "ap-northeast-1", @@ -6188,12 +10670,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.77.128/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.142.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.201.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.20.0.0/14", "region": "us-east-1", @@ -6212,12 +10706,6 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, - { - "ip_prefix": "52.219.20.0/22", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" - }, { "ip_prefix": "52.219.24.0/21", "region": "us-west-1", @@ -6248,12 +10736,42 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.152.0.0/13", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.244.0.0/15", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.230.131.164/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "43.224.79.32/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.68/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.196/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.197/32", "region": "us-west-1", @@ -6272,6 +10790,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.151.88.0/21", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.24/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "177.72.240.0/21", "region": "sa-east-1", @@ -6290,6 +10820,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.6.192/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.48.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.49.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.0.4/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.16.17/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.168.0.0/14", "region": "eu-west-2", @@ -6308,6 +10868,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.237/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.178.226/32", "region": "us-west-1", @@ -6320,6 +10886,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "99.83.101.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.224.0/24", "region": "us-east-1", @@ -6357,11 +10929,65 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.64.64/26", + "ip_prefix": "15.231.0.0/16", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.76.100/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.76.176/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.100/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.92/31", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.232/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.252/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.232/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.22/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.218/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.96.0/20", "region": "ca-central-1", @@ -6374,24 +11000,60 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.118/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "108.175.48.0/22", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.144.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "13.34.8.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.23.96/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.47.32/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.16.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.36/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.148.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.189.0.0/16", "region": "us-east-2", @@ -6399,7 +11061,25 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.66.154/32", + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.77.140/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.121.189/32", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" @@ -6434,18 +11114,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "99.77.184.0/24", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "150.222.208.94/31", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.96/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.64.0.0/12", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.170.0/23", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "52.93.127.178/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.254.0/24", "region": "us-east-1", @@ -6464,12 +11168,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "70.232.64.0/20", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.82.175.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.83.88.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.87.16.0/20", "region": "ap-south-2", @@ -6482,6 +11198,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.120/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "162.213.234.0/23", "region": "eu-west-1", @@ -6489,10 +11211,16 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.131.14/31", - "region": "eu-central-1", + "ip_prefix": "13.34.55.192/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.57.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "18.201.0.0/16", @@ -6500,6 +11228,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.79.206/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.238/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.244/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.190/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.168/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.191/32", "region": "us-west-1", @@ -6554,12 +11312,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.234.76/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "208.86.88.0/23", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.20.96/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.230.39.74/31", "region": "us-east-2", @@ -6572,18 +11342,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.90.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "18.175.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.76.120/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.208/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.216.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.203/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.208.0.0/15", "region": "us-east-1", @@ -6602,6 +11396,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "142.4.160.48/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "150.222.208.90/31", "region": "af-south-1", @@ -6620,12 +11420,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.76.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.248/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.126.205/32", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.147/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.181/32", "region": "eu-south-1", @@ -6656,6 +11474,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.64/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.48.0.0/15", "region": "eu-north-1", @@ -6680,6 +11504,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.20/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.142/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.228/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.64.0.0/17", "region": "ap-southeast-2", @@ -6699,10 +11559,28 @@ "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "69.107.6.176/29", - "region": "us-west-1", + "ip_prefix": "104.255.59.132/32", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "150.222.129.69/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "195.17.0.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { "ip_prefix": "13.34.33.160/27", @@ -6782,6 +11660,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "150.222.129.64/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.207.0/24", "region": "eu-west-2", @@ -6800,6 +11684,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.226.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "15.230.76.192/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.77.0/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.104/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.180/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.193.197/32", "region": "ca-central-1", @@ -6836,12 +11750,60 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.132.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "3.4.16.0/21", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "13.34.25.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.37.192/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.221.53.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.230.85.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.50.144/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.246/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.141.240/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.227/32", "region": "us-west-1", @@ -6860,6 +11822,18 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "69.107.7.80/29", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "69.107.7.104/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.128.0/24", "region": "us-east-1", @@ -6872,6 +11846,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.234.138/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "223.71.71.96/27", "region": "GLOBAL", @@ -6884,6 +11864,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.76.128/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.96/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.126/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.18.179/32", "region": "eu-west-1", @@ -6896,6 +11894,18 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.93.193.95/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.152.62/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.94.196.0/24", "region": "eu-west-1", @@ -6926,6 +11936,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.189.112/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.175/32", "region": "us-west-1", @@ -6944,6 +11960,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.8.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.16.192/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.26.192/27", "region": "eu-west-2", @@ -6956,6 +11984,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.191.54/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.71.37/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.126.234/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.178.131/32", "region": "us-west-1", @@ -7010,6 +12056,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.20/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.14.224/27", "region": "sa-east-1", @@ -7022,6 +12074,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.45.32/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.248.71.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.181.128.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "15.230.39.138/31", "region": "us-east-2", @@ -7034,12 +12104,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.69.0/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.170.0.0/15", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.132.0.0/14", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.46.190.224/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.28/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.70.0.0/15", "region": "us-east-1", @@ -7088,12 +12182,54 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.48.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.60.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.66.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.186/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.240/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.123.11/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.127.232/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.110.0/24", "region": "GLOBAL", @@ -7112,6 +12248,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.234.130/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.14.192/27", "region": "sa-east-1", @@ -7136,18 +12278,60 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.78.128/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.236.0.0/15", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.188.248/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.64/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.36/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.168/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.19/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.216/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.247/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.135/32", "region": "us-west-1", @@ -7208,6 +12392,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.197.28.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.52/31", "region": "us-east-2", @@ -7221,7 +12411,37 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.92.68/32", + "ip_prefix": "15.230.69.128/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "43.195.0.0/16", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "43.224.76.56/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.54/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.200/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.55.160/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" @@ -7244,6 +12464,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.92.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.247.0/24", "region": "eu-central-1", @@ -7256,12 +12482,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.234.32/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.9.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.218/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.112/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.236/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.226/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.174/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.95.61.0/24", "region": "eu-west-1", @@ -7292,6 +12554,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.48/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.122/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.235.0/24", "region": "ap-south-1", @@ -7310,6 +12584,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.181.245.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.39.82/31", "region": "us-east-2", @@ -7322,6 +12602,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.191.20/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.222/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.240.156/31", "region": "us-west-2", @@ -7346,6 +12638,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.151.96.0/21", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "104.255.59.88/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "150.222.12.0/24", "region": "sa-east-1", @@ -7364,24 +12668,48 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "3.5.0.0/18", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "15.230.39.216/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.24/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.149.10/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.8.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.46.191.48/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.64/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.121.196/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.126.145/32", "region": "us-west-1", @@ -7394,6 +12722,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.94.152.68/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.249.192/28", "region": "ap-southeast-3", @@ -7413,11 +12747,35 @@ "network_border_group": "us-west-2" }, { - "ip_prefix": "64.252.83.0/24", + "ip_prefix": "52.219.172.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "64.252.83.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "150.222.234.136/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.15.0/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.58.160/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.177.64.0/23", "region": "us-east-1", @@ -7436,12 +12794,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.77.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.130/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "46.51.208.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.86.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.244/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.188/32", "region": "us-west-1", @@ -7460,12 +12842,24 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "54.239.1.208/28", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "64.252.80.0/24", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.88/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "150.222.3.218/31", "region": "ap-southeast-1", @@ -7484,30 +12878,84 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.37.32/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "18.136.0.0/16", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.76.164/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.112.0.0/16", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.91.113/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.97.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.206/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.10/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.3.16.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.26.224/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.40.64/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.212.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.197.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.114/31", "region": "us-east-2", @@ -7520,12 +12968,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.71.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "18.179.0.0/16", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.76.8/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.46/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.100/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.240/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.8/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.162/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.156.0/22", "region": "ap-east-1", @@ -7538,6 +13028,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.95.138.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.200.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "64.252.100.0/24", "region": "ap-south-1", @@ -7574,6 +13076,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.56.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.57.0.0/16", "region": "us-west-1", @@ -7586,6 +13094,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.64.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "15.230.67.192/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.251.0.13/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.153.175/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.240.172/31", "region": "us-west-2", @@ -7598,6 +13130,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "70.232.96.0/20", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "99.77.140.0/24", "region": "ap-northeast-3", @@ -7616,6 +13154,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.96/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.56/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.14.0/24", "region": "ca-central-1", @@ -7634,12 +13190,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.129.242/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.230.114/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.11.0/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", @@ -7670,6 +13238,24 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.188.28/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.134/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.192.88/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.202/31", "region": "ap-southeast-1", @@ -7688,12 +13274,48 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.3.6.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.16.18/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.68.0/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.216/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.186/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.63.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.120.176/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.93.178.167/32", "region": "us-west-1", @@ -7706,6 +13328,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.137.0.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "150.222.11.88/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.239.0/24", "region": "eu-west-1", @@ -7724,18 +13358,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.37.224/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.230.160.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.77.188/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.82.128.0/19", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.121.187/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.94/32", "region": "cn-northwest-1", @@ -7743,16 +13401,16 @@ "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "52.95.255.96/28", - "region": "us-west-1", + "ip_prefix": "52.93.127.200/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.231.128.0/19", - "region": "eu-west-1", + "ip_prefix": "52.95.255.96/28", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "99.83.98.0/24", @@ -7766,6 +13424,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.16/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "150.222.83.0/24", "region": "ap-south-1", @@ -7784,6 +13448,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.60.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.156.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.251.0.14/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.204.0.0/14", "region": "us-east-1", @@ -7796,6 +13478,36 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.44/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.92/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.110/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.129/32", "region": "ap-south-1", @@ -7850,6 +13562,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.41.96/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.189.252/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.116.0/22", "region": "us-west-2", @@ -7862,12 +13586,30 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "64.252.119.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.212.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "208.86.90.0/23", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.248.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "15.230.39.22/31", "region": "us-east-2", @@ -7880,18 +13622,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.188.0/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.29.0.0/16", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.190.72/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.52/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.92/32", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.175/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.15.0/24", "region": "eu-west-2", @@ -7912,9 +13678,9 @@ }, { "ip_prefix": "52.95.144.0/24", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.144.194.64/26", @@ -7934,30 +13700,72 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.131/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "150.222.230.100/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.114/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.43.64/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.52.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.200.0.0/13", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.230.59.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "18.180.0.0/15", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.76.52/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "46.137.128.0/18", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.191.192/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.2.0/24", "region": "eu-west-1", @@ -7970,6 +13778,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.183/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.128/32", "region": "us-west-1", @@ -8000,18 +13814,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.104/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.230.110/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.118/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.2.2.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "13.34.4.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.26.32/27", "region": "us-west-2", @@ -8024,6 +13856,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.39.128/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.48.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.246.0.0/16", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "15.221.2.0/24", "region": "eu-west-1", @@ -8036,12 +13886,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.79.128/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "15.230.149.4/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.190.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.240/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.99.0/24", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.71/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.141.244/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.249.240/28", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.40.0/24", "region": "us-west-2", @@ -8090,6 +13982,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.41.128/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.47.192/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.54.0.0/15", "region": "ap-southeast-2", @@ -8102,6 +14006,30 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.248.24.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "52.46.188.252/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.164/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.18/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.131/32", "region": "us-east-1", @@ -8116,9 +14044,9 @@ }, { "ip_prefix": "52.95.142.0/23", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.95.235.0/24", @@ -8138,12 +14066,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, - { - "ip_prefix": "54.231.232.0/21", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" - }, { "ip_prefix": "54.239.128.0/18", "region": "GLOBAL", @@ -8180,6 +14102,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.74/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.28.128/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.72.0/24", "region": "ap-southeast-2", @@ -8192,6 +14126,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.114/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.12.0.0/16", "region": "us-east-2", @@ -8210,6 +14150,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.157.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.181.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "36.103.232.128/26", "region": "GLOBAL", @@ -8228,6 +14180,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.127.255/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.131/32", "region": "eu-south-1", @@ -8252,6 +14210,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.219.194.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.150.72.0/21", "region": "eu-west-3", @@ -8264,12 +14228,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.12/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.240.161/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "3.3.5.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-4" + }, + { + "ip_prefix": "13.34.46.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.34.57/32", "region": "us-west-1", @@ -8312,18 +14294,84 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.15.128/31", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.158/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.129.250/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.217.17/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "204.246.160.0/22", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.43.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.193.4.0/24", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.71.0/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.230.203.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.76.36/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.222/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.92.70/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.192.93/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.158/31", "region": "us-west-2", @@ -8336,6 +14384,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "71.132.0.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.40.0/21", "region": "eu-west-2", @@ -8360,6 +14414,18 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "13.34.5.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.51.160/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.177.72.0/24", "region": "eu-north-1", @@ -8384,18 +14450,36 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.66/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.2.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.168/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.125/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.66/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.214.128/26", "region": "eu-south-1", @@ -8420,12 +14504,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "104.255.59.105/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.3.228/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.17/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "176.32.96.0/21", "region": "us-east-1", @@ -8438,12 +14534,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.160/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.34.46.224/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.248.108.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.251.0.15/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.124.14/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.93.126.206/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.240.146/31", "region": "us-west-2", @@ -8492,6 +14618,36 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.19.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.42.224/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.181.192.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "52.93.55.166/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.123.136/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.144/32", "region": "us-west-1", @@ -8504,6 +14660,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.193.93/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.162/31", "region": "us-west-2", @@ -8540,6 +14702,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.48/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.77.190.0/24", "region": "GLOBAL", @@ -8564,18 +14732,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.28/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.56.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.106.0/24", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.133.17/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ip_prefix": "43.224.77.120/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.111/32", "region": "ap-southeast-1", @@ -8606,6 +14798,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.28.110/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.117.0/24", "region": "eu-north-1", @@ -8642,24 +14840,66 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.57.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.181.252.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "18.198.0.0/15", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.77.8/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.9.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.46.188.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.188/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.238/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.38.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.94.152.69/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.216.4/31", "region": "eu-north-1", @@ -8672,6 +14912,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.107.7.0/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.77.141.0/24", "region": "ap-northeast-2", @@ -8684,6 +14930,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.36.0/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.42.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.248.20.0/22", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.251.0.8/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "27.0.0.0/22", "region": "ap-northeast-1", @@ -8696,6 +14966,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.188.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.180/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.98.0/24", "region": "ap-south-1", @@ -8714,6 +14996,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.12/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.233.130/31", "region": "ap-northeast-3", @@ -8726,6 +15014,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "69.107.7.112/29", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.136.0.0/13", "region": "us-east-2", @@ -8738,18 +15032,60 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.14.12/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.83.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.212/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.228/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.164/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.37.223/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.121.188/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.178/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.193.90/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.248.192/28", "region": "eu-west-2", @@ -8768,6 +15104,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.44.32/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.248.112.0/24", "region": "us-west-2", @@ -8781,7 +15123,7 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.65.128/26", + "ip_prefix": "15.230.145.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" @@ -8792,6 +15134,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "64.252.120.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.3.179/32", "region": "ap-southeast-1", @@ -8804,6 +15152,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.138/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.243.11/32", "region": "eu-south-1", @@ -8816,18 +15170,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.35.96/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.230.182.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.50.138/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.92.66/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.95/32", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.148/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.248.112/28", "region": "eu-central-1", @@ -8840,6 +15218,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.16/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.30/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.60.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.61.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.181.242.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.197.2.0/24", "region": "GLOBAL", @@ -8852,12 +15260,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.70.128/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.230.92.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.248.8.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.93.50.152/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.141.226/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.176/32", "region": "us-west-1", @@ -8894,6 +15326,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.42.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.60.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.78.0/24", "region": "eu-west-2", @@ -8906,18 +15350,36 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.230.0.14/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.76/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.71.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.66.0.0/16", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.250/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.240.184/31", "region": "us-west-2", @@ -8949,10 +15411,16 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.25.216/29", - "region": "ap-south-1", + "ip_prefix": "13.34.44.192/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.80.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" }, { "ip_prefix": "35.168.0.0/13", @@ -8960,6 +15428,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.79.124/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.234/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.64.128.0/17", "region": "ap-southeast-2", @@ -8972,18 +15452,66 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.136/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.234.3/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.46.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.55.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.209.0.0/16", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.181.40.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.79.28/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.248/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.224/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.60.0.0/16", "region": "ca-central-1", @@ -9014,12 +15542,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "69.107.3.176/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "72.44.32.0/19", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.28.105/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "205.251.236.0/22", "region": "us-gov-west-1", @@ -9027,20 +15567,56 @@ "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "13.34.22.56/29", - "region": "ap-south-1", + "ip_prefix": "3.100.0.0/16", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "us-west-1" }, { - "ip_prefix": "15.221.3.0/24", - "region": "eu-central-1", + "ip_prefix": "13.34.52.192/27", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "54.240.236.46/32", - "region": "eu-south-1", + "ip_prefix": "15.181.16.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "15.181.96.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "15.221.3.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.248.32.0/22", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.92.0.0/17", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.127.202/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "54.240.236.46/32", + "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, @@ -9056,6 +15632,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.200/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.84/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.204/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.51.29/32", "region": "us-east-1", @@ -9086,12 +15680,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "69.107.7.96/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.102.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.5.44/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.1.0/24", "region": "us-east-1", @@ -9104,6 +15710,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.55.154/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.131.217/32", "region": "eu-south-1", @@ -9146,6 +15758,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.40/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.188/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.6/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.132/31", "region": "us-east-1", @@ -9158,12 +15788,48 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.15.126/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.129.255/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.116/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.236.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "162.222.148.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "3.4.2.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "13.34.4.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.31.0/27", "region": "us-east-1", @@ -9242,12 +15908,60 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.9.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.248.65.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "43.224.79.164/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.218/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.224/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.42/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.69.0/24", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.93.141.242/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.151/32", "region": "us-west-1", @@ -9278,6 +15992,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.40/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.13.0.0/16", "region": "us-east-2", @@ -9296,6 +16016,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.92.128.0/17", "region": "us-east-1", @@ -9314,12 +16040,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "104.255.56.11/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.83/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.233.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.234.58/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.49.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.210.0.0/15", "region": "ap-southeast-2", @@ -9327,22 +16077,34 @@ "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "52.93.178.140/32", + "ip_prefix": "43.224.77.144/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.55.164/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.178.174/32", + "ip_prefix": "52.93.127.251/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.178.140/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.242.128/25", - "region": "cn-northwest-1", + "ip_prefix": "52.93.178.174/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "52.94.17.0/24", @@ -9386,6 +16148,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.91/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "104.255.59.115/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "150.222.164.210/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "184.169.128.0/17", "region": "us-west-1", @@ -9398,6 +16178,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.41.0/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.61.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.6.0/24", "region": "ap-southeast-1", @@ -9410,6 +16202,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.77.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.202/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.240.236.65/32", "region": "eu-south-1", @@ -9428,6 +16238,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "104.255.59.85/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.234.124/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.8.0.0/14", "region": "eu-west-2", @@ -9446,6 +16268,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.160/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.133.127/32", "region": "eu-south-1", @@ -9458,6 +16292,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.141.230/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.232/32", "region": "us-west-1", @@ -9470,12 +16310,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.176.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.204.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.8/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.67.0/24", "region": "eu-west-2", @@ -9488,12 +16340,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.110/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.232.112/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.202/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.191.150/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.204/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.132/32", "region": "us-west-1", @@ -9542,6 +16418,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.42.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.4.158/31", "region": "ap-southeast-1", @@ -9566,12 +16448,36 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.46.188.52/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.64/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.194/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.119/32", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.127.153/32", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.94.252.0/23", "region": "us-east-1", @@ -9608,12 +16514,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.129.146/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.243.33/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.53.128/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.55.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.57.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.123.0/24", "region": "eu-central-1", @@ -9626,6 +16556,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.168/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.12/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.26/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.127.100/32", "region": "cn-northwest-1", @@ -9644,6 +16592,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.22/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.72/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.240.131/32", "region": "eu-south-1", @@ -9656,12 +16616,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.51.96/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.58.192/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.230.39.8/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.77.148/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.226/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.7.0/24", "region": "sa-east-1", @@ -9686,6 +16670,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.220.220.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.221.48.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", @@ -9710,12 +16706,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "54.239.102.162/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.92.0/22", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "161.188.138.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "3.16.0.0/14", "region": "us-east-2", @@ -9728,18 +16736,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.191.0.0/16", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.164/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.6/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.130.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.46.188.224/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.72.0.0/15", "region": "us-east-1", @@ -9758,6 +16790,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.141.222/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.182.0.0/16", "region": "GLOBAL", @@ -9782,6 +16820,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "99.151.64.0/21", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "120.253.245.192/27", "region": "GLOBAL", @@ -9800,6 +16844,36 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.54.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.58.96/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.232/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.112/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.202/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.62.0.0/15", "region": "ap-southeast-2", @@ -9824,6 +16898,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.141.236/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.249.224/28", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.219.44.0/22", "region": "eu-central-1", @@ -9842,6 +16928,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.28.118/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.70.0/24", "region": "sa-east-1", @@ -9866,6 +16958,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.60.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "16.50.0.0/15", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "43.224.77.104/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.90/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.224/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.133.179/32", "region": "eu-south-1", @@ -9902,6 +17024,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.234.38/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.242.229/32", "region": "af-south-1", @@ -9926,6 +17054,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.36.32/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.248.125.0/24", "region": "ap-southeast-1", @@ -9939,19 +17073,43 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.245.0/24", - "region": "ap-northeast-1", + "ip_prefix": "15.230.66.0/25", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.95.16.0/21", - "region": "us-east-2", + "ip_prefix": "43.224.76.12/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.234.0.0/15", + "ip_prefix": "43.224.79.182/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.164/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.245.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.95.16.0/21", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "54.234.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" @@ -9975,10 +17133,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.92.16.0/20", - "region": "us-east-1", + "ip_prefix": "15.230.58.0/24", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.44/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "52.93.67.0/24", @@ -9998,12 +17162,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "52.219.169.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "54.240.236.66/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.77.32.0/20", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.154.0/24", "region": "us-west-1", @@ -10016,6 +17192,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.11.80/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "172.96.97.0/24", "region": "us-east-1", @@ -10034,18 +17216,54 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "16.12.0.0/23", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.64.0.0/14", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.228.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "43.224.79.160/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.16.0.0/15", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.191.240/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.122/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.199/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.28.0/24", "region": "us-east-2", @@ -10070,6 +17288,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.219.184.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "120.52.12.64/26", "region": "GLOBAL", @@ -10088,12 +17312,54 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "13.34.50.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.84.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.250.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "43.224.79.62/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.192/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.32.180/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.87.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.102/32", "region": "cn-northwest-1", @@ -10118,6 +17384,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.38.32/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.42.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.47.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", @@ -10136,12 +17420,36 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "43.224.76.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.120/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.82.0.0/17", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.185/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.172/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.249.32/28", "region": "eu-west-3", @@ -10160,6 +17468,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.102/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.129.130/31", "region": "eu-central-1", @@ -10178,6 +17492,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.82.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.230.131.162/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "43.224.79.108/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.4/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.108/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.120/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.149.0/24", "region": "us-west-1", @@ -10232,6 +17582,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.139.116/30", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.59.192/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.198/31", "region": "us-east-2", @@ -10244,6 +17606,54 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.72.128/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "15.230.86.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.180/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.46/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.228/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.124.210/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.93.127.157/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.94.160.0/20", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.144.228.2/31", "region": "ap-south-1", @@ -10268,18 +17678,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.234.103/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.8.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.23.160/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.49.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.136.0/24", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "52.46.188.144/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.130/32", "region": "ap-south-1", @@ -10292,6 +17726,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "99.83.112.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.87/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "104.255.59.139/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.208.92/31", "region": "af-south-1", @@ -10310,42 +17762,132 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.52.224/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.249.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "15.230.39.80/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.68.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.196/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.236/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.172/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.12/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.88.0.0/15", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.32.176/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.192.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.193.194/32", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "69.107.7.64/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.0.18/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.5.244.0/22", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.5.12/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.221.40.0/21", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.144/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.149.0/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "18.253.0.0/16", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "52.46.190.244/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.192.0/20", "region": "eu-north-1", @@ -10376,6 +17918,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.192.95/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.249.112/28", "region": "us-gov-east-1", @@ -10400,30 +17948,78 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.18.224/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.34.47.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.152/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.121.198/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.150.0/24", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.192.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.112.0/20", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.95.188.0/23", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "99.78.196.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "104.255.59.106/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "130.176.192.0/19", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.3.192/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.28.0/27", "region": "us-west-2", @@ -10448,6 +18044,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.184/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.44/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.132/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.229/32", "region": "us-west-1", @@ -10466,18 +18080,54 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.231.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.104.0/21", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.54.0/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.230.39.106/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.198.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "52.46.188.180/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.207/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.249/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.158/32", "region": "us-west-1", @@ -10520,18 +18170,36 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.208.0.0/12", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.248.64.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.221.0.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.0.5/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.48/31", "region": "us-east-2", @@ -10550,6 +18218,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.79.120/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.178/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "54.222.64.0/23", "region": "cn-north-1", @@ -10574,6 +18254,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "130.176.254.0/24", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "142.4.160.72/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "150.222.3.188/32", "region": "ap-southeast-1", @@ -10592,12 +18284,42 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.17.24/29", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "52.46.188.56/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.232/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.106/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.138/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.153.173/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.173/32", "region": "us-west-1", @@ -10610,18 +18332,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, - { - "ip_prefix": "54.231.192.0/20", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "54.233.128.0/17", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.104/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "150.222.122.110/31", "region": "eu-central-1", @@ -10629,34 +18351,106 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "203.83.220.0/22", - "region": "ap-southeast-1", + "ip_prefix": "150.222.129.20/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "15.230.39.156/31", - "region": "us-east-2", + "ip_prefix": "150.222.129.240/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.95.80.0/20", - "region": "ap-south-1", + "ip_prefix": "150.222.139.120/30", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.219.132.0/22", + "ip_prefix": "203.83.220.0/22", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "150.222.208.65/32", - "region": "af-south-1", + "ip_prefix": "204.45.0.0/16", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.221.52.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "15.230.39.156/31", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.77.192/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.76.0/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.122/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.103/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.146/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.95.80.0/20", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "52.219.132.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.208.65/32", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "150.222.217.234/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "161.188.152.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" }, { "ip_prefix": "176.32.124.128/25", @@ -10700,6 +18494,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.191.34/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.34.42/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.26/32", "region": "eu-west-1", @@ -10730,6 +18536,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.217.252/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.234.46/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.35.128/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "13.230.0.0/15", "region": "ap-northeast-1", @@ -10748,6 +18572,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.196.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "43.224.77.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.249.46.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.4.0/24", "region": "us-east-1", @@ -10826,18 +18668,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.49.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.28.0/22", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.230.74.0/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.176.0.0/15", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.127.154/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.219.144.0/22", "region": "ap-northeast-2", @@ -10886,18 +18746,36 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.28.134/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.20.0.0/14", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.44.160/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.156.0.0/15", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.16.252/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.246/31", "region": "us-east-2", @@ -10916,12 +18794,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.79.90/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.138/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.164/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.48/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.170/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.194/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.66.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.76.0.0/15", "region": "eu-west-1", @@ -10934,6 +18848,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.124/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "205.251.192.0/21", "region": "GLOBAL", @@ -10952,30 +18872,66 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.47.96/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.228/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.93.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.77.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.40.0.0/14", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.180/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.50.154/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.124.15/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.126.213/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.64/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.170.0/23", "region": "eu-north-1", @@ -11018,6 +18974,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.8/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "43.198.0.0/15", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "43.224.79.204/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.0/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.11.0/24", "region": "ap-southeast-1", @@ -11048,18 +19034,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.129.246/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "204.246.164.0/22", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.43.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.28.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "43.224.77.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.165/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.198.128/28", "region": "ca-central-1", @@ -11090,6 +19100,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.44/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.82/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.26.160/27", "region": "eu-north-1", @@ -11108,12 +19130,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.75.64/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "34.240.0.0/13", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.79.122/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.14.19/32", "region": "us-west-2", @@ -11162,18 +19196,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.15.127/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.234.66/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.17.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.29.192/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.73.0/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.162.0.0/16", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.46.191.70/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.141.224/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.30.0/23", "region": "ap-northeast-1", @@ -11210,6 +19280,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.3.0.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.7.64/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "13.34.58.224/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.32.0.0/14", "region": "us-west-2", @@ -11264,18 +19352,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.240.0.0/13", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.27.64/27", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.76.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.56/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.0/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.94/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.121.190/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.110/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.127.181/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.245/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.248.64/28", "region": "ap-southeast-2", @@ -11312,12 +19448,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.70/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.12.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.39.0/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "15.230.186.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.116/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.126.214/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.173/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.202/32", "region": "us-west-1", @@ -11354,12 +19526,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.113.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.5.148.0/22", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.163.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.177.2/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.79.102/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.172/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.117/32", "region": "ap-southeast-1", @@ -11367,10 +19569,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.93.242.120/29", - "region": "cn-northwest-1", + "ip_prefix": "52.93.127.156/32", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "ap-northeast-1" }, { "ip_prefix": "54.198.0.0/16", @@ -11396,12 +19598,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.32/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.164.0.0/15", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.230.150.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.251.0.1/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.98/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.96.0/19", "region": "us-gov-east-1", @@ -11414,6 +19640,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.166/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.228/32", "region": "us-west-1", @@ -11444,18 +19682,42 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.33.224/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.230.131.6/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.72/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.128/32", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.205/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.216/32", "region": "us-west-1", @@ -11474,6 +19736,18 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.40.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.52.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.221.1.0/24", "region": "us-west-2", @@ -11486,6 +19760,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.68.128/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.191.4/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.109/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.123/32", "region": "us-east-1", @@ -11498,18 +19790,42 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.234.60/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.243.39/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.33.192/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.34.59.0/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.177.0.0/18", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.181.244.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.53.0/24", "region": "ap-southeast-1", @@ -11517,25 +19833,49 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.194.0.0/15", - "region": "eu-central-1", + "ip_prefix": "15.230.74.64/26", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "52.46.64.0/20", - "region": "eu-west-3", + "ip_prefix": "18.194.0.0/15", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-west-3" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.93.50.186/31", + "ip_prefix": "43.224.79.140/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.126.136/32", + "ip_prefix": "43.224.79.230/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.64.0/20", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.46.191.152/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.50.186/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.136/32", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" @@ -11582,6 +19922,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "142.4.160.96/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "150.222.11.96/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.230.93/32", "region": "eu-central-1", @@ -11594,6 +19946,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.27.17/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.44.128/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.45.192/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.181.120.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.193.1.0/24", "region": "ap-northeast-1", @@ -11606,6 +19982,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.11/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.68/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.168/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.80.0/21", "region": "eu-west-3", @@ -11618,6 +20012,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.189.64/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.104/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.86/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.67.0.0/16", "region": "sa-east-1", @@ -11642,6 +20054,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "150.222.28.112/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.217.232/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.4.176/28", "region": "ap-southeast-1", @@ -11654,12 +20078,30 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.69.192/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "18.138.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.188.236/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.251/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.193.201/32", "region": "ca-central-1", @@ -11678,6 +20120,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "54.239.1.176/28", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "54.239.1.192/28", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "63.246.114.0/23", "region": "GLOBAL", @@ -11708,42 +20162,138 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.154.0/23", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.78/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.4/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.52.0.0/15", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.32.179/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.144.197.128/26", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.219.152.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.233.64.0/18", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "70.232.120.0/22", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "150.222.129.144/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "161.188.150.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-5" + }, { "ip_prefix": "3.34.0.0/15", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.50.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.53.64/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.57.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.74.0/24", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.197.3.0/24", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.56.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.75.128/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "43.224.77.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.172.0/22", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.46.191.12/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.65.0.0/16", "region": "ap-southeast-2", @@ -11798,18 +20348,48 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.40.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.104.0/24", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.181.251.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "34.248.0.0/13", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.76.204/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.237.0/24", "region": "us-west-1", @@ -11840,12 +20420,54 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "142.4.160.32/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "142.4.160.112/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "161.188.160.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.73.64/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.78.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "36.103.232.0/25", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "43.224.76.244/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.164.0/23", "region": "us-east-1", @@ -11858,12 +20480,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "67.220.224.0/20", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.82.168.0/24", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "104.255.59.137/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "108.128.0.0/13", "region": "eu-west-1", @@ -11882,6 +20516,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.27.16/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.126.0/24", "region": "ca-central-1", @@ -11894,6 +20534,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.131.9/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.100.0.0/15", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.93.91.106/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.119.205.0/24", "region": "ap-southeast-1", @@ -11930,6 +20588,42 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.8/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.134/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.41.32/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.55.160/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.61.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.248.66.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.177.87.0/24", "region": "me-south-1", @@ -11942,6 +20636,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.77.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.4.0/24", "region": "us-east-2", @@ -11954,6 +20654,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.250.0/28", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "54.222.48.0/22", "region": "cn-north-1", @@ -11979,23 +20685,53 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "176.32.120.0/22", + "ip_prefix": "104.255.56.12/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.31.128/27", + "ip_prefix": "150.222.234.106/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "176.32.120.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.31.128/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.177.85.0/24", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.246.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "15.230.75.0/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.46.189.52/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.170/31", "region": "us-east-1", @@ -12014,12 +20750,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.61/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.251.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "54.239.102.236/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "72.41.0.0/20", "region": "us-east-1", @@ -12032,12 +20780,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.129.66/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.25.160/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.48.96/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.50.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.55.96/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.91.0/24", "region": "af-south-1", @@ -12062,6 +20834,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.191.100/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.216/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.193.96/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.181.0/24", "region": "ap-northeast-3", @@ -12098,6 +20888,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.151.136.0/21", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "150.222.3.181/32", "region": "ap-southeast-1", @@ -12122,12 +20918,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.36.64/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.46.64/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "13.248.116.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.181.240.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "52.76.0.0/17", "region": "ap-southeast-1", @@ -12140,12 +20954,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.125.42/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.193.203/32", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.240.200/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.216.6/31", "region": "eu-north-1", @@ -12158,12 +20984,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.77.28.0/22", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "120.232.236.128/26", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.114/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.34.23.32/27", "region": "us-east-2", @@ -12188,6 +21026,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.34.128/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.248.69.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.44/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.18.0.0/15", "region": "eu-west-1", @@ -12206,6 +21062,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.98/32", "region": "cn-northwest-1", @@ -12266,12 +21128,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.36.128/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.230.195.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.76.48/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.206/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.239.0.32/28", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.144.0/21", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "104.255.59.81/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.3.196/31", "region": "ap-southeast-1", @@ -12290,24 +21188,54 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.49.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.172/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.77.156/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.10.0.0/15", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.188.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.164.0/22", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.184/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.149/32", "region": "us-west-1", @@ -12326,6 +21254,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.39.224/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.230.39.6/31", "region": "us-east-2", @@ -12333,20 +21267,56 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.144.208.64/26", + "ip_prefix": "15.230.176.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, { - "ip_prefix": "99.78.172.0/24", - "region": "eu-west-1", + "ip_prefix": "15.248.40.0/22", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "150.222.129.138/31", - "region": "eu-central-1", + "ip_prefix": "52.46.190.52/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.84/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.149/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.192.97/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.144.208.64/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.78.172.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.129.138/31", + "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, @@ -12356,12 +21326,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.4.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-2" + }, + { + "ip_prefix": "3.33.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.251.0.4/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.114/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.232/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.46.249.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.220/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.190/31", "region": "us-west-2", @@ -12392,6 +21398,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.217.226/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "162.213.233.0/24", "region": "eu-west-1", @@ -12416,6 +21428,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.161.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.46.190.190/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.91.97/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.107/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.255.0/28", "region": "sa-east-1", @@ -12464,6 +21500,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "16.162.0.0/15", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.148.0.0/14", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.168/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.119.184.0/22", "region": "ap-southeast-1", @@ -12488,24 +21542,78 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.77.16.0/21", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "204.246.176.0/20", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.62.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.44.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.32.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "15.181.116.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "15.197.24.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.43.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.76.116/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.152/32", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.93.178.208/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.196.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "65.8.0.0/16", "region": "GLOBAL", @@ -12524,6 +21632,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.48.64/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.243.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.23.0/24", "region": "ap-southeast-2", @@ -12536,6 +21656,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.216/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.172/32", "region": "us-west-1", @@ -12584,6 +21710,48 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "13.34.44.96/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.52.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.61.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.88.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.77.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.166/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.58.32/28", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.190/32", "region": "us-west-1", @@ -12608,6 +21776,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.86/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.11.94/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.206.0/24", "region": "us-east-1", @@ -12626,6 +21806,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.39.160/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.56.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.107.0/24", "region": "ap-southeast-1", @@ -12650,6 +21842,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "18.254.0.0/16", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "43.224.76.220/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.240/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.50.172/31", "region": "us-east-1", @@ -12674,12 +21884,48 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.11.76/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.15.125/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.138.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.2/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.4.24.0/21", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "13.34.61.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.220.224.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "15.230.30.0/24", "region": "eu-west-1", @@ -12687,10 +21933,22 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.64.128/26", - "region": "eu-west-2", + "ip_prefix": "15.230.84.0/24", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.76.224/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.126.134/32", @@ -12734,18 +21992,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "108.138.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.253.241.160/27", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.120/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.243.55/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "15.197.20.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "43.224.79.220/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.28.0.0/16", "region": "eu-central-1", @@ -12770,12 +22052,54 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.193.94/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.87.8.0/21", "region": "ap-south-2", "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.46.96/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.49.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.54.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.60/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.44/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.188/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.103/32", "region": "cn-northwest-1", @@ -12800,6 +22124,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.48.0/21", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "205.251.240.0/22", "region": "us-east-1", @@ -12812,18 +22142,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.33.34.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.53.96/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.57.32/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.102.0/24", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.199.0/28", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.79.26/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.250.193.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.190.242/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.77.0.0/16", "region": "ap-southeast-1", @@ -12854,18 +22220,66 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "69.107.7.32/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.129.142/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.5.236.0/22", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.7.96/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.181.250.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.193.10.0/24", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.230.94.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.131.80/28", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.46.191.110/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.178/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.144.192.64/26", "region": "us-east-1", @@ -12890,6 +22304,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.232.94/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.50.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.58/31", "region": "us-east-2", @@ -12914,6 +22346,30 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "43.224.79.184/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.102/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.140/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.240.0/22", "region": "eu-west-1", @@ -12980,12 +22436,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.20.32/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "13.34.36.96/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.51.64/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.62/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.179.0/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.183.0.0/16", "region": "ap-northeast-1", @@ -12998,6 +22478,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.34.124/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.60.0/24", "region": "us-east-1", @@ -13010,18 +22496,54 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.158/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "70.232.112.0/21", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "99.77.135.0/24", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "104.255.59.135/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.34.59.32/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.193.8.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.197.30.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.82.192.0/18", "region": "cn-northwest-1", @@ -13040,6 +22562,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.104/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.123.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.186/32", "region": "us-west-1", @@ -13076,6 +22610,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.217.253/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "150.222.229.0/24", "region": "eu-south-1", @@ -13100,6 +22640,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.34.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.228.0.0/15", "region": "ap-southeast-1", @@ -13113,14 +22659,38 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.178.221/32", - "region": "us-west-1", + "ip_prefix": "15.230.131.128/28", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.94.248.96/28", - "region": "us-west-2", + "ip_prefix": "43.224.76.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.36/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.176/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.178.221/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.248.96/28", + "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, @@ -13160,6 +22730,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.0.17/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.3.220/31", "region": "ap-southeast-1", @@ -13172,18 +22748,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "209.54.184.0/21", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.34.51.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.148/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.188.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.82/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.188.0/22", "region": "cn-northwest-1", @@ -13196,12 +22802,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.193.97/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.222.58.32/28", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "69.107.7.120/29", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "99.77.186.0/24", "region": "us-west-2", @@ -13214,6 +22832,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.102/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.125.0/25", "region": "us-west-2", @@ -13226,18 +22850,66 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.60.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.68.0/23", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.71.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.190.0/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.76.4/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.228/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.166/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.92/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.158/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.252/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.208.64/32", "region": "af-south-1", @@ -13274,150 +22946,24 @@ "service": "CHIME_VOICECONNECTOR", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "54.252.254.192/26", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "177.71.207.128/26", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ip_prefix": "54.255.254.192/26", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ip_prefix": "52.80.198.0/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "54.244.52.192/26", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ip_prefix": "54.251.31.128/26", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ip_prefix": "52.80.197.0/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "54.241.32.64/26", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ip_prefix": "54.245.168.0/26", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ip_prefix": "54.232.40.64/26", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ip_prefix": "52.80.197.128/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "52.83.35.128/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "54.248.220.0/26", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ip_prefix": "52.83.35.0/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "176.34.159.192/26", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ip_prefix": "54.252.79.128/26", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "52.83.34.128/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "54.183.255.128/26", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ip_prefix": "54.250.253.192/26", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, { "ip_prefix": "15.177.0.0/18", "region": "GLOBAL", "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "54.228.16.0/26", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ip_prefix": "107.23.255.0/26", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ip_prefix": "54.243.31.192/26", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.219.170.0/23", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.219.168.0/24", "region": "eu-central-1", @@ -13461,10 +23007,28 @@ "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.219.48.0/22", - "region": "ap-southeast-1", + "ip_prefix": "52.219.192.0/23", + "region": "us-west-1", "service": "S3", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.95.136.0/23", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.143.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "3.5.136.0/22", @@ -13478,12 +23042,6 @@ "service": "S3", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "52.92.60.0/22", - "region": "ap-northeast-1", - "service": "S3", - "network_border_group": "ap-northeast-1" - }, { "ip_prefix": "52.219.68.0/22", "region": "ap-northeast-1", @@ -13509,10 +23067,22 @@ "network_border_group": "me-south-1" }, { - "ip_prefix": "52.92.72.0/22", - "region": "sa-east-1", + "ip_prefix": "52.95.187.0/24", + "region": "me-central-1", "service": "S3", - "network_border_group": "sa-east-1" + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "52.219.141.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.95.139.0/24", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" }, { "ip_prefix": "52.95.128.0/21", @@ -13526,11 +23096,17 @@ "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.95.168.0/24", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "S3", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.219.16.0/22", @@ -13556,6 +23132,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.219.195.0/24", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.72.0/23", "region": "eu-west-1", @@ -13564,9 +23146,9 @@ }, { "ip_prefix": "52.95.166.0/23", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "S3", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.95.169.0/24", @@ -13574,12 +23156,6 @@ "service": "S3", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "54.231.248.0/22", - "region": "ap-southeast-2", - "service": "S3", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "3.5.152.0/21", "region": "ap-northeast-1", @@ -13592,6 +23168,12 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.219.142.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.219.0.0/20", "region": "ap-northeast-1", @@ -13610,24 +23192,12 @@ "service": "S3", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "54.231.0.0/17", - "region": "us-east-1", - "service": "S3", - "network_border_group": "us-east-1" - }, { "ip_prefix": "76.223.104.0/24", "region": "GLOBAL", "service": "S3", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "52.92.40.0/21", - "region": "eu-west-1", - "service": "S3", - "network_border_group": "eu-west-1" - }, { "ip_prefix": "52.219.32.0/21", "region": "ap-southeast-1", @@ -13664,12 +23234,30 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "52.95.140.0/23", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.95.156.0/24", "region": "eu-west-3", "service": "S3", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "16.12.2.0/24", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.95.160.0/23", "region": "ap-east-1", @@ -13718,6 +23306,12 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.231.0.0/16", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.158.0/23", "region": "ap-northeast-3", @@ -13730,12 +23324,6 @@ "service": "S3", "network_border_group": "us-east-1" }, - { - "ip_prefix": "54.231.252.0/24", - "region": "ap-southeast-2", - "service": "S3", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "52.219.96.0/20", "region": "us-east-2", @@ -13766,12 +23354,24 @@ "service": "S3", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.248.228.0/24", "region": "GLOBAL", "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.219.180.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.95.172.0/23", "region": "me-south-1", @@ -13809,10 +23409,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.219.20.0/22", - "region": "us-west-1", + "ip_prefix": "52.95.190.0/24", + "region": "ca-central-1", "service": "S3", - "network_border_group": "us-west-1" + "network_border_group": "ca-central-1" }, { "ip_prefix": "52.219.24.0/21", @@ -13904,18 +23504,30 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "3.5.0.0/18", - "region": "us-east-1", - "service": "S3", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.152.0/23", "region": "eu-south-1", "service": "S3", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.219.172.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.95.138.0/24", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.200.0/24", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.216.0/22", "region": "eu-north-1", @@ -13928,12 +23540,6 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "54.231.128.0/19", - "region": "eu-west-1", - "service": "S3", - "network_border_group": "eu-west-1" - }, { "ip_prefix": "52.95.180.0/24", "region": "af-south-1", @@ -13942,9 +23548,9 @@ }, { "ip_prefix": "52.95.144.0/24", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "S3", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.95.184.0/23", @@ -13960,12 +23566,12 @@ }, { "ip_prefix": "52.95.142.0/23", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "S3", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "54.231.232.0/21", + "ip_prefix": "52.219.194.0/24", "region": "us-west-1", "service": "S3", "network_border_group": "us-west-1" @@ -14006,12 +23612,24 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.92.0.0/17", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.154.0/23", "region": "eu-west-3", "service": "S3", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.219.176.0/22", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ip_prefix": "76.223.103.0/24", "region": "GLOBAL", @@ -14049,10 +23667,16 @@ "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.92.16.0/20", - "region": "us-east-1", + "ip_prefix": "52.219.169.0/24", + "region": "eu-central-1", "service": "S3", - "network_border_group": "us-east-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "16.12.0.0/23", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" }, { "ip_prefix": "52.95.146.0/23", @@ -14060,6 +23684,12 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.219.184.0/21", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.218.128.0/17", "region": "us-west-2", @@ -14078,6 +23708,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.95.188.0/23", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ip_prefix": "13.248.232.0/24", "region": "GLOBAL", @@ -14091,10 +23727,10 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "54.231.192.0/20", - "region": "eu-central-1", + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", "service": "S3", - "network_border_group": "eu-central-1" + "network_border_group": "eu-south-2" }, { "ip_prefix": "52.219.132.0/22", @@ -14138,6 +23774,18 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.219.152.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.222.48.0/22", "region": "cn-north-1", @@ -14162,6 +23810,12 @@ "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.219.196.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.232.0/22", "region": "sa-east-1", @@ -14192,6 +23846,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", @@ -14210,6 +23870,12 @@ "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.70.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.26.0/23", "region": "eu-west-1", @@ -14228,6 +23894,12 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.248.67.0/24", + "region": "ap-southeast-4", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.218.180.0/22", "region": "us-east-1", @@ -14252,6 +23924,12 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.248.68.0/24", + "region": "eu-central-2", + "service": "DYNAMODB", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.119.248.0/24", "region": "ap-east-1", @@ -14264,6 +23942,12 @@ "service": "DYNAMODB", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.119.240.0/21", "region": "eu-west-1", @@ -14294,6 +23978,18 @@ "service": "DYNAMODB", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "DYNAMODB", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.248.71.0/24", + "region": "ap-southeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.94.14.0/24", "region": "ca-central-1", @@ -14342,6 +24038,12 @@ "service": "DYNAMODB", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.248.65.0/24", + "region": "eu-south-2", + "service": "DYNAMODB", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.94.17.0/24", "region": "eu-central-1", @@ -14366,18 +24068,36 @@ "service": "DYNAMODB", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "13.248.64.0/24", + "region": "ap-south-2", + "service": "DYNAMODB", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.94.11.0/24", "region": "ap-southeast-1", "service": "DYNAMODB", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.248.66.0/24", + "region": "me-central-1", + "service": "DYNAMODB", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.94.4.0/24", "region": "us-east-2", "service": "DYNAMODB", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.248.69.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.19.0/24", "region": "ap-northeast-3", @@ -14414,12 +24134,30 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.108.0.0/14", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.181.232.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "3.2.0.0/24", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1-iah-1" }, + { + "ip_prefix": "161.188.154.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "52.4.0.0/14", "region": "us-east-1", @@ -14432,6 +24170,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.80/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "50.16.0.0/15", "region": "us-east-1", @@ -14450,24 +24194,54 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.205.0.0/16", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "64.252.69.0/24", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.131.192.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "13.236.0.0/14", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "43.206.0.0/15", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.95.226.0/24", "region": "ap-east-1", "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.56/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.4.0.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-6" + }, { "ip_prefix": "15.177.83.0/24", "region": "ap-southeast-2", @@ -14480,6 +24254,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.252.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "54.247.0.0/16", "region": "eu-west-1", @@ -14534,12 +24314,30 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.222.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "99.77.132.0/24", "region": "us-west-1", "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "161.188.146.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.181.247.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.232.0.0/14", "region": "us-east-1", @@ -14552,6 +24350,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "64.252.118.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.74.0.0/15", "region": "eu-west-1", @@ -14564,6 +24368,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "64.252.122.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.47.0.0/16", "region": "eu-west-3", @@ -14612,12 +24422,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.160.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "18.191.0.0/16", "region": "us-east-2", @@ -14636,6 +24458,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.80.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "54.153.128.0/17", "region": "ap-southeast-2", @@ -14744,24 +24572,48 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.77.183.0/24", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "64.252.79.0/24", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "161.188.148.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "15.188.0.0/16", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "18.116.0.0/14", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.200.0.0/15", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "54.144.0.0/14", "region": "us-east-1", @@ -14774,12 +24626,24 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "63.246.113.0/24", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.136.0/24", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.158.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "64.252.72.0/24", "region": "us-west-2", @@ -14804,6 +24668,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.3/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "3.4.3.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-1" + }, { "ip_prefix": "15.222.0.0/15", "region": "ca-central-1", @@ -14870,6 +24746,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.156.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.30.0.0/15", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.181.253.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "54.226.0.0/15", "region": "us-east-1", @@ -14888,6 +24782,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.144.0.0/13", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.244.0/24", "region": "eu-west-1", @@ -14936,12 +24836,36 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.40/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "15.228.0.0/15", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.8/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "157.241.0.0/16", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.181.112.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, { "ip_prefix": "52.94.249.208/28", "region": "ap-south-2", @@ -14966,6 +24890,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "99.151.120.0/21", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "108.136.0.0/15", "region": "ap-southeast-3", @@ -14990,6 +24920,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "161.188.136.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "99.77.155.0/24", "region": "eu-west-1", @@ -15020,6 +24956,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.181.241.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -15050,6 +24992,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.94.250.16/28", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "64.252.121.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.150.32.0/21", "region": "ap-southeast-2", @@ -15068,6 +25022,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.130.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.229.0.0/16", "region": "sa-east-1", @@ -15093,10 +25053,10 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "52.95.236.0/24", - "region": "ap-south-2", + "ip_prefix": "70.232.124.0/22", + "region": "eu-west-1", "service": "EC2", - "network_border_group": "ap-south-2" + "network_border_group": "eu-west-1" }, { "ip_prefix": "99.77.191.0/24", @@ -15140,6 +25100,18 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "161.188.140.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "99.77.55.24/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.138.0/24", "region": "eu-south-1", @@ -15176,6 +25148,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.0/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.230.0.0/16", "region": "sa-east-1", @@ -15188,6 +25166,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "70.232.86.125/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.152.0/24", "region": "us-west-2", @@ -15236,12 +25220,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.26/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.143.0/24", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.4.1.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-3" + }, { "ip_prefix": "13.56.0.0/16", "region": "us-west-1", @@ -15254,6 +25250,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.128.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "35.160.0.0/13", "region": "us-west-2", @@ -15278,6 +25280,24 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.181.144.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "43.200.0.0/14", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.68.0.0/15", "region": "ap-northeast-1", @@ -15290,6 +25310,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.181.254.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.60.0.0/15", "region": "ap-south-2", @@ -15302,12 +25328,24 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "99.151.80.0/21", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.36.0.0/14", "region": "ap-northeast-2", "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "161.188.142.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "18.190.0.0/16", "region": "us-east-2", @@ -15380,12 +25418,24 @@ "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.181.176.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "3.124.0.0/14", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.48.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "52.82.176.0/22", "region": "cn-northwest-1", @@ -15398,6 +25448,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "142.4.160.64/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "3.24.0.0/14", "region": "ap-southeast-2", @@ -15416,6 +25472,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.24/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.177.86.0/24", "region": "ap-east-1", @@ -15458,6 +25520,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "208.110.48.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.33.35.0/24", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.95.255.128/28", "region": "eu-central-1", @@ -15470,6 +25544,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "16.62.0.0/15", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.54.0.0/15", "region": "us-east-1", @@ -15482,6 +25562,12 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.74.0.0/16", "region": "ap-southeast-1", @@ -15524,6 +25610,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.214.0.0/15", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.177.77.0/24", "region": "ap-northeast-3", @@ -15548,6 +25640,18 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.78.238.255/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "3.4.6.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-3" + }, { "ip_prefix": "15.177.79.0/24", "region": "ap-northeast-1", @@ -15596,6 +25700,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "43.204.0.0/15", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "46.51.224.0/19", "region": "ap-northeast-1", @@ -15608,6 +25718,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "99.77.55.254/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "54.170.0.0/15", "region": "eu-west-1", @@ -15668,6 +25784,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "99.78.238.253/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "162.250.236.0/24", "region": "us-east-1", @@ -15710,6 +25832,24 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "64.252.123.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "99.77.55.25/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "99.151.112.0/21", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "34.224.0.0/12", "region": "us-east-1", @@ -15752,24 +25892,60 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "16.168.0.0/15", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "64.252.78.0/24", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "99.78.238.251/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.181.0.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "64.252.117.0/24", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.151.104.0/21", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "99.151.128.0/21", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "99.80.0.0/15", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.95.249.0/24", "region": "ap-south-1", @@ -15812,6 +25988,12 @@ "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "63.246.119.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", @@ -15848,6 +26030,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.72.0/21", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "174.129.0.0/16", "region": "us-east-1", @@ -15872,6 +26060,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.181.224.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "18.208.0.0/13", "region": "us-east-1", @@ -16004,6 +26198,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.220.0.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "52.95.243.0/24", "region": "ap-northeast-1", @@ -16040,6 +26240,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.16.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "161.188.134.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "13.51.0.0/16", "region": "eu-north-1", @@ -16106,6 +26318,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.151.88.0/21", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "216.182.238.0/23", "region": "us-east-1", @@ -16136,12 +26354,30 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "161.188.144.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "18.189.0.0/16", "region": "us-east-2", "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "99.77.184.0/24", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "3.64.0.0/12", "region": "eu-central-1", @@ -16190,6 +26426,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "142.4.160.48/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "52.95.246.0/24", "region": "us-west-1", @@ -16214,6 +26456,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "195.17.0.0/24", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "18.220.0.0/14", "region": "us-east-2", @@ -16238,6 +26486,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.226.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "52.95.228.0/24", "region": "me-south-1", @@ -16256,6 +26510,18 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.132.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "3.4.16.0/21", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "68.79.0.0/18", "region": "cn-northwest-1", @@ -16292,6 +26558,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.14/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "18.178.0.0/16", "region": "ap-northeast-1", @@ -16310,6 +26582,18 @@ "service": "EC2", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.181.128.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "16.170.0.0/15", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.132.0.0/14", "region": "eu-west-2", @@ -16376,6 +26660,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.92.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "99.77.55.0/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.247.0/24", "region": "eu-central-1", @@ -16389,10 +26685,22 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.5.0.0/18", - "region": "us-east-1", + "ip_prefix": "99.77.55.2/32", + "region": "eu-south-2", "service": "EC2", - "network_border_group": "us-east-1" + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "15.181.245.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "99.151.96.0/21", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" }, { "ip_prefix": "52.8.0.0/16", @@ -16418,6 +26726,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "99.77.55.253/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.177.64.0/23", "region": "us-east-1", @@ -16430,6 +26744,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "46.51.208.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.86.0.0/15", "region": "us-east-1", @@ -16442,6 +26762,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.88/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "18.136.0.0/16", "region": "ap-southeast-1", @@ -16496,6 +26822,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.64.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "99.77.140.0/24", "region": "ap-northeast-3", @@ -16550,6 +26882,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.16/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "18.204.0.0/14", "region": "us-east-1", @@ -16574,12 +26912,24 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.119.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "208.86.90.0/23", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.248.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "52.29.0.0/16", "region": "eu-central-1", @@ -16616,6 +26966,18 @@ "service": "EC2", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "13.246.0.0/16", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "52.94.249.240/28", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.254.0/24", "region": "eu-west-3", @@ -16700,6 +27062,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.3.5.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-4" + }, { "ip_prefix": "54.78.0.0/16", "region": "eu-west-1", @@ -16718,6 +27086,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "71.132.0.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.40.0/21", "region": "eu-west-2", @@ -16766,6 +27140,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.1/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "15.181.192.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", @@ -16796,6 +27182,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.252.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "18.198.0.0/15", "region": "eu-central-1", @@ -16832,6 +27224,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "64.252.120.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.144.0/23", "region": "ap-northeast-2", @@ -16844,6 +27242,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.242.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "54.232.0.0/16", "region": "sa-east-1", @@ -16892,6 +27296,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.181.40.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", @@ -16916,6 +27326,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.181.16.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "15.181.96.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "99.150.112.0/21", "region": "ap-south-2", @@ -16946,6 +27368,18 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "162.222.148.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "3.4.2.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, { "ip_prefix": "15.177.75.0/24", "region": "eu-west-1", @@ -17090,18 +27524,36 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.220.220.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.138.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "3.16.0.0/14", "region": "us-east-2", "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.191.0.0/16", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.130.0.0/16", "region": "eu-west-2", @@ -17120,12 +27572,30 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "99.151.64.0/21", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.62.0.0/15", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.94.249.224/28", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "16.50.0.0/15", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "54.160.0.0/13", "region": "us-east-1", @@ -17150,6 +27620,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "70.232.86.126/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "52.95.225.0/24", "region": "ap-northeast-3", @@ -17204,6 +27680,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.250.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "52.94.249.176/28", "region": "af-south-1", @@ -17252,6 +27734,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.249.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "52.88.0.0/15", "region": "us-west-2", @@ -17306,6 +27794,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.208.0.0/12", "region": "us-east-1", @@ -17318,12 +27812,24 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.86.124/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.157.0/24", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "142.4.160.72/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "185.48.120.0/22", "region": "eu-west-1", @@ -17336,6 +27842,24 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.104/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "204.45.0.0/16", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "161.188.152.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "184.73.0.0/16", "region": "us-east-1", @@ -17438,6 +27962,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "43.198.0.0/15", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "99.150.104.0/21", "region": "af-south-1", @@ -17564,6 +28094,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "99.77.55.15/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "176.34.128.0/17", "region": "eu-west-1", @@ -17576,6 +28112,12 @@ "service": "EC2", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.181.244.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "18.194.0.0/15", "region": "eu-central-1", @@ -17594,12 +28136,24 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.96/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "3.6.0.0/15", "region": "ap-south-1", "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.120.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.193.1.0/24", "region": "ap-northeast-1", @@ -17648,6 +28202,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "161.188.150.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, { "ip_prefix": "3.34.0.0/15", "region": "ap-northeast-2", @@ -17672,6 +28232,18 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.40.0.0/14", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.251.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "34.248.0.0/13", "region": "eu-west-1", @@ -17690,18 +28262,60 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "142.4.160.32/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "142.4.160.112/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "161.188.160.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.178.0.0/16", "region": "ap-northeast-1", "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "99.77.55.12/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "99.77.55.27/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "108.128.0.0/13", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "18.100.0.0/15", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.119.205.0/24", "region": "ap-southeast-1", @@ -17714,6 +28328,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.94.250.0/28", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "64.252.71.0/24", "region": "us-west-2", @@ -17732,6 +28352,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.246.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "52.95.251.0/24", "region": "us-east-2", @@ -17768,6 +28394,18 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.151.136.0/21", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.181.240.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "52.76.0.0/17", "region": "ap-southeast-1", @@ -17792,6 +28430,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "99.151.144.0/21", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.10.0.0/15", "region": "us-west-2", @@ -17810,6 +28454,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.4.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-2" + }, { "ip_prefix": "99.150.64.0/21", "region": "eu-north-1", @@ -17846,6 +28496,30 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "16.162.0.0/15", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.181.32.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "15.181.116.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "15.181.243.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "3.5.232.0/22", "region": "sa-east-1", @@ -17876,12 +28550,30 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.254.0.0/16", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "64.252.105.0/24", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.4.24.0/21", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "15.220.224.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "54.207.0.0/16", "region": "sa-east-1", @@ -17912,6 +28604,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.33.34.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.77.0.0/16", "region": "ap-southeast-1", @@ -17924,12 +28622,24 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "99.77.55.255/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.5.236.0/22", "region": "ap-east-1", "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.250.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.193.10.0/24", "region": "af-south-1", @@ -17948,6 +28658,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "99.77.55.13/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.160.0/24", "region": "ap-northeast-1", @@ -17978,6 +28694,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.193.8.0/24", "region": "ca-central-1", @@ -18014,6 +28736,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", @@ -18128,6 +28856,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "108.156.0.0/14", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.86.0.0/16", "region": "GLOBAL", @@ -18170,6 +28904,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.249.0.0/16", "region": "GLOBAL", @@ -18398,6 +29138,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.64.0.0/14", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.52.12.64/26", "region": "GLOBAL", @@ -18482,6 +29228,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "108.138.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.253.241.160/27", "region": "GLOBAL", @@ -18536,6 +29288,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.197.16.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.230.192.0/21", "region": "GLOBAL", @@ -18566,12 +29324,36 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.197.8.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.197.18.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.120.0/24", "region": "eu-west-2", "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "3.3.8.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.127.0/24", "region": "ap-southeast-1", @@ -18596,6 +29378,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.223.0.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.82.164.0/24", "region": "sa-east-1", @@ -18644,6 +29432,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.197.12.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.118.0/24", "region": "eu-west-1", @@ -18674,18 +29468,48 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "99.83.101.0/24", + "region": "us-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.82.175.0/24", "region": "us-east-1", "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.8.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.103.0/24", "region": "us-east-1", "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.197.28.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.197.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "3.3.6.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", @@ -18764,6 +29588,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.125.0/24", + "region": "ap-southeast-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "76.223.0.0/17", "region": "GLOBAL", @@ -18794,6 +29624,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.3.0.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.83.96.0/24", "region": "ap-east-1", @@ -18812,6 +29648,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.197.3.0/24", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.104.0/24", "region": "sa-east-1", @@ -18836,12 +29678,24 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.33.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.101.0/24", "region": "eu-west-2", "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.197.24.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.77.189.0/24", "region": "GLOBAL", @@ -18854,12 +29708,24 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.197.20.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.102.0/24", "region": "ap-southeast-2", "service": "GLOBALACCELERATOR", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.197.30.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.193.0.0/19", "region": "GLOBAL", @@ -19010,6 +29876,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.177.68.0/23", "region": "eu-central-1", @@ -19040,6 +29912,264 @@ "service": "CHIME_MEETINGS", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "130.176.88.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.134.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.82.134.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.86.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.140.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.0.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.204.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.160.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "70.132.0.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.136.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.170.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.0.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.96.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.184.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "204.246.166.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.64.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.172.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "205.251.218.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.4.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.144.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.176.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.78.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.248.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "64.252.128.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.154.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "64.252.64.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.144.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.224.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.128.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.32.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.82.128.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.156.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.160.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.240.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.192.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.76.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.16.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.208.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.188.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.80.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.128.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.72.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "140.179.1.64/27", "region": "cn-north-1", @@ -19052,6 +30182,12 @@ "service": "CLOUD9", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.113.248/29", + "region": "cn-north-1", + "service": "CODEBUILD", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.15.0/26", "region": "cn-north-1", @@ -19064,6 +30200,48 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.58.88/29", + "region": "cn-north-1", + "service": "EBS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.160/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.192/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.244/30", + "region": "cn-north-1", + "service": "EBS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.197.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.197.128/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.198.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.80.198.136/29", "region": "cn-north-1", @@ -19112,6 +30290,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "71.131.196.128/26", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "161.189.148.0/23", "region": "cn-northwest-1", @@ -19172,18 +30356,102 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.34.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.35.0/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.35.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.83.5.0/26", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "68.79.2.244/30", + "region": "cn-northwest-1", + "service": "EBS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "68.79.2.248/29", + "region": "cn-northwest-1", + "service": "EBS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.230.219.0/24", + "region": "cn-northwest-1", + "service": "API_GATEWAY", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.234.197.192/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.234.197.72/29", + "region": "cn-northwest-1", + "service": "CODEBUILD", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "18.252.126.0/25", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "18.252.145.156/30", + "region": "us-gov-east-1", + "service": "EBS", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.160/29", + "region": "us-gov-east-1", + "service": "EBS", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.168/29", + "region": "us-gov-east-1", + "service": "CODEBUILD", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.192/28", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.208/28", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.165.0/26", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "18.252.4.0/30", "region": "us-gov-east-1", @@ -19202,6 +30470,12 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "18.252.58.0/23", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "18.253.186.0/24", "region": "us-gov-east-1", @@ -19214,12 +30488,54 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.200.150.0/23", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.176.128/28", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.176.192/26", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.28.240/28", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "15.200.28.80/30", "region": "us-gov-west-1", "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.200.28.88/29", + "region": "us-gov-west-1", + "service": "CODEBUILD", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.205.82.0/23", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.205.84.0/23", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "160.1.128.0/24", "region": "us-gov-west-1", @@ -19232,6 +30548,24 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "3.32.190.244/30", + "region": "us-gov-west-1", + "service": "EBS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.32.190.248/29", + "region": "us-gov-west-1", + "service": "EBS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "52.61.193.0/24", + "region": "us-gov-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "52.61.40.104/29", "region": "us-gov-west-1", @@ -19286,6 +30620,36 @@ "service": "CODEBUILD", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.244.244.192/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.244.224/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.0/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.128/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.64/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, { "ip_prefix": "13.244.35.128/26", "region": "af-south-1", @@ -19298,12 +30662,156 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.245.1.32/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.112.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.113.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.114.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.127.232/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.155.128/27", + "region": "af-south-1", + "service": "CLOUD9", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.155.224/27", + "region": "af-south-1", + "service": "CLOUD9", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.128/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.132/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.176/29", + "region": "af-south-1", + "service": "CODEBUILD", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.241.64/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.140/30", + "region": "af-south-1", + "service": "EBS", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.160/29", + "region": "af-south-1", + "service": "EBS", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.176/28", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.192/28", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "16.162.162.96/29", + "region": "ap-east-1", + "service": "CODEBUILD", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.162.52.0/24", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.163.63.64/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.0/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.32/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.64/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.162.189.0/24", "region": "ap-east-1", "service": "API_GATEWAY", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "18.162.221.128/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.221.160/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.221.192/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.163.139.32/27", "region": "ap-east-1", @@ -19358,6 +30866,66 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "18.166.237.128/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.166.237.64/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.166.237.96/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.111.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.112.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.113.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.112/28", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.72/29", + "region": "ap-east-1", + "service": "EBS", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.80/30", + "region": "ap-east-1", + "service": "EBS", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.96/28", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.112.191.184/29", "region": "ap-northeast-1", @@ -19376,6 +30944,72 @@ "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.230.21.128/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.230.21.224/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.230.21.240/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.104/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.112/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.192/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.208/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.64/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.72/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.80/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.88/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "18.176.203.120/30", "region": "ap-northeast-1", @@ -19466,24 +31100,96 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.112.85.96/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.112.96.0/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.112.96.128/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.112.96.160/27", "region": "ap-northeast-1", "service": "API_GATEWAY", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.112.96.64/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.113.218.0/26", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.113.218.112/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.128/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.68/30", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.72/30", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.113.218.76/30", "region": "ap-northeast-1", "service": "AMAZON_APPFLOW", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.72.164.212/30", + "region": "ap-northeast-1", + "service": "EBS", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.164.232/29", + "region": "ap-northeast-1", + "service": "EBS", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.164.240/28", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.255.0/24", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "35.72.36.140/31", "region": "ap-northeast-1", @@ -19508,12 +31214,96 @@ "service": "KINESIS_VIDEO_STREAMS", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.72.36.192/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.36.224/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.37.0/25", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.37.128/25", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.115.0/28", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.115.128/25", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.4.0/24", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.74.77.240/30", + "region": "ap-northeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.130.0/24", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.131.0/26", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.131.80/29", + "region": "ap-northeast-1", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.76.252.0/23", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.77.0.128/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.199.127.192/26", "region": "ap-northeast-1", "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.248.220.0/26", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.250.251.0/24", "region": "ap-northeast-1", @@ -19521,129 +31311,417 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.124.145.16/29", - "region": "ap-northeast-2", - "service": "CODEBUILD", - "network_border_group": "ap-northeast-2" + "ip_prefix": "54.250.253.192/26", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.124.199.0/24", + "ip_prefix": "13.124.145.104/29", "region": "ap-northeast-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.124.247.0/24", + "ip_prefix": "13.124.145.112/29", "region": "ap-northeast-2", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.209.1.56/29", + "ip_prefix": "13.124.145.120/29", "region": "ap-northeast-2", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.156.0/23", + "ip_prefix": "13.124.145.16/29", "region": "ap-northeast-2", - "service": "API_GATEWAY", + "service": "CODEBUILD", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.192/27", + "ip_prefix": "13.124.145.24/29", "region": "ap-northeast-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.224/27", + "ip_prefix": "13.124.145.64/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.32/27", + "ip_prefix": "13.124.145.72/29", "region": "ap-northeast-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.165.193.64/26", + "ip_prefix": "13.124.145.80/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.165.224.0/23", + "ip_prefix": "13.124.145.88/29", "region": "ap-northeast-2", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.101.192/26", + "ip_prefix": "13.124.145.96/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.228.0/26", + "ip_prefix": "13.124.199.0/24", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "CLOUDFRONT", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.228.64/26", + "ip_prefix": "13.124.199.0/24", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "CLOUDFRONT_ORIGIN_FACING", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.37.0/24", + "ip_prefix": "13.124.247.0/24", "region": "ap-northeast-2", "service": "WORKSPACES_GATEWAYS", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.38.0/23", + "ip_prefix": "13.209.1.0/29", "region": "ap-northeast-2", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.89.192/30", + "ip_prefix": "13.209.1.56/29", "region": "ap-northeast-2", - "service": "AMAZON_APPFLOW", + "service": "EC2_INSTANCE_CONNECT", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.89.196/30", + "ip_prefix": "13.209.1.8/29", "region": "ap-northeast-2", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.35.130.128/25", + "ip_prefix": "13.209.1.96/27", "region": "ap-northeast-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.78.247.128/26", + "ip_prefix": "13.209.71.128/27", "region": "ap-northeast-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "54.180.184.0/23", + "ip_prefix": "13.209.71.224/27", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.208.170.0/23", - "region": "ap-northeast-3", - "service": "AMAZON", + "ip_prefix": "15.164.156.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.0/28", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.192/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.224/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.32/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.165.193.64/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.165.224.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.101.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.228.0/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.228.64/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.37.0/24", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.38.0/23", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.89.192/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.89.196/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.89.64/26", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.35.130.128/25", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.128/25", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.28/30", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.48/29", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.64/28", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.80/28", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.190.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.192.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.194.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.202.0/25", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.245.204/30", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.245.232/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.160/28", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.192/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.224/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.96/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.131.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.90.8/29", + "region": "ap-northeast-2", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.78.247.128/26", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "54.180.184.0/23", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.208.131.0/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.128/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.16/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.160/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.192/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.224/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.228/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.232/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.24/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.32/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.40/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.8/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.170.0/23", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.177.224/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-3" }, { @@ -19658,12 +31736,174 @@ "service": "API_GATEWAY", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "13.208.217.64/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.217.96/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.227.0/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.227.128/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.0/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.128/29", + "region": "ap-northeast-3", + "service": "EBS", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.136/30", + "region": "ap-northeast-3", + "service": "EBS", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.16/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.24/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.8/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.10.0/24", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.0/27", + "region": "ap-northeast-3", + "service": "CLOUD9", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.128/29", + "region": "ap-northeast-3", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.192/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.32/27", + "region": "ap-northeast-3", + "service": "CLOUD9", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.64/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.8.192/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.126.23.136/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.144/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.152/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.160/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.192/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.243.0/24", + "region": "ap-south-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.128/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.127.70.136/29", "region": "ap-south-1", "service": "CODEBUILD", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.127.70.144/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.152/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.160/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.232.67.128/27", "region": "ap-south-1", @@ -19688,6 +31928,18 @@ "service": "CLOUDFRONT", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.233.177.32/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.234.221.136/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.234.221.192/26", "region": "ap-south-1", @@ -19700,6 +31952,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.235.197.96/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.235.228.0/24", "region": "ap-south-1", @@ -19742,6 +32000,36 @@ "service": "CLOUDFRONT", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.108.13.124/30", + "region": "ap-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.109.72.0/25", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.109.72.152/29", + "region": "ap-south-1", + "service": "CODEBUILD", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.110.57.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.110.71.0/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.6.70.128/26", "region": "ap-south-1", @@ -19773,160 +32061,466 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.212.3.128/26", - "region": "ap-southeast-1", + "ip_prefix": "65.0.192.176/28", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.0.192.224/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.0.234.0/26", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.192/29", + "region": "ap-south-1", + "service": "EBS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.200/30", + "region": "ap-south-1", + "service": "EBS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.208/28", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.224/28", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.170.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.172.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.174.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.2.14.0/23", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.212.3.64/26", - "region": "ap-southeast-1", + "ip_prefix": "65.2.16.0/23", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.228.69.0/24", + "ip_prefix": "13.212.209.128/26", "region": "ap-southeast-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.128/27", + "ip_prefix": "13.212.209.94/31", "region": "ap-southeast-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.160/27", + "ip_prefix": "13.212.209.96/27", "region": "ap-southeast-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.251.113.64/26", + "ip_prefix": "13.212.3.128/26", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.251.116.0/23", + "ip_prefix": "13.212.3.64/26", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.138.134.128/25", + "ip_prefix": "13.213.20.132/30", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.138.244.0/23", + "ip_prefix": "13.213.20.136/29", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.148.0/26", + "ip_prefix": "13.213.20.144/28", "region": "ap-southeast-1", - "service": "AMAZON", + "service": "S3", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.148.128/25", + "ip_prefix": "13.213.20.160/28", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "S3", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.150.0/23", + "ip_prefix": "13.213.21.0/24", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.152.0/24", + "ip_prefix": "13.213.22.0/23", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.154.0/23", + "ip_prefix": "13.213.24.0/23", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.226.0/23", + "ip_prefix": "13.213.75.224/29", + "region": "ap-southeast-1", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.214.118.0/23", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.238.0/26", + "ip_prefix": "13.214.124.128/26", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.66.248/30", + "ip_prefix": "13.228.69.0/24", "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", + "service": "CLOUDFRONT", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.66.252/30", + "ip_prefix": "13.229.187.192/27", "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "3.0.5.32/29", + "ip_prefix": "13.229.187.232/29", "region": "ap-southeast-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.220.191.0/26", + "ip_prefix": "13.250.186.0/29", "region": "ap-southeast-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.221.221.128/29", + "ip_prefix": "13.250.186.128/27", "region": "ap-southeast-1", - "service": "CODEBUILD", + "service": "CLOUD9", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.76.127.0/24", + "ip_prefix": "13.250.186.16/29", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.210.2.192/26", - "region": "ap-southeast-2", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.250.186.160/27", + "region": "ap-southeast-1", + "service": "CLOUD9", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.210.67.128/26", - "region": "ap-southeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.250.186.192/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.236.8.0/25", - "region": "ap-southeast-2", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.250.186.200/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.236.82.128/27", - "region": "ap-southeast-2", - "service": "CLOUD9", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.250.186.208/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.8/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.251.113.64/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.251.116.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.136.1.192/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.136.1.224/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.138.134.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.138.244.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.139.204.176/28", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.139.204.192/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.140.177.0/26", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.140.177.64/26", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.148.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.148.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.150.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.152.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.154.0/23", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.226.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.238.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.238.68/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.66.248/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.66.252/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.0.5.224/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.0.5.32/29", + "region": "ap-southeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.220.191.0/26", + "region": "ap-southeast-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.221.221.128/29", + "region": "ap-southeast-1", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.76.127.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "54.251.31.128/26", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "54.255.254.192/26", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.210.2.192/26", + "region": "ap-southeast-2", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.210.67.128/26", + "region": "ap-southeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.160/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.192/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.200/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.208/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.216/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.248/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.166.192/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.166.200/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.236.8.0/25", + "region": "ap-southeast-2", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.236.82.128/27", + "region": "ap-southeast-2", + "service": "CLOUD9", + "network_border_group": "ap-southeast-2" }, { "ip_prefix": "13.236.82.96/27", @@ -19964,6 +32558,24 @@ "service": "API_GATEWAY", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.105.5.0/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.105.5.32/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.24.1.208/28", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "3.24.227.192/26", "region": "ap-southeast-2", @@ -20036,12 +32648,132 @@ "service": "AMAZON_APPFLOW", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.26.109.216/30", + "region": "ap-southeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.127.24/29", + "region": "ap-southeast-2", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.137.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.138.0/23", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.140.64/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.58.224/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.81.0/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.81.32/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.82.236/30", + "region": "ap-southeast-2", + "service": "EBS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.82.240/29", + "region": "ap-southeast-2", + "service": "EBS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.83.0/24", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.84.0/23", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.86.0/23", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.88.0/28", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.88.16/28", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.153.254.0/24", "region": "ap-southeast-2", "service": "WORKSPACES_GATEWAYS", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "54.252.254.192/26", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "54.252.79.128/26", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "108.136.151.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.222.16.32/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "15.222.16.8/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.222.16.96/27", "region": "ca-central-1", @@ -20066,6 +32798,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.222.43.64/26", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.223.100.0/24", "region": "ca-central-1", @@ -20114,12 +32852,126 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.97.192.112/29", + "region": "ca-central-1", + "service": "EBS", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.192.128/25", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.217.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.218.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.219.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.230.0/25", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "3.97.49.128/25", "region": "ca-central-1", "service": "API_GATEWAY", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.97.99.128/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.160/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.64/28", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.96/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.196/30", + "region": "ca-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.224/29", + "region": "ca-central-1", + "service": "CODEBUILD", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.92/30", + "region": "ca-central-1", + "service": "EBS", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.24.0/28", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.24.16/28", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.86.0/23", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.99.124.0/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.182.14.208/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.182.14.216/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "35.182.14.48/29", "region": "ca-central-1", @@ -20132,6 +32984,42 @@ "service": "WORKSPACES_GATEWAYS", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "35.183.38.0/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.32/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.40/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.48/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.56/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.64/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "35.183.92.176/29", "region": "ca-central-1", @@ -20150,6 +33038,18 @@ "service": "CLOUDFRONT", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "99.79.20.192/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "99.79.20.224/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "99.79.34.0/23", "region": "ca-central-1", @@ -20210,6 +33110,54 @@ "service": "CLOUDFRONT", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "18.196.161.0/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.184/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.192/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.200/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.32/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.80/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.196.161.88/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.120.181.224/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.120.181.40/29", "region": "eu-central-1", @@ -20240,6 +33188,36 @@ "service": "API_GATEWAY", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.123.44.0/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.128/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.160/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.80/28", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.96/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.127.48.128/26", "region": "eu-central-1", @@ -20265,59 +33243,173 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "35.157.127.248/29", + "ip_prefix": "3.64.1.0/26", "region": "eu-central-1", - "service": "CODEBUILD", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "35.158.127.64/26", + "ip_prefix": "3.64.1.128/26", "region": "eu-central-1", - "service": "AMAZON_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "35.158.136.0/24", + "ip_prefix": "3.64.1.192/29", "region": "eu-central-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.57.254.0/24", + "ip_prefix": "3.64.1.200/29", "region": "eu-central-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.59.127.0/24", + "ip_prefix": "3.64.1.64/26", "region": "eu-central-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "13.48.186.128/27", - "region": "eu-north-1", - "service": "CLOUD9", - "network_border_group": "eu-north-1" + "ip_prefix": "3.64.226.232/29", + "region": "eu-central-1", + "service": "EBS", + "network_border_group": "eu-central-1" }, { - "ip_prefix": "13.48.186.160/27", - "region": "eu-north-1", - "service": "CLOUD9", - "network_border_group": "eu-north-1" + "ip_prefix": "3.64.226.240/30", + "region": "eu-central-1", + "service": "EBS", + "network_border_group": "eu-central-1" }, { - "ip_prefix": "13.48.186.192/27", - "region": "eu-north-1", - "service": "AMAZON", - "network_border_group": "eu-north-1" + "ip_prefix": "3.65.246.0/28", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" }, { - "ip_prefix": "13.48.32.0/24", - "region": "eu-north-1", + "ip_prefix": "3.65.246.16/28", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.66.172.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.68.251.176/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.68.251.232/29", + "region": "eu-central-1", + "service": "CODEBUILD", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.195.128/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.195.64/26", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.211.0/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.212.128/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.157.127.248/29", + "region": "eu-central-1", + "service": "CODEBUILD", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.158.127.64/26", + "region": "eu-central-1", + "service": "AMAZON_CONNECT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.158.136.0/24", + "region": "eu-central-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.57.254.0/24", + "region": "eu-central-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "52.59.127.0/24", + "region": "eu-central-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.48.186.128/27", + "region": "eu-north-1", + "service": "CLOUD9", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.186.160/27", + "region": "eu-north-1", + "service": "CLOUD9", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.186.192/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.32.0/24", + "region": "eu-north-1", "service": "CLOUDFRONT", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.48.4.128/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.144/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.160/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.48.4.192/29", "region": "eu-north-1", @@ -20330,6 +33422,24 @@ "service": "EC2_INSTANCE_CONNECT", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.48.4.208/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.216/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.224/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.48.74.0/24", "region": "eu-north-1", @@ -20354,6 +33464,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.49.253.224/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.49.40.64/26", "region": "eu-north-1", @@ -20366,12 +33482,114 @@ "service": "API_GATEWAY", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.51.120.0/24", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.253.80/29", + "region": "eu-north-1", + "service": "CODEBUILD", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.29.0/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.29.32/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.152/29", + "region": "eu-north-1", + "service": "EBS", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.160/30", + "region": "eu-north-1", + "service": "EBS", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.176/28", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.192/28", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.95.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.96.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.97.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.53.180.0/23", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.53.63.128/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.53.63.160/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.53.63.192/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.170.199.0/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.160.55.112/29", + "region": "eu-south-1", + "service": "CODEBUILD", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.160.90.64/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.161.135.0/26", "region": "eu-south-1", @@ -20432,6 +33650,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "15.161.247.128/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.247.64/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.247.96/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.0/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.128/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.64/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.161.68.128/26", "region": "eu-south-1", @@ -20444,6 +33698,48 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "35.152.74.128/29", + "region": "eu-south-1", + "service": "EBS", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.136/30", + "region": "eu-south-1", + "service": "EBS", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.144/28", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.160/28", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.86.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.87.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.88.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "108.128.160.0/23", "region": "eu-west-1", @@ -20456,6 +33752,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "176.34.159.192/26", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "18.200.212.0/23", "region": "eu-west-1", @@ -20468,12 +33770,60 @@ "service": "EC2_INSTANCE_CONNECT", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.248.180.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.180.40/29", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.180.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.0/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.32/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.64/29", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.248.186.92/30", "region": "eu-west-1", "service": "AMAZON_APPFLOW", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.248.216.32/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.248.244.0/26", "region": "eu-west-1", @@ -20528,6 +33878,84 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.251.104.0/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.104.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.105.0/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.105.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.106.128/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.109.92/30", + "region": "eu-west-1", + "service": "EBS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.110.208/28", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.110.224/28", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.144.0/29", + "region": "eu-west-1", + "service": "EBS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.148.120/29", + "region": "eu-west-1", + "service": "CODEBUILD", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.152.44/30", + "region": "eu-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.215.192/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.216.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.251.56.0/24", "region": "eu-west-1", @@ -20546,18 +33974,90 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.251.95.128/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.251.95.96/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.242.153.128/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.242.153.224/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.242.153.240/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "34.245.205.0/27", "region": "eu-west-1", "service": "CLOUD9", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "34.245.205.128/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.205.160/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "34.245.205.64/27", "region": "eu-west-1", "service": "CLOUD9", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "34.245.205.96/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.82.0/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.82.16/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.82.32/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.82.48/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "34.250.63.248/29", "region": "eu-west-1", @@ -20576,6 +34076,24 @@ "service": "CLOUDFRONT", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.215.218.112/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.215.218.64/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "54.228.16.0/26", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "63.34.60.0/22", "region": "eu-west-1", @@ -20588,6 +34106,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.80.34.48/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.34.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.88.0/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.88.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.40.1.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.130.91.144/30", "region": "eu-west-2", @@ -20631,140 +34179,416 @@ "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.127.32/27", + "ip_prefix": "18.134.255.160/27", "region": "eu-west-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.17.0/25", + "ip_prefix": "18.134.255.192/27", "region": "eu-west-2", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.17.128/25", + "ip_prefix": "18.134.255.224/27", "region": "eu-west-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.201.128/27", + "ip_prefix": "18.135.226.192/26", "region": "eu-west-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.201.192/26", + "ip_prefix": "18.168.133.0/24", "region": "eu-west-2", - "service": "AMAZON", + "service": "API_GATEWAY", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.10.201.64/27", + "ip_prefix": "18.168.33.0/24", "region": "eu-west-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.11.53.0/24", + "ip_prefix": "18.168.34.0/23", "region": "eu-west-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.8.168.0/23", + "ip_prefix": "18.168.36.0/24", "region": "eu-west-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.8.37.24/29", + "ip_prefix": "18.168.37.0/27", "region": "eu-west-2", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "3.9.94.0/24", + "ip_prefix": "18.168.37.136/29", "region": "eu-west-2", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "eu-west-2" }, { - "ip_prefix": "35.176.32.0/24", + "ip_prefix": "18.168.37.144/30", "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", + "service": "EBS", "network_border_group": "eu-west-2" }, { - "ip_prefix": "35.176.92.32/29", + "ip_prefix": "18.168.37.160/28", "region": "eu-west-2", - "service": "CODEBUILD", + "service": "S3", "network_border_group": "eu-west-2" }, { - "ip_prefix": "35.179.42.0/23", + "ip_prefix": "18.168.37.176/28", "region": "eu-west-2", - "service": "API_GATEWAY", + "service": "S3", "network_border_group": "eu-west-2" }, { - "ip_prefix": "52.56.127.0/25", + "ip_prefix": "18.168.37.32/28", "region": "eu-west-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.184.0/24", - "region": "eu-west-3", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-3" - }, - { - "ip_prefix": "15.188.210.0/27", - "region": "eu-west-3", - "service": "AMAZON", - "network_border_group": "eu-west-3" + "ip_prefix": "18.168.37.48/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.210.128/26", - "region": "eu-west-3", - "service": "AMAZON", - "network_border_group": "eu-west-3" + "ip_prefix": "18.168.37.64/26", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.210.196/30", - "region": "eu-west-3", + "ip_prefix": "18.169.230.136/30", + "region": "eu-west-2", "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-3" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.210.200/30", - "region": "eu-west-3", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-3" + "ip_prefix": "18.169.230.200/29", + "region": "eu-west-2", + "service": "CODEBUILD", + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.210.32/27", - "region": "eu-west-3", + "ip_prefix": "3.10.127.32/27", + "region": "eu-west-2", "service": "CLOUD9", - "network_border_group": "eu-west-3" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.188.210.64/27", - "region": "eu-west-3", - "service": "CLOUD9", - "network_border_group": "eu-west-3" + "ip_prefix": "3.10.17.0/25", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.236.155.192/26", - "region": "eu-west-3", - "service": "AMAZON", - "network_border_group": "eu-west-3" + "ip_prefix": "3.10.17.128/25", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.236.231.0/26", - "region": "eu-west-3", + "ip_prefix": "3.10.201.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.64/27", + "region": "eu-west-2", + "service": "CLOUD9", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.11.53.0/24", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.168.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.37.24/29", + "region": "eu-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.37.96/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.64/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.68/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.72/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.0/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.32/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.64/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.94.0/24", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.176.32.0/24", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.176.92.32/29", + "region": "eu-west-2", + "service": "CODEBUILD", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.128/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.144/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.160/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.176/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.184/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.192/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.179.42.0/23", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.56.127.0/25", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.36.155.0/24", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.0/28", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.32/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.64/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.76.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.77.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.78.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.112/29", + "region": "eu-west-3", + "service": "CODEBUILD", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.24/29", + "region": "eu-west-3", + "service": "EBS", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.32/30", + "region": "eu-west-3", + "service": "EBS", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.44/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.48/28", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.64/28", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.37.1.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.102.0/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.184.0/24", + "region": "eu-west-3", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.128/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.196/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.200/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.32/27", + "region": "eu-west-3", + "service": "CLOUD9", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.210.64/27", + "region": "eu-west-3", + "service": "CLOUD9", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.155.192/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.236.231.0/26", + "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, @@ -20780,6 +34604,60 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.180.1.16/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.24/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.32/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.40/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.48/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.56/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.8/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.112.128/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.112.160/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "35.180.112.80/29", "region": "eu-west-3", @@ -20804,6 +34682,12 @@ "service": "CLOUDFRONT", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.47.73.160/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.47.73.72/29", "region": "eu-west-3", @@ -20822,6 +34706,66 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.184.125.0/26", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.125.128/26", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.125.224/29", + "region": "me-south-1", + "service": "EBS", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.125.232/30", + "region": "me-south-1", + "service": "EBS", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.125.240/28", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.125.64/26", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.153.0/28", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.184.96/29", + "region": "me-south-1", + "service": "CODEBUILD", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.70.200/29", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.184.70.224/29", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.185.141.160/27", "region": "me-south-1", @@ -20846,12 +34790,36 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.185.251.0/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.185.33.192/26", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.185.33.32/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.64/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.96/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.185.86.0/23", "region": "me-south-1", @@ -20864,6 +34832,24 @@ "service": "CLOUD9", "network_border_group": "me-south-1" }, + { + "ip_prefix": "157.175.102.128/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.102.160/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.102.96/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, { "ip_prefix": "157.175.140.0/23", "region": "me-south-1", @@ -20888,18 +34874,138 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.228.103.240/29", + "region": "sa-east-1", + "service": "EBS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.104.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.105.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.106.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.107.0/28", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.107.16/28", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.200/29", + "region": "sa-east-1", + "service": "CODEBUILD", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.48/30", + "region": "sa-east-1", + "service": "EBS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.72/30", + "region": "sa-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.129.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.144.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.150.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.151.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.228.72.64/26", "region": "sa-east-1", "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.228.92.192/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.92.208/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.92.224/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.228.97.0/24", "region": "sa-east-1", "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "177.71.207.128/26", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.0/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.16/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.8/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.228.246.0/23", "region": "sa-east-1", @@ -20930,6 +35036,24 @@ "service": "AMAZON_APPFLOW", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.229.100.128/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.160/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.192/26", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.229.220.128/26", "region": "sa-east-1", @@ -20942,6 +35066,24 @@ "service": "CLOUDFRONT", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.229.37.0/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.37.32/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.70.96/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.229.99.0/24", "region": "sa-east-1", @@ -20984,12 +35126,54 @@ "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.231.105.0/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.128/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.160/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.168/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.176/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.184/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.231.194.8/29", "region": "sa-east-1", "service": "CODEBUILD", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "54.232.40.64/26", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "54.233.204.0/24", "region": "sa-east-1", @@ -21003,655 +35187,2089 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "18.206.107.24/29", + "ip_prefix": "107.23.255.0/26", "region": "us-east-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "us-east-1" }, { - "ip_prefix": "18.233.213.128/25", + "ip_prefix": "18.206.107.160/29", "region": "us-east-1", - "service": "AMAZON_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.216.135.0/24", + "ip_prefix": "18.206.107.24/29", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.216.136.0/21", + "ip_prefix": "18.209.113.240/28", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.216.144.0/23", + "ip_prefix": "18.209.113.64/27", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.216.148.0/22", + "ip_prefix": "18.213.156.96/28", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.217.228.0/22", + "ip_prefix": "18.232.1.128/26", "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.180.0/25", + "ip_prefix": "18.232.1.192/26", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.180.128/25", + "ip_prefix": "18.232.1.32/30", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.181.0/25", + "ip_prefix": "18.232.1.36/30", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.181.128/25", + "ip_prefix": "18.232.1.40/30", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.182.0/25", + "ip_prefix": "18.232.1.44/30", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.182.128/25", + "ip_prefix": "18.232.1.48/28", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.183.0/25", + "ip_prefix": "18.232.1.64/26", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.183.128/25", + "ip_prefix": "3.208.72.176/28", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.227.250.128/25", + "ip_prefix": "3.209.202.48/28", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.231.2.0/25", + "ip_prefix": "3.209.83.0/27", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.234.232.224/27", + "ip_prefix": "3.209.83.144/28", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.234.248.192/26", + "ip_prefix": "3.209.83.160/27", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.112.0/21", + "ip_prefix": "3.209.83.192/26", "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.189.100/30", + "ip_prefix": "3.209.83.32/27", "region": "us-east-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.189.96/30", + "ip_prefix": "3.209.83.64/27", "region": "us-east-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.202.128/26", + "ip_prefix": "3.209.83.96/27", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.26.0/23", + "ip_prefix": "3.209.84.0/25", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.32.0/21", + "ip_prefix": "3.209.84.128/25", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.169.0/25", + "ip_prefix": "3.209.85.0/25", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.169.192/26", + "ip_prefix": "3.209.85.128/27", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.32.0/22", + "ip_prefix": "3.209.85.160/27", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.48.0/23", + "ip_prefix": "3.209.85.192/27", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.94.128/25", + "ip_prefix": "3.209.87.0/25", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.237.107.0/25", + "ip_prefix": "3.209.87.128/25", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.238.167.0/24", + "ip_prefix": "3.216.135.0/24", "region": "us-east-1", - "service": "AMAZON", + "service": "API_GATEWAY", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.238.212.0/22", + "ip_prefix": "3.216.136.0/21", "region": "us-east-1", "service": "API_GATEWAY", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.83.168.0/22", + "ip_prefix": "3.216.144.0/23", "region": "us-east-1", - "service": "AMAZON", + "service": "API_GATEWAY", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.91.171.128/25", + "ip_prefix": "3.216.148.0/22", "region": "us-east-1", - "service": "AMAZON", + "service": "API_GATEWAY", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.195.252.0/24", + "ip_prefix": "3.216.99.160/27", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.226.14.0/24", + "ip_prefix": "3.217.228.0/22", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "WORKSPACES_GATEWAYS", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.228.4.208/28", + "ip_prefix": "3.218.180.0/25", "region": "us-east-1", - "service": "CODEBUILD", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "35.172.155.192/27", + "ip_prefix": "3.218.180.128/25", "region": "us-east-1", - "service": "CLOUD9", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "35.172.155.96/27", + "ip_prefix": "3.218.181.0/25", "region": "us-east-1", - "service": "CLOUD9", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.23.61.0/24", + "ip_prefix": "3.218.181.128/25", "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.23.62.0/24", + "ip_prefix": "3.218.182.0/25", "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.55.191.224/27", + "ip_prefix": "3.218.182.128/25", "region": "us-east-1", - "service": "AMAZON_CONNECT", + "service": "DYNAMODB", "network_border_group": "us-east-1" }, { - "ip_prefix": "13.59.250.0/26", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "3.218.183.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.188.9.0/27", - "region": "us-east-2", - "service": "CLOUD9", - "network_border_group": "us-east-2" + "ip_prefix": "3.218.183.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.188.9.32/27", - "region": "us-east-2", - "service": "CLOUD9", - "network_border_group": "us-east-2" + "ip_prefix": "3.227.250.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.216.170.128/25", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.170.0/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.12.216.0/22", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.170.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.12.23.128/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.170.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.12.23.88/30", - "region": "us-east-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.171.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.12.23.92/30", - "region": "us-east-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.171.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.128.56.128/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.172.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.128.56.192/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.172.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.128.56.64/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.173.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.128.93.0/24", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.173.128/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.134.215.0/24", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.173.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.15.35.0/24", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.181.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.15.36.0/26", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.15.36.64/26", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.10/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.16.146.0/29", - "region": "us-east-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.100/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.17.136.0/23", - "region": "us-east-2", - "service": "AMAZON", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.46/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.21.86.0/23", - "region": "us-east-2", - "service": "API_GATEWAY", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.15.127.128/26", - "region": "us-east-2", - "service": "CLOUDFRONT", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.5/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.15.247.208/29", - "region": "us-east-2", - "service": "CODEBUILD", - "network_border_group": "us-east-2" + "ip_prefix": "3.228.182.6/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.118.0/23", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" + "ip_prefix": "3.228.182.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.146.192/26", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" + "ip_prefix": "3.228.182.8/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.201.0/24", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "3.228.182.96/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.202.0/24", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "3.231.2.0/25", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.232.224/27", - "region": "us-west-1", - "service": "CLOUD9", - "network_border_group": "us-west-1" + "ip_prefix": "3.234.232.224/27", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.52.6.112/29", - "region": "us-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-1" + "ip_prefix": "3.234.248.192/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.56.32.200/29", - "region": "us-west-1", - "service": "CODEBUILD", - "network_border_group": "us-west-1" + "ip_prefix": "3.235.112.0/21", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.144.158.0/27", - "region": "us-west-1", - "service": "CLOUD9", - "network_border_group": "us-west-1" + "ip_prefix": "3.235.189.100/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.144.158.64/26", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" + "ip_prefix": "3.235.189.96/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.144.184.0/23", - "region": "us-west-1", - "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "ip_prefix": "3.235.202.128/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.144.76.128/25", - "region": "us-west-1", + "ip_prefix": "3.235.26.0/23", + "region": "us-east-1", "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.100.128/25", - "region": "us-west-1", + "ip_prefix": "3.235.32.0/21", + "region": "us-east-1", "service": "API_GATEWAY", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.114.0/26", - "region": "us-west-1", + "ip_prefix": "3.236.169.0/25", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.114.64/26", - "region": "us-west-1", + "ip_prefix": "3.236.169.192/26", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.32.0/22", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.52.208/30", - "region": "us-west-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-west-1" + "ip_prefix": "3.236.48.0/23", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.52.212/30", - "region": "us-west-1", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-west-1" + "ip_prefix": "3.236.94.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { - "ip_prefix": "3.101.87.0/26", - "region": "us-west-1", + "ip_prefix": "3.237.107.0/25", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.52.191.128/26", - "region": "us-west-1", - "service": "CLOUDFRONT", - "network_border_group": "us-west-1" + "ip_prefix": "3.238.167.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.236.61.0/25", - "region": "us-west-2", - "service": "AMAZON_CONNECT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.100/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "18.237.140.160/29", - "region": "us-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.104/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.216.51.0/25", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.112/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.217.141.224/27", - "region": "us-west-2", - "service": "CLOUD9", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.120/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.218.119.32/27", - "region": "us-west-2", - "service": "CLOUD9", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.128/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.12.224/27", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.160/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.24.0/22", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.168/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.45.0/25", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.197/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.68.0/22", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.198/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.72.0/23", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.200/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.74.0/25", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.208/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "34.223.80.192/26", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.178.224/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "35.162.63.192/26", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.207.0/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "35.167.191.128/26", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.207.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.227.178.0/24", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.208.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.233.54.0/23", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.208.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.106.0/23", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.209.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.108.128/25", - "region": "us-west-2", - "service": "CLOUDFRONT", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.209.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.113.64/26", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.210.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.123.128/26", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.212.0/22", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.123.64/26", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.238.216.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.22.128/26", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" + "ip_prefix": "3.239.152.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.28.0/22", - "region": "us-west-2", - "service": "API_GATEWAY", - "network_border_group": "us-west-2" + "ip_prefix": "3.239.152.12/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.54.0/23", - "region": "us-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "us-west-2" + "ip_prefix": "3.239.152.128/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.73.116/30", - "region": "us-west-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-west-2" + "ip_prefix": "3.239.152.136/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.73.120/30", - "region": "us-west-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "us-west-2" + "ip_prefix": "3.239.152.46/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" }, { - "ip_prefix": "44.234.90.252/30", + "ip_prefix": "3.239.152.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.5/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.6/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.8/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.153.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.154.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.155.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.10/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.100/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.104/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.112/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.188/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.19/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.2/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.20/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.24/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.32/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.4/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.8/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.96/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.232.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.83.168.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.91.171.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.195.252.0/24", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.226.106.180/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.226.14.0/24", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.228.4.208/28", + "region": "us-east-1", + "service": "CODEBUILD", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.231.114.205/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.231.213.21/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.236.241.44/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.238.188.0/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.168.231.216/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.170.83.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.170.83.144/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.170.83.160/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.170.83.176/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.170.83.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.171.100.0/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.171.100.128/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.171.100.208/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.171.100.224/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.171.100.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.172.155.192/27", + "region": "us-east-1", + "service": "CLOUD9", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.172.155.96/27", + "region": "us-east-1", + "service": "CLOUD9", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.134.240/28", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.135.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.135.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.140.112/28", + "region": "us-east-1", + "service": "EBS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.140.128/29", + "region": "us-east-1", + "service": "EBS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.140.64/28", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.245.160/28", + "region": "us-east-1", + "service": "CODEBUILD", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.192.255.128/28", + "region": "us-east-1", + "service": "CODEBUILD", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.194.111.224/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.199.180.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.199.222.128/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.23.61.0/24", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.23.62.0/24", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.55.191.224/27", + "region": "us-east-1", + "service": "AMAZON_CONNECT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "54.243.31.192/26", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.59.250.0/26", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.117.239.68/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.0/27", + "region": "us-east-2", + "service": "CLOUD9", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.32/27", + "region": "us-east-2", + "service": "CLOUD9", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.64/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.80/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.88/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.216.170.128/25", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.192/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.200/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.208/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.216/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.64/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.216.0/22", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.88/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.12.23.92/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.128.56.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.128.56.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.128.56.64/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.128.93.0/24", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.134.215.0/24", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.139.136.128/27", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.139.136.184/30", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.139.136.192/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.140.136.128/27", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.184/29", + "region": "us-east-2", + "service": "EBS", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.192/30", + "region": "us-east-2", + "service": "EBS", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.208/28", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.224/28", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.143.206.104/29", + "region": "us-east-2", + "service": "CODEBUILD", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.144.141.192/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.31.0/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.31.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.15.35.0/24", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.15.36.0/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.15.36.64/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.16.146.0/29", + "region": "us-east-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.17.136.0/23", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.18.132.0/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.18.132.64/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.19.147.0/25", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.19.147.128/25", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.21.86.0/23", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.15.127.128/26", + "region": "us-east-2", + "service": "CLOUDFRONT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.15.247.208/29", + "region": "us-east-2", + "service": "CODEBUILD", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.52.1.0/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.1.16/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.1.32/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.110.192/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.118.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.146.128/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.146.192/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.200.160/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.201.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.202.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.232.224/27", + "region": "us-west-1", + "service": "CLOUD9", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.32.96/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.6.112/29", + "region": "us-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.56.112.168/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.56.32.200/29", + "region": "us-west-1", + "service": "CODEBUILD", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.176/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.184/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.208/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.216/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.64/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.144.158.0/27", + "region": "us-west-1", + "service": "CLOUD9", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.144.158.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.144.184.0/23", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.144.76.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.144.76.32/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.100.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.114.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.114.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.145.192/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.145.224/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.156.0/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.157.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.158.0/23", + "region": "us-west-1", + "service": "CLOUDFRONT", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.240/29", + "region": "us-west-1", + "service": "EBS", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.44/30", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.48/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.161.0/25", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.161.128/25", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.162.0/24", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.0/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.64/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.80/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.96/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.164.0/24", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.176.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.177.20/30", + "region": "us-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.177.48/29", + "region": "us-west-1", + "service": "CODEBUILD", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.194.128/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.52.208/30", + "region": "us-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.52.212/30", + "region": "us-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.87.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.52.191.128/26", + "region": "us-west-1", + "service": "CLOUDFRONT", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.183.255.128/26", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.241.32.64/26", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.236.61.0/25", + "region": "us-west-2", + "service": "AMAZON_CONNECT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.237.140.160/29", + "region": "us-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.136/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.144/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.192/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.208/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.224/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.232/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.240/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.51.0/25", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.0/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.16/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.224/27", + "region": "us-west-2", + "service": "CLOUD9", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.32/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.112/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.128/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.144/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.32/27", + "region": "us-west-2", + "service": "CLOUD9", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.80/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.96/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.160/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.176/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.208/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.240/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.221.183.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.221.183.32/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.222.66.64/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.64/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.12.224/27", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.21.192/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.22.176/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.24.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.37.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.45.0/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.45.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.46.0/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.46.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.47.0/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.47.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.49.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.51.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.64.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.68.0/22", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.72.0/23", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.74.0/25", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.80.192/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.92.0/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.95.176/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.162.63.192/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.167.191.128/26", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.35.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.192/28", + "region": "us-west-2", + "service": "EBS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.208/28", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.224/28", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.88.0/22", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.92.0/22", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.82.136.192/29", + "region": "us-west-2", + "service": "CODEBUILD", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.83.248.40/29", + "region": "us-west-2", + "service": "CODEBUILD", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.84.36.0/30", + "region": "us-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.86.187.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.86.66.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.227.178.0/24", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.233.54.0/23", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.106.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.108.128/25", + "region": "us-west-2", + "service": "CLOUDFRONT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.113.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.123.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.123.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.22.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.28.0/22", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.54.0/23", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.73.116/30", + "region": "us-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.73.120/30", + "region": "us-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.234.90.252/30", "region": "us-west-2", "service": "CLOUDFRONT", "network_border_group": "us-west-2" @@ -21746,6 +37364,66 @@ "service": "KINESIS_VIDEO_STREAMS", "network_border_group": "us-west-2" }, + { + "ip_prefix": "44.242.176.192/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.128/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.64/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.178.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.179.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.180.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.181.0/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.181.32/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.184.128/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.43.76.88/29", "region": "us-west-2", @@ -21763,6 +37441,18 @@ "region": "us-west-2", "service": "WORKSPACES_GATEWAYS", "network_border_group": "us-west-2" + }, + { + "ip_prefix": "54.244.52.192/26", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "54.245.168.0/26", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" } ], "ipv6_prefixes": [ @@ -21772,6 +37462,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80ff:4000::/40", "region": "cn-northwest-1", @@ -21784,6 +37480,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2406:da1b::/36", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "240f:80f8:4000::/40", "region": "cn-northwest-1", @@ -21796,6 +37498,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:f600::/39", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2400:6500:0:9::2/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4874::/47", "region": "us-west-2", @@ -21832,6 +37546,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:da60:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1fa0:4000::/40", "region": "us-west-2", @@ -21880,12 +37600,30 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daa0:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf8:e000::/40", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f60:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/40", "region": "eu-central-1", @@ -21896,7 +37634,7 @@ "ipv6_prefix": "2406:da15::/36", "region": "ap-northeast-2", "service": "AMAZON", - "network_border_group": "ap-northeast-2" + "network_border_group": "ap-northeast-2-wl1-cjj-wlz-1" }, { "ipv6_prefix": "240f:80f9:4000::/40", @@ -21928,6 +37666,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:9000:f540::/42", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d000:a000::/40", "region": "eu-south-1", @@ -21946,12 +37690,30 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f60:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2620:107:4000:2::92/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2a05:d050:2000::/40", "region": "eu-west-3", @@ -21964,6 +37726,30 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:9000:f000::/38", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f500::/43", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d030:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1f01:4802::/47", "region": "eu-west-1", @@ -21976,6 +37762,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4860::/47", "region": "ap-northeast-2", @@ -22012,6 +37804,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2404:c2c0:2e80::/48", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2600:1ff8:c000::/40", "region": "us-west-1", @@ -22024,6 +37822,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:4000:2::96/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2406:da70:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafe:e000::/40", "region": "ap-east-1", @@ -22054,6 +37864,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ff1:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da1c::/36", "region": "ap-southeast-2", @@ -22102,12 +37918,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f01:4880::/47", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2400:6500:0:7900::/56", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2404:c2c0:2f00::/40", "region": "cn-northwest-1", @@ -22138,6 +37966,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -22174,6 +38008,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d000:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07e:4000::/40", "region": "eu-central-1", @@ -22198,6 +38038,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d030:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d079:c000::/40", "region": "eu-west-2", @@ -22246,6 +38092,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:da60:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:82be::/48", "region": "ap-south-1", @@ -22288,12 +38140,36 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:9000:f800::/37", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2400:6500:0:9::3/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2400:6500:0:9::1/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2404:c2c0:200::/40", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da00:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafe:1000::/40", "region": "af-south-1", @@ -22306,18 +38182,42 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da60:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:dafc:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f00:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2400:6500:0:7a00::/56", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffc:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2400:6500:0:9::4/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ff9:1000::/40", "region": "ca-central-1", @@ -22342,6 +38242,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da70:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f1a:8000::/36", "region": "us-east-1", @@ -22372,6 +38278,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:9000:f400::/40", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d078:8000::/40", "region": "eu-west-1", @@ -22396,12 +38308,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d030:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:1f60:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:9000:ac00::/40", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2406:daf9:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2620:107:4000:7400::/56", "region": "us-gov-west-1", @@ -22438,6 +38368,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2606:f40:6800::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:daf8:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:8149::/48", "region": "ap-northeast-1", @@ -22474,6 +38416,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:3001::/48", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2406:daa0:8000::/40", "region": "ap-southeast-1", @@ -22510,12 +38458,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:9000:f538::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2606:f40:3001::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f12::/36", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d011::/36", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "240f:80fe:8000::/40", "region": "cn-north-1", @@ -22540,18 +38506,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2620:107:4000:2::90/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2406:da1e::/32", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:daf8:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d030:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2400:7fc0:2800::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:da60:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:807b::/48", "region": "us-east-1", @@ -22618,18 +38614,54 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f60:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d016::/36", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2a05:d079:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da17::/36", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daff:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffc:4000::/40", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da60:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2620:107:4000:a900::/58", "region": "ap-southeast-3", @@ -22642,12 +38674,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d07f:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:daf9:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1fa0:8000::/40", "region": "us-east-1", @@ -22660,6 +38710,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d07e:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2400:6500:0:7400::/56", "region": "ap-northeast-2", @@ -22678,6 +38734,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:f530::/46", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d07f:8000::/40", "region": "eu-west-1", @@ -22720,12 +38782,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffd:8422::/48", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d030:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:da60:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -22810,6 +38890,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2400:7fc0:2e80::/48", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2406:da1f::/36", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:9000:a300::/40", "region": "GLOBAL", @@ -22828,6 +38920,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d078:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2a05:d07c:2000::/40", "region": "eu-west-3", @@ -22840,6 +38944,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f60:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2400:7fc0:500::/40", "region": "GLOBAL", @@ -22852,12 +38962,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1ffd:8188::/48", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da60:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:dafc:1000::/40", "region": "af-south-1", @@ -22906,12 +39028,24 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:dafa:6000::/40", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2620:107:4000:2::93/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1ffd:838e::/48", "region": "eu-west-1", @@ -23110,6 +39244,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:9000:f534::/46", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d01c::/36", "region": "eu-west-2", @@ -23146,6 +39286,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daff:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1ff9:2000::/40", "region": "us-gov-west-1", @@ -23170,6 +39316,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d030:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2404:c2c0:2c00::/40", "region": "cn-northwest-1", @@ -23206,6 +39358,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da00:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -23242,6 +39400,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2406:dafc:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff9:5000::/40", "region": "us-gov-east-1", @@ -23284,6 +39454,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2620:107:4000:2::94/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1f01:48d2::/47", "region": "ap-southeast-2", @@ -23320,6 +39496,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d078:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d078:4000::/40", "region": "eu-central-1", @@ -23338,6 +39520,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:dafc:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d050:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07f:c000::/40", "region": "eu-west-2", @@ -23356,18 +39550,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d07e:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2406:dafc:6000::/40", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:dafe:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f01:48e0::/47", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2620:107:4000:2::95/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d030:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d03a:a000::/40", "region": "eu-south-1", @@ -23404,6 +39628,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d079:6000::/40", "region": "eu-north-1", @@ -23416,6 +39646,18 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:daa0:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2400:7fc0:2400::/40", "region": "cn-north-1", @@ -23428,6 +39670,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d07c:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07f:2000::/40", "region": "eu-west-3", @@ -23518,12 +39766,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:da60:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2620:107:4000:2::97/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1f17:8000::/36", "region": "us-east-1", @@ -23536,6 +39796,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da00:4000::/40", "region": "ap-northeast-1", @@ -23584,6 +39850,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:daff:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2600:9000:f520::/44", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d030:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da14::/36", "region": "ap-northeast-1", @@ -23620,6 +39904,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2620:107:4000:2::91/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2a05:d000:8000::/40", "region": "eu-west-1", @@ -23644,18 +39934,18 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, - { - "ipv6_prefix": "2600:9000:f000::/36", - "region": "GLOBAL", - "service": "AMAZON", - "network_border_group": "GLOBAL" - }, { "ipv6_prefix": "2804:800:0:7000::/56", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f10:8000::/36", "region": "us-east-1", @@ -23686,12 +39976,36 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2606:f40:4000::/48", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:daf9:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:da70:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da00:ff00::/64", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da60:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4830::/47", "region": "eu-central-1", @@ -23734,6 +40048,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2a05:d018:1000::/36", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2400:6500:0:7b00::/56", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "240f:80fc:4000::/40", "region": "cn-northwest-1", @@ -23758,6 +40084,30 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:da70:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2600:1f60:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da00:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:833b::/48", "region": "us-east-2", @@ -23770,6 +40120,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07e:2000::/40", "region": "eu-west-3", @@ -23800,6 +40156,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daa0:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f00:1000::/40", "region": "ca-central-1", @@ -23860,6 +40222,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", @@ -23884,6 +40252,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff1:8000::/40", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a01:578:0:7900::/56", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07f:a000::/40", "region": "eu-south-1", @@ -23920,6 +40300,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d03a:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1f18:8000::/36", "region": "us-east-1", @@ -23956,12 +40342,30 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d019::/36", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:dafe:9000::/40", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:9000:f580::/41", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -24004,6 +40408,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2a05:d07f:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -24034,24 +40444,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf8:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:9000::/40", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:1f01:4870::/47", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a01:578:0:7800::/56", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d079:e000::/40", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:dafe:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f01:4844::/47", "region": "us-east-2", @@ -24064,6 +40498,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d03a:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daf9:4000::/40", "region": "ap-northeast-1", @@ -24088,12 +40528,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d079:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1ffe:4000::/40", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2620:107:4007::/64", "region": "us-east-1", @@ -24118,6 +40570,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2606:f40:1001::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", @@ -24154,6 +40612,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ffa:2000::/40", "region": "us-gov-west-1", @@ -24172,6 +40636,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f70:5000::/40", "region": "us-gov-east-1", @@ -24190,6 +40660,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2406:dafe:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:80cb::/48", "region": "eu-central-1", @@ -24220,6 +40696,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:da60:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:9000:a600::/40", "region": "GLOBAL", @@ -24244,6 +40726,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2a05:d07c:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -24262,6 +40750,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d050:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "240f:80fe:4000::/40", "region": "cn-northwest-1", @@ -24310,18 +40804,42 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1f60:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1fff:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:daf0:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f1b:8000::/36", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2-wl1-sfo-wlz-1" }, + { + "ipv6_prefix": "2a05:d000:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d030:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2600:1ffe:2000::/40", "region": "us-gov-west-1", @@ -24364,240 +40882,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, - { - "ipv6_prefix": "2600:1f14:fff:f800::/53", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2406:da18:7ff:f800::/53", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2406:da00:ff00::6b17:ff00/122", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2400:7fc0:83cc:cc00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ipv6_prefix": "2804:800:ff00::b147:cf80/122", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2406:da18:fff:f800::/53", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2406:da1c:7ff:f800::/53", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2600:1f18:7fff:f800::/53", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2406:da1c:fff:f800::/53", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2400:6500:ff00::36fb:1f80/122", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2403:b300:ff00::36fc:fec0/122", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2400:6500:ff00::36ff:fec0/122", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2a01:578:3::36e4:1000/122", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ipv6_prefix": "2400:7fc0:83cc:ce00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:cd00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:ce00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2600:1f1c:7ff:f800::/53", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2400:6700:ff00::36fa:fdc0/122", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2620:108:700f::36f4:34c0/122", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2600:1f1e:7ff:f800::/53", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2403:b300:ff00::36fc:4f80/122", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:cc00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2600:1f1c:fff:f800::/53", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2620:108:700f::36f5:a800/122", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2406:da14:7ff:f800::/53", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2600:1f18:3fff:f800::/53", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2804:800:ff00::36e8:2840/122", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2600:1f1e:fff:f800::/53", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2406:da00:ff00::36f3:1fc0/122", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2406:da14:fff:f800::/53", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2620:107:300f::36f1:2040/122", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2a01:578:3::b022:9fc0/122", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ipv6_prefix": "2620:107:300f::36b7:ff80/122", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2400:6700:ff00::36f8:dc00/122", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2a05:d018:fff:f800::/53", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ipv6_prefix": "2400:7fc0:83cc:cd00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ipv6_prefix": "2600:1f14:7ff:f800::/53", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2a05:d018:7ff:f800::/53", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, { "ipv6_prefix": "2a05:d07a:a000::/40", "region": "eu-south-1", "service": "S3", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80f8:4000::/40", "region": "cn-northwest-1", @@ -24634,12 +40930,24 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daa0:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf8:e000::/40", "region": "ap-east-1", "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "240f:80f9:4000::/40", "region": "cn-northwest-1", @@ -24664,6 +40972,12 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2a05:d050:2000::/40", "region": "eu-west-3", @@ -24676,6 +40990,18 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ff8:c000::/40", "region": "us-west-1", @@ -24706,6 +41032,18 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a05:d07a:2000::/40", "region": "eu-west-3", @@ -24778,12 +41116,24 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:daf9:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ff8:5000::/36", "region": "us-gov-east-1", "service": "S3", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:daf8:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ff9:c000::/40", "region": "us-west-1", @@ -24802,12 +41152,24 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf8:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2400:7fc0:2800::/40", "region": "cn-north-1", "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "240f:80a0:4000::/40", "region": "cn-northwest-1", @@ -24838,6 +41200,24 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d079:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf9:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1fa0:8000::/40", "region": "us-east-1", @@ -24850,6 +41230,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -24874,6 +41260,12 @@ "service": "S3", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d078:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daf9:e000::/40", "region": "ap-east-1", @@ -24886,6 +41278,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1fa0:6000::/40", "region": "us-east-2", @@ -24898,6 +41296,12 @@ "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:dafa:6000::/40", "region": "ap-northeast-3", @@ -24976,6 +41380,12 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff9:5000::/40", "region": "us-gov-east-1", @@ -25000,6 +41410,12 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2a05:d078:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d078:4000::/40", "region": "eu-central-1", @@ -25012,6 +41428,18 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d050:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1ff8:1000::/40", "region": "ca-central-1", @@ -25036,12 +41464,30 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d079:6000::/40", "region": "eu-north-1", "service": "S3", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daa0:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2400:7fc0:2400::/40", "region": "cn-north-1", @@ -25078,6 +41524,12 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1ff9:8000::/40", "region": "us-east-1", @@ -25102,6 +41554,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1fa0:5000::/40", "region": "us-gov-east-1", @@ -25114,6 +41572,12 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:daf9:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1fa0:e000::/40", "region": "sa-east-1", @@ -25138,6 +41602,24 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daa0:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:9000:a210::/48", "region": "GLOBAL", @@ -25174,6 +41656,12 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", @@ -25186,6 +41674,12 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daa0:1000::/40", "region": "af-south-1", @@ -25204,12 +41698,24 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:daf8:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:9000::/40", "region": "ap-southeast-3", "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d079:e000::/40", "region": "me-south-1", @@ -25240,6 +41746,18 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d079:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:9000:a105::/48", "region": "GLOBAL", @@ -25252,6 +41770,12 @@ "service": "S3", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ffa:2000::/40", "region": "us-gov-west-1", @@ -25264,6 +41788,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -25276,6 +41806,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d050:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1ffa:5000::/40", "region": "us-gov-east-1", @@ -25288,6 +41824,12 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:daf0:a000::/40", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2a05:d078:6000::/40", "region": "eu-north-1", @@ -25300,12 +41842,24 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80ff:4000::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da1b::/36", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f19:8000::/36", "region": "us-east-1", @@ -25324,6 +41878,12 @@ "service": "EC2", "network_border_group": "us-east-1-pilot-4" }, + { + "ipv6_prefix": "2406:da60:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f1d:8000::/36", "region": "us-west-2", @@ -25348,6 +41908,18 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f60:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/40", "region": "eu-central-1", @@ -25358,7 +41930,7 @@ "ipv6_prefix": "2406:da15::/36", "region": "ap-northeast-2", "service": "EC2", - "network_border_group": "ap-northeast-2" + "network_border_group": "ap-northeast-2-wl1-cjj-wlz-1" }, { "ipv6_prefix": "2406:da70:8000::/40", @@ -25378,18 +41950,48 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f60:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2404:c2c0::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d030:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2a05:d01e::/36", "region": "me-south-1", @@ -25408,6 +42010,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:da70:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1fff:1000::/40", "region": "ca-central-1", @@ -25420,6 +42028,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ff1:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da1c::/36", "region": "ap-southeast-2", @@ -25432,6 +42046,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2404:c2c0:2f00::/40", "region": "cn-northwest-1", @@ -25444,6 +42064,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -25456,18 +42082,36 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2a05:d000:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1f14::/35", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2a05:d030:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:1ffd:807f::/48", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da60:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:82be::/48", "region": "ap-south-1", @@ -25486,6 +42130,18 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:da00:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da60:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1f00:5000::/40", "region": "us-gov-east-1", @@ -25504,6 +42160,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da70:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f1a:8000::/36", "region": "us-east-1", @@ -25522,6 +42184,18 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d030:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:1f60:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2620:108:700f::/64", "region": "us-west-2", @@ -25540,6 +42214,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2606:f40:6800::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1ffd:8149::/48", "region": "ap-northeast-1", @@ -25564,12 +42244,24 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2606:f40:3001::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f12::/36", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d011::/36", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2400:7fc0:2100::/40", "region": "cn-north-1", @@ -25594,6 +42286,24 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2a05:d030:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2406:da60:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:807b::/48", "region": "us-east-1", @@ -25630,18 +42340,60 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1f60:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d016::/36", "region": "eu-north-1", "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:da17::/36", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daff:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:da60:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2a05:d014::/36", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d07f:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", @@ -25690,12 +42442,30 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffd:8422::/48", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d030:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:da60:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2a01:578:3::/64", "region": "eu-west-1", @@ -25744,12 +42514,42 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da1f::/36", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da60:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2600:1f60:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1ffd:8188::/48", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da60:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f70:8000::/40", "region": "us-east-1", @@ -25774,6 +42574,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1ffd:838e::/48", "region": "eu-west-1", @@ -25900,12 +42706,30 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daff:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d030:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2600:1ffd:83d2::/48", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:da00:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -25936,6 +42760,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ffd:85c0::/48", "region": "ap-southeast-2", @@ -25978,6 +42808,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2a05:d030:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d03a:a000::/40", "region": "eu-south-1", @@ -25990,12 +42832,24 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2406:da00:1000::/40", "region": "af-south-1", "service": "EC2", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2620:108:d00f::/64", "region": "us-gov-west-1", @@ -26044,6 +42898,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da60:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", @@ -26056,6 +42916,12 @@ "service": "EC2", "network_border_group": "us-east-1-wl1-nyc-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da00:4000::/40", "region": "ap-northeast-1", @@ -26080,6 +42946,18 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:daff:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2a05:d030:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da14::/36", "region": "ap-northeast-1", @@ -26110,18 +42988,42 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f10:8000::/36", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1-wl1-bos-wlz-1" }, + { + "ipv6_prefix": "2606:f40:4000::/48", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da70:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da00:ff00::/64", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da60:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:8508::/48", "region": "us-west-2", @@ -26134,12 +43036,42 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2a05:d018:1000::/36", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2600:1f11::/36", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da70:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2600:1f60:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da00:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:833b::/48", "region": "us-east-2", @@ -26152,6 +43084,12 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:da70:1000::/40", "region": "af-south-1", @@ -26188,6 +43126,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -26206,6 +43150,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff1:8000::/40", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d07f:a000::/40", "region": "eu-south-1", @@ -26236,6 +43186,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d03a:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1f18:8000::/36", "region": "us-east-1", @@ -26248,6 +43204,18 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d019::/36", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -26278,6 +43246,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d07f:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -26296,6 +43270,24 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d03a:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2620:107:4007::/64", "region": "us-east-1", @@ -26314,6 +43306,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2606:f40:1001::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", @@ -26338,12 +43336,24 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2400:7fc0:2200::/40", "region": "cn-north-1", "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f70:5000::/40", "region": "us-gov-east-1", @@ -26368,6 +43378,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da60:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f16:8000::/36", "region": "us-east-2", @@ -26398,18 +43414,42 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1f60:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1fff:5000::/40", "region": "us-gov-east-1", "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:daf0:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f1b:8000::/36", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2-wl1-sfo-wlz-1" }, + { + "ipv6_prefix": "2a05:d000:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d030:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2406:da70:a000::/40", "region": "ap-south-1", @@ -26423,7 +43463,31 @@ "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2600:9000:3000::/36", + "ipv6_prefix": "2600:9000:3000::/36", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f600::/39", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f540::/42", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f000::/38", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f500::/43", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" @@ -26440,6 +43504,24 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:f800::/37", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f400::/40", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f538::/45", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2600:9000:1000::/36", "region": "GLOBAL", @@ -26477,7 +43559,19 @@ "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:f000::/36", + "ipv6_prefix": "2600:9000:f534::/46", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f520::/44", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f580::/41", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" @@ -26488,12 +43582,24 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2400:7fc0:4000:100::/56", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2400:7fc0:4000:200::/56", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2400:7fc0:4000:300::/56", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2400:7fc0:4000:400::/56", "region": "cn-north-1", @@ -26506,12 +43612,42 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2400:7fc0:83cc:cc00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2400:7fc0:83cc:cd00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2400:7fc0:83cc:ce00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2404:c2c0:4000:100::/56", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2404:c2c0:4000:200::/56", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2404:c2c0:4000:300::/56", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2404:c2c0:4000:400::/56", "region": "cn-northwest-1", @@ -26524,24 +43660,138 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2404:c2c0:83cc:cc00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:cd00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:ce00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2406:da70:1000:100::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ipv6_prefix": "2406:da70:1000:200::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ipv6_prefix": "2406:da70:1000:400::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:da70:1000::/56", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:da70:e000:100::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da70:e000:200::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da70:e000:400::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:da70:e000::/56", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:da14:7ff:f800::/56", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da14:fff:f800::/56", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:100::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:200::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:300::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:400::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:da70:4000::/56", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2406:da70:2000:100::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:200::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:300::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:400::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2406:da70:2000::/56", "region": "ap-northeast-2", @@ -26554,96 +43804,516 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da70:a000:100::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:200::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:300::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:400::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:da70:a000::/56", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:da18:7ff:f800::/56", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da18:fff:f800::/56", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:100::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:200::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:300::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:400::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2406:da70:8000::/56", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:da1c:7ff:f800::/56", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da1c:fff:f800::/56", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:100::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:200::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:300::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:400::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:da70:c000::/56", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1f70:1000:100::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:200::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:300::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:400::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1f70:1000::/56", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d038:4000:100::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d038:4000:200::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d038:4000:300::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d038:4000:400::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d038:6000:100::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d038:6000:200::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d038:6000:400::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d03a:6000::/56", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2a05:d038:a000:100::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2a05:d038:a000:200::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2a05:d038:a000:400::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a05:d03a:a000::/56", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d018:7ff:f800::/56", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d018:fff:f800::/56", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d038:8000:100::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d038:8000:200::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d038:8000:300::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d038:8000:400::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d03a:8000::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d038:c000:100::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d038:c000:200::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d038:c000:300::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d038:c000:400::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d03a:c000::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d038:2000:100::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d038:2000:200::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d038:2000:300::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d038:2000:400::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d03a:2000::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d038:e000:100::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2a05:d038:e000:200::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2a05:d038:e000:400::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2a05:d03a:e000::/56", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1f1e:7ff:f800::/56", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f1e:fff:f800::/56", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:100::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:200::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:400::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1f70:e000::/56", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1f18:3fff:f800::/56", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:1f18:7fff:f800::/56", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f70:8000::/56", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1f70:6000:100::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:200::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:300::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:400::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f70:6000::/56", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1f1c:7ff:f800::/56", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f1c:fff:f800::/56", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:100::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:200::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:300::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:400::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1f70:c000::/56", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1f14:7ff:f800::/56", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f14:fff:f800::/56", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:100::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:200::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:300::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:400::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1f70:4000::/56", "region": "us-west-2", From 13037417b52b61dec52ffad22365ba5734b08111 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 17 Dec 2021 15:03:51 +0100 Subject: [PATCH 699/979] Add minimum version --- .../html/partials/aws/services.cloudfront.distributions.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html index dfd612156..da5018b05 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html @@ -16,7 +16,8 @@

      Information

      Web ACL ID: {{value_or_none web_acl_id}}
      IPv6 Enabled: {{value_or_none is_ipv6_enabled}}
      HTTP Version: {{value_or_none http_version}}
      -
      Certificate: {{value_or_none view_certificate}}
      +
      Certificate: {{value_or_none viewer_certificate.Certificate}}
      +
      Minimum TLS Version: {{value_or_none viewer_certificate.MinimumProtocolVersion}}

      Origins

      From 392e8a3eebcf5496f438da33ff4934b314343880 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 17 Dec 2021 15:03:58 +0100 Subject: [PATCH 700/979] Fix rule --- .../cloudfront-distribution-insecure-origin.json | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json index ebdf99bac..9ac29470b 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-insecure-origin.json @@ -7,12 +7,7 @@ "dashboard_name": "Distributions", "path": "cloudfront.distributions.id", "conditions": [ - "or", - [ - "cloudfront.distributions.id.origins", - "containString", - "http-only" - ], + "and", [ "cloudfront.distributions.id.viewer_certificate.MinimumProtocolVersion.", "containNoneOf", @@ -25,5 +20,5 @@ ] ] ], - "class_suffix": "config_protocols" + "id_suffix": "minimum_ssl_version" } From 3c83f2868f41f4a7b0687585d9abc6563694cb3a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 17 Dec 2021 15:44:39 +0100 Subject: [PATCH 701/979] Fix rule --- .../findings/cloudfront-distribution-cleartext-origin.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json index b48cbf1d5..52e041aeb 100644 --- a/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json +++ b/ScoutSuite/providers/aws/rules/findings/cloudfront-distribution-cleartext-origin.json @@ -7,11 +7,16 @@ "dashboard_name": "Distributions", "path": "cloudfront.distributions.id", "conditions": [ - "and", + "or", [ "cloudfront.distributions.id.origins", "containString", "http-only" + ], + [ + "cloudfront.distributions.id.origins", + "containString", + "match-viewer" ] ], "class_suffix": "config_policy" From a8091c4ffe72055fe80c1de8e077dc8f89b5ca7a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 17 Dec 2021 15:44:55 +0100 Subject: [PATCH 702/979] Improve partial --- .../aws/services.cloudfront.distributions.html | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html index da5018b05..be91a06af 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudfront.distributions.html @@ -26,18 +26,23 @@

      Origins

      {{#each origins.Items}}
    • {{Id}}
        • -
      • Domain Name: {{value_or_none DomainName}}
        • +
      • Domain: {{value_or_none DomainName}}
      • Origin Path: {{value_or_none OriginPath}}
        • + {{#if S3OriginConfig}} +
      • S3 Origin Access Identity: {{value_or_none S3OriginConfig.OriginAccessIdentity}}
        • + {{/if}} + {{#if CustomOriginConfig}}
      • Custom Origin Config:
          • -
        • Protocol Policy: {{value_or_none CustomOriginConfig.OriginProtocolPolicy}}
          • -
        • SSL/TLS Protocols: +
        • Protocol Policy: {{value_or_none CustomOriginConfig.OriginProtocolPolicy}}
          • +
        • SSL/TLS Protocols:
            {{#each CustomOriginConfig.OriginSslProtocols.Items}}
          • {{this}}
            • {{/each}}
        + {{/if}}
      {{/each}}

    From db634afe8bf80212f46d1adb5ca1c88a2b183930 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Dec 2021 12:35:21 +0100 Subject: [PATCH 703/979] Fix bug --- ScoutSuite/providers/aws/facade/codebuild.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/codebuild.py b/ScoutSuite/providers/aws/facade/codebuild.py index befc59c6a..7c4a9ce79 100644 --- a/ScoutSuite/providers/aws/facade/codebuild.py +++ b/ScoutSuite/providers/aws/facade/codebuild.py @@ -23,7 +23,7 @@ async def _get_project_details(self, project: str, region: str): project_details = await run_concurrently(lambda: codebuild_client.batch_get_projects(names=[project])) except Exception as e: print_exception(f'Failed to get CodeBuild project details: {e}') - return project + return {} else: project_details.pop('ResponseMetadata') project_details.pop('projectsNotFound') From 3acc4146f70f0068ed464f90624a0d11c5457b7e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 20 Dec 2021 18:16:51 +0100 Subject: [PATCH 704/979] Consider range as all ports --- .../aws/rules/conditions/security-group-opens-all-ports.json | 1 + .../rules/findings/ec2-security-group-opens-port-range.json | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json b/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json index d0df847bc..ea87971fe 100755 --- a/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json +++ b/ScoutSuite/providers/aws/rules/conditions/security-group-opens-all-ports.json @@ -2,6 +2,7 @@ "conditions": [ "and", [ "or", [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "equal", "0-65535" ], + [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "equal", "1-65535" ], [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id", "equal", "ALL" ] ], [ "ec2.regions.id.vpcs.id.security_groups.id.rules.id", "equal", "ingress"] diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json index 2f51e94ab..a3087e2cf 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-range.json @@ -29,6 +29,11 @@ "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", "notEqual", "0-65535" + ], + [ + "ec2.regions.id.vpcs.id.security_groups.id.rules.id.protocols.id.ports.id", + "notEqual", + "1-65535" ] ] } \ No newline at end of file From 70158bd150b0989d60a86fcd36135e964d24a356 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Wed, 5 Jan 2022 17:12:41 +0000 Subject: [PATCH 705/979] Fixed bug with GCP rule about shielded VMs --- ScoutSuite/providers/gcp/resources/gce/instances.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gce/instances.py b/ScoutSuite/providers/gcp/resources/gce/instances.py index 4f468bd7f..ded1d69df 100755 --- a/ScoutSuite/providers/gcp/resources/gce/instances.py +++ b/ScoutSuite/providers/gcp/resources/gce/instances.py @@ -53,7 +53,7 @@ def _parse_instance(self, raw_instance): instance_dict['default_service_account'] = False instance_dict['full_access_apis'] = False - if hasattr(raw_instance, 'shieldedInstanceConfig'): + if 'shieldedInstanceConfig' in raw_instance: instance_dict['shielded_enable'] = self._shielded_vm_enabled(raw_instance) else: instance_dict['shielded_enable'] = False @@ -91,7 +91,8 @@ def _allow_full_access_to_all_cloud_api(self, raw_instance): def _shielded_vm_enabled(self, raw_instance): vtpm = raw_instance['shieldedInstanceConfig'].get('enableVtpm', False) integrity_monitoring = raw_instance['shieldedInstanceConfig'].get('enableIntegrityMonitoring', False) - return vtpm and integrity_monitoring + secure_boot = raw_instance['shieldedInstanceConfig'].get('enableSecureBoot', False) + return vtpm and integrity_monitoring and secure_boot def _public_ip_adresses(self, raw_instance): for network in raw_instance['networkInterfaces']: From 8813c77ef877e93d092c163205139db2861bafed Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Wed, 5 Jan 2022 17:20:59 +0000 Subject: [PATCH 706/979] Set new release candidate version --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index f9e725310..37f130d59 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.11.0RC1' +__version__ = '5.11.0RC3' ERRORS_LIST = [] From a6d867539ebfc577581b83de8715c1d110704068 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 18 Jan 2022 15:17:36 +0100 Subject: [PATCH 707/979] Improve finding logic --- .../rules/findings/elb-listener-allowing-cleartext.json | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/elb-listener-allowing-cleartext.json b/ScoutSuite/providers/aws/rules/findings/elb-listener-allowing-cleartext.json index eedf4ac2f..897e1a9f1 100644 --- a/ScoutSuite/providers/aws/rules/findings/elb-listener-allowing-cleartext.json +++ b/ScoutSuite/providers/aws/rules/findings/elb-listener-allowing-cleartext.json @@ -16,6 +16,13 @@ "HTTPS", "SSL" ] + ], + [ + "elb.regions.id.vpcs.id.elbs.id.listeners.id.LoadBalancerPort", + "containNoneOf", + [ + 443 + ] ] ] } From f80100edc681277af14dab04a52d42ccd4685214 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:27:19 +0100 Subject: [PATCH 708/979] Support outgoing IPs --- .../providers/gcp/resources/cloudsql/database_instances.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 509318cc1..43546f6ee 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -77,11 +77,14 @@ def _parse_instance(self, raw_instance): # network interfaces instance_dict['public_ip'] = None instance_dict['private_ip'] = None + instance_dict['outgoing_ip'] = None for address in raw_instance.get('ipAddresses', []): if address['type'] == 'PRIMARY': instance_dict['public_ip'] = address['ipAddress'] elif address['type'] == 'PRIVATE': instance_dict['private_ip'] = address['ipAddress'] + elif address['type'] == 'OUTGOING': + instance_dict['outgoing_ip'] = address['ipAddress'] else: print_exception('Unknown Cloud SQL instance IP address type: {}'.format(address['type'])) From 5605e8734dc2fa776b794be49029465473848330 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:30:19 +0100 Subject: [PATCH 709/979] Improve rule logic --- .../cloudsql-instance-is-open-to-the-world.json | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json index b2d5d131b..ecd6742e5 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json @@ -1,5 +1,5 @@ { - "description": "Instance Allowing All Incoming Connections", + "description": "Database Instances Allowing Public Access (0.0.0.0/0)", "rationale": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Under the Configuration section click Edit configurations.
    4. Under Configuration options expand the Connectivity section.
    5. Click the delete icon for the authorized network 0.0.0.0/0.
    6. Click Save to update the instance.
    ", "compliance": [ @@ -20,11 +20,21 @@ "https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints", "https://cloud.google.com/sql/docs/mysql/connection-org-policy" ], - "dashboard_name": "Instances", + "dashboard_name": "Authorized Networks", "display_path": "cloudsql.projects.id.instances.id", "path": "cloudsql.projects.id.instances.id.authorized_networks.id", "conditions": [ "and", + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEmpty", + "" + ], + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEqual", + "None" + ], [ "cloudsql.projects.id.instances.id.authorized_networks.id.value", "match", From 32e546944866f4e4641259e58b35fd062b8bd300 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:30:32 +0100 Subject: [PATCH 710/979] Update description --- .../gcp/rules/findings/cloudsql-instances-public-ips.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json index 725d806df..cb28cf643 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instances-public-ips.json @@ -1,5 +1,5 @@ { - "description": "Cloud SQL Database Instances Have Public IPs", + "description": "Database Instances with Public IPs", "rationale": "To lower the organization's attack surface, Cloud SQL databases should not have public IPs. Private IPs provide improved network security and lower latency for your application.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Select the Connections tab.
    4. Deselect the Public IP checkbox.
    5. Click Save to update the instance.
    ", "compliance": [ From 200cc9ae4b39c43f79442770fa954601adb3ed4e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:49:33 +0100 Subject: [PATCH 711/979] Add rule and update ratings --- ScoutSuite/providers/gcp/rules/rulesets/default.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 0d09dac10..b8671bcd8 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -19,6 +19,12 @@ "level": "danger" } ], + "cloudsql-instance-is-open-to-public-range.json": [ + { + "enabled": true, + "level": "danger" + } + ], "cloudsql-instance-no-binary-logging.json": [ { "enabled": true, @@ -64,7 +70,7 @@ "cloudsql-instances-public-ips.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ From 2d98a5aacef962716462095fbe5fb40ee4b06063 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:57:55 +0100 Subject: [PATCH 712/979] Update conditions --- ScoutSuite/core/conditions.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 5a6ec9ed0..5cc2a8caa 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -3,6 +3,7 @@ import json import netaddr import re +import ipaddress from policyuniverse.expander_minimizer import get_actions_from_statement, _expand_wildcard_action @@ -221,6 +222,10 @@ def pass_condition(b, test, a): break elif test == 'notInSubnets': result = (not pass_condition(b, 'inSubnets', a)) + elif test == 'isPrivateSubnet': + result = ipaddress.ip_network(b, strict=False).is_private + elif test == 'isPublicSubnet': + result = not ipaddress.ip_network(b, strict=False).is_private # Port/port ranges tests elif test == 'portsInPortList': From 5c767411daaab393ebeaaf206f184097fb961c73 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 16:59:58 +0100 Subject: [PATCH 713/979] Add rule --- ...dsql-instance-is-open-to-public-range.json | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json new file mode 100755 index 000000000..3349954c1 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json @@ -0,0 +1,39 @@ +{ + "description": "Database Instances Allowing Access from Public Ranges", + "rationale": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be allow-listed to connect to it. An authorized network should not have IPs/networks configured to broad public ranges which will allow access to the instance from arbitrary hosts.", + "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Under the Configuration section click Edit configurations.
    4. Under Configuration options expand the Connectivity section.
    5. Click the delete icon for the egregious authorized network
    6. Click Save to update the instance.
    ", + "compliance": [], + "references": [ + "https://cloud.google.com/sql/docs/mysql/configure-ip", + "https://console.cloud.google.com/iam-admin/orgpolicies/sql-restrictAuthorizedNetworks", + "https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints", + "https://cloud.google.com/sql/docs/mysql/connection-org-policy" + ], + "dashboard_name": "Authorized Networks", + "display_path": "cloudsql.projects.id.instances.id", + "path": "cloudsql.projects.id.instances.id.authorized_networks.id", + "conditions": [ + "and", + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEmpty", + "" + ], + [ + "cloudsql.projects.id.instances.id.public_ip", + "notEqual", + "None" + ], + [ + "cloudsql.projects.id.instances.id.authorized_networks.id.value", + "isPublicSubnet", + "" + ], + [ + "cloudsql.projects.id.instances.id.authorized_networks.id.value", + "notMatch", + ".*/32" + ] + ], + "id_suffix": "open_to_the_world" +} \ No newline at end of file From 9ebbf3508978f45518ab84bfb71076965986ab9e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 25 Jan 2022 17:00:58 +0100 Subject: [PATCH 714/979] Improve prose --- .../rules/findings/cloudsql-instance-is-open-to-the-world.json | 2 +- .../computeengine-instance-connecting-serial-ports-enabled.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json index ecd6742e5..ddf3a76ba 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-the-world.json @@ -1,6 +1,6 @@ { "description": "Database Instances Allowing Public Access (0.0.0.0/0)", - "rationale": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be white-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world.", + "rationale": "To minimize attack surface on a Database server instance, only trusted/known and required IP(s) should be allow-listed to connect to it. An authorized network should not have IPs/networks configured to 0.0.0.0/0 which will allow access to the instance from anywhere in the world.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Click the instance name to open its Instance details page.
    3. Under the Configuration section click Edit configurations.
    4. Under Configuration options expand the Connectivity section.
    5. Click the delete icon for the authorized network 0.0.0.0/0.
    6. Click Save to update the instance.
    ", "compliance": [ { diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json index ed21ecd94..6c6dcd568 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json @@ -1,6 +1,6 @@ { "description": "Enable Connecting To Serial Ports Is Enabled", - "rationale": "The interactive serial console does not support IP-based access restrictions such as IP whitelists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. This allows anybody to connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name.", + "rationale": "The interactive serial console does not support IP-based access restrictions such as IP allow-lists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. This allows anybody to connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name.", "remediation": "From console:
    1. Login to Google Cloud console
    2. Go to Computer Engine
    3. Go to VM instances
    4. Click on the Specific VM
    5. Click Edit
    6. Unselect Enable connecting to serial ports below Remote accessblock.
    7. Click Save
    ", "compliance": [ { From bc63c38d94fcab17ba2581fde88855f4808911ef Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 28 Jan 2022 16:01:16 +0100 Subject: [PATCH 715/979] Fix bug --- ScoutSuite/core/conditions.py | 2 ++ .../findings/cloudsql-instance-is-open-to-public-range.json | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 5cc2a8caa..8833d71d3 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -222,6 +222,8 @@ def pass_condition(b, test, a): break elif test == 'notInSubnets': result = (not pass_condition(b, 'inSubnets', a)) + elif test == 'isSubnetRange': + result = not ipaddress.ip_network(b, strict=False).exploded.endswith("/32") elif test == 'isPrivateSubnet': result = ipaddress.ip_network(b, strict=False).is_private elif test == 'isPublicSubnet': diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json index 3349954c1..7aff4ffb2 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-is-open-to-public-range.json @@ -31,8 +31,8 @@ ], [ "cloudsql.projects.id.instances.id.authorized_networks.id.value", - "notMatch", - ".*/32" + "isSubnetRange", + "" ] ], "id_suffix": "open_to_the_world" From 668343e9394e2ef3192d8515cb53b798cabbc81a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 3 Feb 2022 13:29:40 +0100 Subject: [PATCH 716/979] Switch to latest --- ScoutSuite/providers/azure/facade/aad.py | 4 ++-- requirements.txt | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 1b2d64ecb..60c998d16 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -1,4 +1,4 @@ -from msgraphcore import GraphSession +from msgraph.core import GraphClient from ScoutSuite.core.console import print_exception @@ -12,7 +12,7 @@ def __init__(self, credentials): async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - client = GraphSession(self.credentials.get_credentials(), scopes) + client = GraphClient(self.credentials.get_credentials(), scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) try: response = client.get(endpoint) diff --git a/requirements.txt b/requirements.txt index 6929ef3c6..2c19d3e56 100755 --- a/requirements.txt +++ b/requirements.txt @@ -47,8 +47,7 @@ azure-mgmt-compute==18.2.0 azure-mgmt-authorization==1.0.0 azure-mgmt-rdbms==8.0.0 ---extra-index-url https://test.pypi.org/simple -msgraphcore==0.0.2 +msgraph-core==0.2.2 # Aliyun / Alibaba Cloud Provider aliyun-python-sdk-core>=2.13.4 From bad6a92afad6bb0fd8a080b1a2981d52dc55650e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 3 Feb 2022 13:57:10 +0100 Subject: [PATCH 717/979] Fix bug --- ScoutSuite/providers/azure/facade/aad.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 60c998d16..30e9f2bc8 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -12,7 +12,7 @@ def __init__(self, credentials): async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): scopes = ['https://graph.microsoft.com/.default'] - client = GraphClient(self.credentials.get_credentials(), scopes) + client = GraphClient(credential=self.credentials.get_credentials(), scopes=scopes) endpoint = 'https://graph.microsoft.com/{}/{}'.format(api_version, api_resource) try: response = client.get(endpoint) From f6cd6cb38e681c4c844123a34ccc7304db5bfa44 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 17 Feb 2022 12:31:13 +0100 Subject: [PATCH 718/979] Add service name --- ScoutSuite/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index db4b89bdb..fe8d3cf80 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -54,6 +54,7 @@ # GCP 'cloudstorage': 'Cloud Storage', 'cloudmemorystore': 'Cloud Memorystore', + 'memorystore': 'Cloud Memorystore', 'cloudsql': 'Cloud SQL', 'dns': 'DNS', 'stackdriverlogging': 'Stackdriver Logging', From 63bf2d39e97b7ed6782b749f450287f31709d039 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 17 Feb 2022 12:31:58 +0100 Subject: [PATCH 719/979] Add warning --- ScoutSuite/core/console.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/core/console.py b/ScoutSuite/core/console.py index 2383ad84f..508b09551 100755 --- a/ScoutSuite/core/console.py +++ b/ScoutSuite/core/console.py @@ -40,6 +40,7 @@ class HostnameFilter(logging.Filter): def filter(self, record): record.hostname = HostnameFilter.hostname return True + # create file handler which logs messages fh = logging.FileHandler(output_file_path, 'w+') # Add filter to add hostname information @@ -60,6 +61,10 @@ def print_generic(msg): logger.info(msg) +def print_info(msg): + print_generic(msg) + + def print_debug(msg): logger.debug(msg) @@ -68,6 +73,10 @@ def print_error(msg): logger.error(msg) +def print_warning(msg): + logger.warning(msg) + + def print_exception(exception, additional_details=None): try: exc = True @@ -101,10 +110,6 @@ def print_exception(exception, additional_details=None): 'additional_details': additional_details}) -def print_info(msg): - print_generic(msg) - - ######################################## # Prompt functions ######################################## From 0854598703b32af685980d5f490b50abd5ce8da3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 17 Feb 2022 12:37:25 +0100 Subject: [PATCH 720/979] Use warning instead of error --- ScoutSuite/providers/gcp/facade/base.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 3b984d822..bc5918976 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -1,6 +1,6 @@ import json -from ScoutSuite.core.console import print_exception, print_info, print_debug, print_error +from ScoutSuite.core.console import print_exception, print_info, print_warning from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.cloudresourcemanager import CloudResourceManagerFacade from ScoutSuite.providers.gcp.facade.cloudsql import CloudSQLFacade @@ -151,8 +151,8 @@ async def is_api_enabled(self, project_id, service): request = services.list(parent=f'projects/{project_id}') services_response = await GCPFacadeUtils.get_all('services', request, services) except Exception as e: - print_exception(f'Could not fetch the state of services for project \"{project_id}\", ' - f'including {format_service_name(service.lower())} in the execution', {'exception': e}) + print_warning(f'Could not fetch the state of services for project \"{project_id}\", ' + f'including {format_service_name(service.lower())} in the execution', {'exception': e}) return True # These are hardcoded endpoint correspondences as there's no easy way to do this. @@ -172,11 +172,11 @@ async def is_api_enabled(self, project_id, service): endpoint = 'monitoring' elif service == 'MemoryStore': endpoint = 'redis' - elif service =='DNS': - endpoint='dns' + elif service == 'DNS': + endpoint = 'dns' else: - print_debug('Could not validate the state of the {} API for project \"{}\", ' - 'including it in the execution'.format(format_service_name(service.lower()), project_id)) + print_warning(f'Could not validate the state of the {format_service_name(service.lower())} API for ' + f'project \"{project_id}\", including it in the execution') return True for s in services_response: @@ -184,10 +184,10 @@ async def is_api_enabled(self, project_id, service): if s.get('state') == 'ENABLED': return True else: - print_info('{} API not enabled for project \"{}\", skipping'.format(format_service_name(service.lower()), - project_id)) + print_info(f'{format_service_name(service.lower())} API not enabled for ' + f'project \"{project_id}\", skipping') return False - print_error(f'Could not validate the state of the {format_service_name(service.lower())} API ' - f'for project \"{project_id}\", including it in the execution') + print_warning(f'Could not validate the state of the {format_service_name(service.lower())} API ' + f'for project \"{project_id}\", including it in the execution') return True From 245c59cee32ec2d5e519fa16593c53e267f88d99 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 17 Feb 2022 13:03:51 +0100 Subject: [PATCH 721/979] Fix bug --- ScoutSuite/providers/gcp/facade/iam.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/iam.py b/ScoutSuite/providers/gcp/facade/iam.py index 0550cbdc4..f73507ae1 100755 --- a/ScoutSuite/providers/gcp/facade/iam.py +++ b/ScoutSuite/providers/gcp/facade/iam.py @@ -62,6 +62,10 @@ async def get_role_definition(self, role: str): response = await run_concurrently( lambda: iam_client.projects().roles().get(name=role).execute() ) + elif 'organizations/' in role: + response = await run_concurrently( + lambda: iam_client.organizations().roles().get(name=role).execute() + ) else: response = await run_concurrently( lambda: iam_client.roles().get(name=role).execute() From 89b2da3207b613dfa4e1fae2eafd762c6a585729 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 18 Feb 2022 12:37:59 +0100 Subject: [PATCH 722/979] Fix bug --- ScoutSuite/providers/gcp/facade/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index bc5918976..7468c8ea2 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -152,7 +152,7 @@ async def is_api_enabled(self, project_id, service): services_response = await GCPFacadeUtils.get_all('services', request, services) except Exception as e: print_warning(f'Could not fetch the state of services for project \"{project_id}\", ' - f'including {format_service_name(service.lower())} in the execution', {'exception': e}) + f'including {format_service_name(service.lower())} in the execution: {e}') return True # These are hardcoded endpoint correspondences as there's no easy way to do this. From 4f06d611180c2a26a46625b63e07d24d897f4100 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Fri, 18 Feb 2022 15:16:14 +0000 Subject: [PATCH 723/979] Fix issue with UI --- ScoutSuite/output/data/html/partials/policy.html | 8 +++++--- ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css | 7 +++++++ ScoutSuite/output/data/inc-scoutsuite/helpers.js | 4 ++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/policy.html b/ScoutSuite/output/data/html/partials/policy.html index 2ad68e0a8..8bdc0df62 100755 --- a/ScoutSuite/output/data/html/partials/policy.html +++ b/ScoutSuite/output/data/html/partials/policy.html @@ -5,13 +5,15 @@   "{{@key}}":  [
    {{#each this}}
    - {{{displayKey @key this}}} + +
    {{jsonToString this}}
    +     {{#unless @last}},{{/unless}}
    - {{/each}} + {{/each}}   ] {{else}} -   "{{@key}}":  {{{displayKey @key this}}} +   "{{@key}}":  {{jsonToString this}} {{/ifEqual}} {{#unless @last}},{{/unless}}
    diff --git a/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css b/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css index bd7f9dbba..abf2c593d 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css +++ b/ScoutSuite/output/data/inc-scoutsuite/css/scoutsuite.css @@ -516,4 +516,11 @@ footer a { footer a:hover { color: #ee173a; +} + +.code { + font-size: 87.5%; + color: #e83e8c; + word-break: break-word; + white-space: pre-line; } \ No newline at end of file diff --git a/ScoutSuite/output/data/inc-scoutsuite/helpers.js b/ScoutSuite/output/data/inc-scoutsuite/helpers.js index 93f103168..e0ff1b85d 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/helpers.js +++ b/ScoutSuite/output/data/inc-scoutsuite/helpers.js @@ -38,6 +38,10 @@ Handlebars.registerHelper('displayKey', function (keyName, blob) { return key }) +Handlebars.registerHelper('jsonToString', function (obj) { + return JSON.stringify(obj, null, 2) +}) + Handlebars.registerHelper('has_profiles?', function (logins) { if (typeof logins !== 'undefined' && logins !== '') { return 'Yes' From 47ce55933399762c28fe35e84de3d5b6be56e623 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Fri, 18 Feb 2022 15:18:38 +0000 Subject: [PATCH 724/979] RC version update --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 37f130d59..569066eb5 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.11.0RC3' +__version__ = '5.11.0RC4' ERRORS_LIST = [] From 6809e90b97e43c06e82c17a2e1957e2099bb38af Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 18 Feb 2022 18:50:51 +0100 Subject: [PATCH 725/979] Handle deleted users --- ScoutSuite/providers/gcp/resources/iam/member_bindings.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py index c972e07ef..5ddcd136a 100755 --- a/ScoutSuite/providers/gcp/resources/iam/member_bindings.py +++ b/ScoutSuite/providers/gcp/resources/iam/member_bindings.py @@ -51,7 +51,9 @@ def _parse_members(self, raw_binding): member_type, entity = member.split(':')[:2] if member_type in type_map: members_dict[type_map[member_type]].append(entity) + elif member_type == 'deleted': + pass else: - print_exception('Type %s not handled' % member_type) + print_exception(f'Type {member_type} not handled') return members_dict From a5df7f77f48a833408354af78b0decb79a9a4523 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 21 Feb 2022 12:29:43 +0100 Subject: [PATCH 726/979] Fix bug --- ScoutSuite/providers/gcp/facade/base.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 7468c8ea2..25cb7ce73 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -151,8 +151,8 @@ async def is_api_enabled(self, project_id, service): request = services.list(parent=f'projects/{project_id}') services_response = await GCPFacadeUtils.get_all('services', request, services) except Exception as e: - print_warning(f'Could not fetch the state of services for project \"{project_id}\", ' - f'including {format_service_name(service.lower())} in the execution: {e}') + print_warning(f"Could not fetch the state of services for project \"{project_id}\", " + f"including {format_service_name(service.lower())} in the execution: {e}") return True # These are hardcoded endpoint correspondences as there's no easy way to do this. @@ -175,8 +175,8 @@ async def is_api_enabled(self, project_id, service): elif service == 'DNS': endpoint = 'dns' else: - print_warning(f'Could not validate the state of the {format_service_name(service.lower())} API for ' - f'project \"{project_id}\", including it in the execution') + print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " + f"for project \"{project_id}\", including it in the execution") return True for s in services_response: @@ -188,6 +188,6 @@ async def is_api_enabled(self, project_id, service): f'project \"{project_id}\", skipping') return False - print_warning(f'Could not validate the state of the {format_service_name(service.lower())} API ' - f'for project \"{project_id}\", including it in the execution') + print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " + f"for project \"{project_id}\", including it in the execution") return True From d5f555fd0aa447eb23cb76b56bdd231f69c660f4 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 21 Feb 2022 17:41:36 +0100 Subject: [PATCH 727/979] Check object has key --- .../rules/findings/cloudsql-instance-with-no-backups.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json index 47cb731bb..980fb4881 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-instance-with-no-backups.json @@ -8,6 +8,11 @@ "path": "cloudsql.projects.id.instances.id", "conditions": [ "and", + [ + "cloudsql.projects.id.instances.id", + "withKey", + "backups" + ], [ "cloudsql.projects.id.instances.id.backups", "empty", From 61de5491b12fb6abc9da0b3db4bc29f8962cf945 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 21 Feb 2022 17:45:38 +0100 Subject: [PATCH 728/979] Ignore useless 400s --- ScoutSuite/providers/gcp/facade/cloudsql.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/cloudsql.py b/ScoutSuite/providers/gcp/facade/cloudsql.py index 01f6619c1..8b66e214a 100755 --- a/ScoutSuite/providers/gcp/facade/cloudsql.py +++ b/ScoutSuite/providers/gcp/facade/cloudsql.py @@ -35,5 +35,6 @@ async def get_users(self, project_id: str, instance_name: str): ) return response.get('items', []) except Exception as e: - print_exception(f'Failed to retrieve database instance users: {e}') + if 'Invalid request since instance is not running' not in str(e): + print_exception(f'Failed to retrieve database instance users: {e}') return [] From 4cf63eef46767d0a60d97def0f97e312f331ddf3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 21 Feb 2022 17:47:41 +0100 Subject: [PATCH 729/979] Add provider to string --- ScoutSuite/providers/aws/utils.py | 2 +- ScoutSuite/providers/gcp/utils.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index cc0f24c4d..6479fc36c 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -38,7 +38,7 @@ def is_throttled(e): in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] ) except Exception as e: - print_exception(f'Unable to validate exception for throttling: {e}') + print_exception(f'Unable to validate exception for AWS throttling: {e}') return False diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index 16f1eae9b..200b24160 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -13,5 +13,5 @@ def is_throttled(e): else: return False except Exception as e: - print_exception(f'Unable to validate exception for throttling: {e}') + print_exception(f'Unable to validate exception for GCP throttling: {e}') return False From 1a0a1c6830df0214e6f0721e77e4f6f25f1e22e6 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 22 Feb 2022 18:12:41 +0100 Subject: [PATCH 730/979] Handle bug --- ScoutSuite/providers/gcp/facade/gke.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/gke.py b/ScoutSuite/providers/gcp/facade/gke.py index 398673e8c..f6cf669aa 100644 --- a/ScoutSuite/providers/gcp/facade/gke.py +++ b/ScoutSuite/providers/gcp/facade/gke.py @@ -28,7 +28,10 @@ async def _get_and_set_private_google_access_enabled(self, cluster, project_id): try: region = self._get_cluster_region(cluster) subnetwork = await self._gce_facade.get_subnetwork(project_id, region, cluster['subnetwork']) - cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess') + if subnetwork: + cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess') + else: + cluster['privateIpGoogleAccess'] = None except Exception as e: print_exception('Failed to retrieve cluster private IP Google access config: {}'.format(e)) cluster['privateIpGoogleAccess'] = None From 0a44ea1fb89466691faca8a7c75d9906e23b902c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 22 Feb 2022 18:14:59 +0100 Subject: [PATCH 731/979] Add canary --- ScoutSuite/providers/gcp/facade/iam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/iam.py b/ScoutSuite/providers/gcp/facade/iam.py index f73507ae1..cc0f1985d 100755 --- a/ScoutSuite/providers/gcp/facade/iam.py +++ b/ScoutSuite/providers/gcp/facade/iam.py @@ -72,5 +72,5 @@ async def get_role_definition(self, role: str): ) return response except Exception as e: - print_exception(f'Failed to retrieve IAM role definition: {e}') + print_exception(f'Failed to retrieve IAM role definition for role {role}: {e}') return {} From 75de259396d1b9d1f3c2fa6c84f712a941ace8e3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 22 Feb 2022 18:22:26 +0100 Subject: [PATCH 732/979] Ignore error --- ScoutSuite/providers/gcp/facade/kms.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py index d401af962..ae854ca0b 100755 --- a/ScoutSuite/providers/gcp/facade/kms.py +++ b/ScoutSuite/providers/gcp/facade/kms.py @@ -42,7 +42,8 @@ async def list_key_rings(self, project_id: str): lambda: list(self.cloud_client.list_key_rings(parent))) return key_rings except Exception as e: - print_exception(f'Failed to retrieve KMS key rings: {e}') + if 'Billing is disabled for project' not in str(e): + print_exception(f'Failed to retrieve KMS key rings: {e}') return {} async def list_keys(self, project_id: str, location: str, keyring_name: str): From 28cdc548c7ea94cb26eb6be8d7ef008d6ffb147e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Feb 2022 16:29:12 +0100 Subject: [PATCH 733/979] Fix bug --- ScoutSuite/providers/gcp/facade/iam.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/gcp/facade/iam.py b/ScoutSuite/providers/gcp/facade/iam.py index cc0f1985d..74b89825c 100755 --- a/ScoutSuite/providers/gcp/facade/iam.py +++ b/ScoutSuite/providers/gcp/facade/iam.py @@ -57,6 +57,7 @@ async def get_service_account_key(self, key_name: str): async def get_role_definition(self, role: str): try: + role = role.split("_withcond_")[0] # remove the condition key to get the actual role iam_client = self._get_client() if 'projects/' in role: response = await run_concurrently( From bd90cfc03608cd78969a3cb06e94bb9f67adf704 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Feb 2022 16:47:47 +0100 Subject: [PATCH 734/979] Better error logging --- ScoutSuite/providers/aws/utils.py | 18 +++++++++--------- ScoutSuite/providers/gcp/utils.py | 10 +++++----- ScoutSuite/providers/utils.py | 12 ++++++------ 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 6479fc36c..30f703de3 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -22,23 +22,23 @@ def get_partition_name(session): return partition_name -def is_throttled(e): +def is_throttled(exception): """ Determines whether the exception is due to API throttling. - :param e: Exception raised + :param exception: Exception raised :return: True if it's a throttling exception else False """ try: return ( - hasattr(e, "response") - and e.response - and "Error" in e.response - and e.response["Error"]["Code"] - in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] + hasattr(exception, "response") + and exception.response + and "Error" in exception.response + and exception.response["Error"]["Code"] + in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] ) - except Exception as e: - print_exception(f'Unable to validate exception for AWS throttling: {e}') + except Exception as exception: + print_exception(f'Unable to validate exception {e} for AWS throttling: {exception}') return False diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index 200b24160..4b52c765f 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -1,17 +1,17 @@ from ScoutSuite.core.console import print_exception -def is_throttled(e): +def is_throttled(exception): """ Determines whether the exception is due to API throttling. - :param e: Exception raised + :param exception: Exception raised :return: True if it's a throttling exception else False """ try: - if 'Quota exceeded' in str(e): + if 'Quota exceeded' in str(exception): return True else: return False - except Exception as e: - print_exception(f'Unable to validate exception for GCP throttling: {e}') + except Exception as exception: + print_exception(f'Unable to validate exception {e} for GCP throttling: {exception}') return False diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index c1830a6e7..ca382b1fc 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -110,16 +110,16 @@ async def map_concurrently(coroutine, entities, **kwargs): return results -def is_throttled(e): +def is_throttled(exception): """ Function that tries to determine if an exception was caused by throttling TODO - this implementation is incomplete """ - if hasattr(e, 'message') and \ - ('Google Cloud' in e.message or - '404' in e.message or - 'projects/' in e.message): + if hasattr(exception, 'message') and \ + ('Google Cloud' in exception.message or + '404' in exception.message or + 'projects/' in exception.message): return False else: - return aws_is_throttled(e) or gcp_is_throttled(e) + return aws_is_throttled(exception) or gcp_is_throttled(exception) From a9005d51617b846ad02e62f2e3c6490ecaea312d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 24 Feb 2022 15:29:05 +0100 Subject: [PATCH 735/979] Improve error logging --- ScoutSuite/providers/base/provider.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/base/provider.py b/ScoutSuite/providers/base/provider.py index a90c45671..e4ad11f26 100755 --- a/ScoutSuite/providers/base/provider.py +++ b/ScoutSuite/providers/base/provider.py @@ -377,15 +377,14 @@ def _new_go_to_and_do(self, current_config, path, current_path, callbacks): else: callback(current_config, path, current_path, value, callback_args) except Exception as e: - print_exception(e, {'callback': callback_name, - 'callback arguments': callback_args, - 'current path': f'{current_path}', - 'key': '{}'.format(key if 'key' in locals() else 'not defined'), - 'value': '{}'.format( - value if 'value' in locals() else 'not defined'), - 'path': f'{path}', - } - ) + print_exception(f'Error when calling callback {callback_name} with value {value}: {e}', + {'callback': callback_name, + 'callback arguments': callback_args, + 'current path': f'{current_path}', + 'key': '{}'.format(key if 'key' in locals() else 'not defined'), + 'value': '{}'.format( + value if 'value' in locals() else 'not defined'), + 'path': f'{path}'}) else: tmp = copy.deepcopy(current_path) try: From 2447af571694cbbcc346ca691165b47c9c81007d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 25 Feb 2022 11:34:33 +0100 Subject: [PATCH 736/979] Decrease error logging --- ScoutSuite/providers/aws/provider.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index a44ca3281..596184d82 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -1,7 +1,7 @@ import copy import os -from ScoutSuite.core.console import print_error, print_exception, print_debug +from ScoutSuite.core.console import print_error, print_exception, print_warning, print_debug from ScoutSuite.providers.aws.services import AWSServicesConfig from ScoutSuite.providers.aws.resources.vpc.base import put_cidr_name from ScoutSuite.providers.aws.utils import ec2_classic, get_aws_account_id, get_partition_name @@ -692,7 +692,7 @@ def sort_vpc_flow_logs_callback(self, current_config, path, current_path, flow_l if flow_log_id not in subnet['flow_logs']: subnet['flow_logs'].append(flow_log_id) else: - print_exception('Resource %s attached to flow logs is not handled' % attached_resource) + print_warning('Resource %s attached to flow logs is not handled' % attached_resource) def get_db_attack_surface(self, current_config, path, current_path, db_id, callback_args): service = current_path[1] From d7fac6d1fa769bb39879d0744217cadba5da8dc4 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 25 Feb 2022 11:45:44 +0100 Subject: [PATCH 737/979] Fix bugs and improve error logging --- ScoutSuite/providers/aws/facade/iam.py | 3 +- ScoutSuite/providers/aws/provider.py | 43 ++++++++++++-------- ScoutSuite/providers/base/configs/browser.py | 4 -- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/iam.py b/ScoutSuite/providers/aws/facade/iam.py index 1b35b2ee6..1f24eab02 100755 --- a/ScoutSuite/providers/aws/facade/iam.py +++ b/ScoutSuite/providers/aws/facade/iam.py @@ -193,9 +193,10 @@ async def get_virtual_mfa_devices(self): client = AWSFacadeUtils.get_client('iam', self.session) try: return await run_concurrently( - lambda: client.list_virtual_mfa_devices()['VirtualMFADevices']) + lambda: client.list_virtual_mfa_devices().get('VirtualMFADevices', [])) except Exception as e: print_exception(f'Failed to list virtual MFA devices: {e}') + return [] async def _get_and_set_group_users(self, group: {}): client = AWSFacadeUtils.get_client('iam', self.session) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 596184d82..411532bf2 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -240,24 +240,27 @@ def _process_network_acls_check_for_aws_default(network_acl, direction): network_acl['use_default_%s_rules' % direction] = False def list_ec2_network_attack_surface_callback(self, current_config, path, current_path, privateip_id, callback_args): - manage_dictionary(self.services['ec2'], 'external_attack_surface', {}) - if 'Association' in current_config and current_config['Association']: - public_ip = current_config['Association']['PublicIp'] - self._security_group_to_attack_surface(self.services['ec2']['external_attack_surface'], - public_ip, current_path, - [g['GroupId'] - for g in current_config['Groups']], - []) - self._complete_information_on_ec2_attack_surface(current_config, current_path, public_ip) - - # IPv6 - if 'Ipv6Addresses' in current_config and len(current_config['Ipv6Addresses']) > 0: - for ipv6 in current_config['Ipv6Addresses']: - ip = ipv6['Ipv6Address'] + try: + manage_dictionary(self.services['ec2'], 'external_attack_surface', {}) + if 'Association' in current_config and current_config['Association']: + public_ip = current_config['Association']['PublicIp'] self._security_group_to_attack_surface(self.services['ec2']['external_attack_surface'], - ip, current_path, - [g['GroupId'] for g in current_config['Groups']], []) - self._complete_information_on_ec2_attack_surface(current_config, current_path, ip) + public_ip, current_path, + [g['GroupId'] + for g in current_config['Groups']], + []) + self._complete_information_on_ec2_attack_surface(current_config, current_path, public_ip) + + # IPv6 + if 'Ipv6Addresses' in current_config and len(current_config['Ipv6Addresses']) > 0: + for ipv6 in current_config.get('Ipv6Addresses', []): + ip = ipv6['Ipv6Address'] + self._security_group_to_attack_surface(self.services['ec2']['external_attack_surface'], + ip, current_path, + [g['GroupId'] for g in current_config['Groups']], []) + self._complete_information_on_ec2_attack_surface(current_config, current_path, ip) + except Exception as e: + print_exception(f"Error listing EC2 network attack surface: {e}") def _complete_information_on_ec2_attack_surface(self, current_config, current_path, public_ip): # Get the EC2 instance info @@ -558,7 +561,11 @@ def match_security_groups_and_resources_callback(self, current_config, path, cur if 'status_path' in callback_args: status_path = combine_paths(copy.deepcopy( original_resource_path), callback_args['status_path']) - resource_status = get_object_at(self, status_path).replace('.', '_') + obj = get_object_at(self, status_path) + if obj: + resource_status = obj.replace('.', '_') + else: + resource_status = obj else: resource_status = None unknown_vpc_id = True if current_path[4] != 'vpcs' else False diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index dfa4be90c..db8a64a64 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -42,10 +42,6 @@ def get_object_at(object, path, attribute_name=None): else: return o except Exception as e: - # print_exception("Failed to get object at path \"{}\"".format(path), - # additional_details={'object': object, - # 'path': path, - # 'attribute_name': attribute_name}) raise e From 9588413c6aa8fd6e1351ac3423816d8ca2f442d9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 25 Feb 2022 11:53:58 +0100 Subject: [PATCH 738/979] Decrease logging level --- ScoutSuite/providers/aws/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 411532bf2..b3157d033 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -202,7 +202,7 @@ def add_security_group_name_to_ec2_grants_callback(self, current_config, path, c # Can't infer the name of the SG in the peered account pass else: - print_exception('Failed to handle EC2 grant: %s' % ec2_grant) + print_warning('Failed to handle EC2 grant: %s' % ec2_grant) def process_network_acls_callback(self, current_config, path, current_path, privateip_id, callback_args): # Check if the network ACL allows all traffic from all IP addresses From f47290ee26d65fcce8c12f752cd1cb602e1a4c77 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 25 Feb 2022 12:32:14 +0100 Subject: [PATCH 739/979] Decrease logging level --- ScoutSuite/providers/aws/facade/awslambda.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/awslambda.py b/ScoutSuite/providers/aws/facade/awslambda.py index be901b1c6..aebe9fe96 100755 --- a/ScoutSuite/providers/aws/facade/awslambda.py +++ b/ScoutSuite/providers/aws/facade/awslambda.py @@ -1,6 +1,6 @@ import json -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils @@ -40,7 +40,10 @@ async def get_role_with_managed_policies(self, role_name): role['policies'] = managed_policies return role except Exception as e: - print_exception('Failed to get role from managed policies: {}'.format(e)) + if 'NoSuchEntity' in e: + print_warning(f'Failed to get role from managed policies: {e}') + else: + print_exception(f'Failed to get role from managed policies: {e}') return None async def get_env_variables(self, function_name, region): From f8c9f5dcbac1b687d455461d767ce5e76c3734b1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 15:49:44 +0100 Subject: [PATCH 740/979] Improve error logging --- ScoutSuite/providers/base/configs/browser.py | 4 ++-- ScoutSuite/providers/gcp/facade/kms.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index db8a64a64..eb4eb983c 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -75,7 +75,7 @@ def get_value_at(all_info, current_path, key, to_string=False): else: target_path.append(key) except Exception as e: - print_exception(f'Unable to get index \"{i}\" from path {current_path}: {e}', + print_exception(f'Unable to get index \"{i}\" from path \"{current_path}\": {e}', additional_details={'current_path': current_path, 'target_path': target_path, 'key': key, @@ -102,7 +102,7 @@ def get_value_at(all_info, current_path, key, to_string=False): else: target_obj = target_obj[p] except Exception as e: - print_exception(f'Unable to get \"{p}\" from target object {target_obj}: {e}', + print_exception(f'Unable to get \"{p}\" from target object \"{target_obj}\": {e}', additional_details={'current_path': current_path, 'target_obj': target_obj, 'p': p}) diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py index ae854ca0b..6ceade9ae 100755 --- a/ScoutSuite/providers/gcp/facade/kms.py +++ b/ScoutSuite/providers/gcp/facade/kms.py @@ -42,7 +42,7 @@ async def list_key_rings(self, project_id: str): lambda: list(self.cloud_client.list_key_rings(parent))) return key_rings except Exception as e: - if 'Billing is disabled for project' not in str(e): + if 'Billing is disabled for project' not in e: print_exception(f'Failed to retrieve KMS key rings: {e}') return {} From 6d7c93691131471c979c7058ce5c20ae23a4db78 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 15:53:18 +0100 Subject: [PATCH 741/979] Improve error logging --- ScoutSuite/providers/aws/provider.py | 21 ++++++++++++--------- ScoutSuite/providers/base/provider.py | 3 +-- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index b3157d033..f05f56603 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -263,15 +263,18 @@ def list_ec2_network_attack_surface_callback(self, current_config, path, current print_exception(f"Error listing EC2 network attack surface: {e}") def _complete_information_on_ec2_attack_surface(self, current_config, current_path, public_ip): - # Get the EC2 instance info - ec2_info = self.services - for p in current_path[1:-3]: - ec2_info = ec2_info[p] - # Fill the rest of the attack surface details on that IP - self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info['name'] - if 'PublicDnsName' in current_config['Association']: - self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \ - current_config['Association']['PublicDnsName'] + try: + # Get the EC2 instance info + ec2_info = self.services + for p in current_path[1:-3]: + ec2_info = ec2_info[p] + # Fill the rest of the attack surface details on that IP + self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info.get('name') + if 'PublicDnsName' in current_config.get('Association'): + self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \ + current_config['Association'].get('PublicDnsName') + except Exception as e: + print_exception(f"Error completing EC2 network attack surface information: {e}") def _map_all_sgs(self): sg_map = dict() diff --git a/ScoutSuite/providers/base/provider.py b/ScoutSuite/providers/base/provider.py index e4ad11f26..64c4bbd05 100755 --- a/ScoutSuite/providers/base/provider.py +++ b/ScoutSuite/providers/base/provider.py @@ -248,8 +248,7 @@ def _process_metadata_callbacks(self): for summary in self.metadata[service_group][service]['summaries']: if 'callbacks' in self.metadata[service_group][service]['summaries'][summary]: current_path = ['services', service] - for callback in self.metadata[service_group][service]['summaries'][summary][ - 'callbacks']: + for callback in self.metadata[service_group][service]['summaries'][summary]['callbacks']: callback_name = callback[0] callback_args = copy.deepcopy(callback[1]) target_path = callback_args.pop('path').replace('.id', '').split('.')[2:] From 78e38664f1d328a2c8bd1e160076e1d254f46c9a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 16:03:09 +0100 Subject: [PATCH 742/979] Improve error logging --- ScoutSuite/providers/aws/facade/ec2.py | 7 ++- ScoutSuite/providers/aws/facade/rds.py | 8 +-- ScoutSuite/providers/aws/provider.py | 72 ++++++++++++++------------ 3 files changed, 48 insertions(+), 39 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index c265946c4..00a5ea273 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -3,7 +3,7 @@ import boto3 import zlib -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import get_and_set_concurrently @@ -127,7 +127,10 @@ async def _get_and_set_key_manager(self, volume: {}, region: str): volume['KeyManager'] = await run_concurrently( lambda: kms_client.describe_key(KeyId=key_id)['KeyMetadata']['KeyManager']) except Exception as e: - print_exception(f'Failed to describe KMS key: {e}') + if 'NotFoundException' in e: + print_warning(f'Failed to describe KMS key: {e}') + else: + print_exception(f'Failed to describe KMS key: {e}') volume['KeyManager'] = None else: volume['KeyManager'] = None diff --git a/ScoutSuite/providers/aws/facade/rds.py b/ScoutSuite/providers/aws/facade/rds.py index f8f2db32c..f9d629e4a 100755 --- a/ScoutSuite/providers/aws/facade/rds.py +++ b/ScoutSuite/providers/aws/facade/rds.py @@ -1,13 +1,12 @@ from asyncio import Lock from botocore.exceptions import ClientError -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.aws.utils import get_aws_account_id from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.utils import ec2_classic from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently -from ScoutSuite.core.console import print_exception class RDSFacade(AWSBaseFacade): @@ -114,7 +113,10 @@ async def _get_and_set_snapshot_attributes(self, snapshot: {}, region: str): snapshot['Attributes'] =\ attributes['DBSnapshotAttributes'] if 'DBSnapshotAttributes' in attributes else {} except Exception as e: - print_exception(f'Failed to describe RDS snapshot attributes: {e}') + if 'DBSnapshotNotFound' in e: + print_warning(f'Failed to describe RDS snapshot attributes: {e}') + else: + print_exception(f'Failed to describe RDS snapshot attributes: {e}') snapshot['Attributes'] = {} async def _get_and_set_cluster_snapshot_attributes(self, snapshot: {}, region: str): diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index f05f56603..08877559d 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -730,41 +730,45 @@ def get_db_attack_surface(self, current_config, path, current_path, db_id, callb # TODO :: Get Redis endpoint information def get_lb_attack_surface(self, current_config, path, current_path, elb_id, callback_args): - public_dns = current_config['DNSName'] - elb_config = self.services[current_path[1]] - manage_dictionary(elb_config, 'external_attack_surface', {}) - if current_path[1] == 'elbv2' and current_config['Type'] == 'network': - # Network LBs do not have a security group, lookup listeners instead - manage_dictionary( - elb_config['external_attack_surface'], public_dns, {'protocols': {}}) - for listener in current_config['listeners']: - protocol = current_config['listeners'][listener]['Protocol'] - manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'], protocol, - {'ports': {}}) - manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'], - listener, {'cidrs': []}) - elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'][listener][ - 'cidrs'].append({'CIDR': '0.0.0.0/0'}) - elif current_path[1] == 'elbv2' and current_config['Scheme'] == 'internet-facing': - elb_config['external_attack_surface'][public_dns] = { - 'protocols': {}} - security_groups = [g['GroupId'] - for g in current_config['security_groups']] - listeners = [] - for listener in current_config['listeners']: - listeners.append(listener) - self._security_group_to_attack_surface(elb_config['external_attack_surface'], public_dns, - current_path, security_groups, listeners) - elif current_config['Scheme'] == 'internet-facing': - # Classic ELbs do not have a security group, lookup listeners instead + try: public_dns = current_config['DNSName'] - manage_dictionary(elb_config['external_attack_surface'], public_dns, { - 'protocols': {'TCP': {'ports': {}}}}) - for listener in current_config['listeners']: - manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'], - listener, {'cidrs': []}) - elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'][listener][ - 'cidrs'].append({'CIDR': '0.0.0.0/0'}) + elb_config = self.services[current_path[1]] + manage_dictionary(elb_config, 'external_attack_surface', {}) + if current_path[1] == 'elbv2' and current_config['Type'] == 'network': + # Network LBs do not have a security group, lookup listeners instead + manage_dictionary( + elb_config['external_attack_surface'], public_dns, {'protocols': {}}) + for listener in current_config['listeners']: + protocol = current_config['listeners'][listener]['Protocol'] + manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'], protocol, + {'ports': {}}) + manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'], + listener, {'cidrs': []}) + elb_config['external_attack_surface'][public_dns]['protocols'][protocol]['ports'][listener][ + 'cidrs'].append({'CIDR': '0.0.0.0/0'}) + elif current_path[1] == 'elbv2' and current_config['Scheme'] == 'internet-facing': + elb_config['external_attack_surface'][public_dns] = { + 'protocols': {}} + security_groups = [g['GroupId'] + for g in current_config['security_groups']] + listeners = [] + for listener in current_config['listeners']: + listeners.append(listener) + self._security_group_to_attack_surface(elb_config['external_attack_surface'], public_dns, + current_path, security_groups, listeners) + elif current_config['Scheme'] == 'internet-facing': + # Classic ELbs do not have a security group, lookup listeners instead + public_dns = current_config['DNSName'] + manage_dictionary(elb_config['external_attack_surface'], public_dns, { + 'protocols': {'TCP': {'ports': {}}}}) + for listener in current_config['listeners']: + manage_dictionary(elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'], + listener, {'cidrs': []}) + elb_config['external_attack_surface'][public_dns]['protocols']['TCP']['ports'][listener][ + 'cidrs'].append({'CIDR': '0.0.0.0/0'}) + except Exception as e: + print_exception(f'Failed to get LB attack surface: {e}') + def _security_group_to_attack_surface(self, attack_surface_config, public_ip, current_path, security_groups, listeners=None): From 14bb69cee0bfbf99d8f85faca23012164c01c264 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 16:07:23 +0100 Subject: [PATCH 743/979] Improve rule --- .../findings/iam-lightspin-user-action-denied-for-group.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json index 0d9ea6cf3..426df98ca 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-lightspin-user-action-denied-for-group.json @@ -16,6 +16,11 @@ "equal", "Deny" ], + [ + "iam.policies.id.PolicyDocument.Statement.id.", + "withKey", + "Resource" + ], [ "iam.policies.id.PolicyDocument.Statement.id.Resource", "matchInList", From be7cf453a6a84e44a33d88ac36799c074c43709d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 16:18:49 +0100 Subject: [PATCH 744/979] Improve code quality --- ScoutSuite/providers/aws/resources/iam/roles.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/iam/roles.py b/ScoutSuite/providers/aws/resources/iam/roles.py index 02a6cc494..368ccaec0 100755 --- a/ScoutSuite/providers/aws/resources/iam/roles.py +++ b/ScoutSuite/providers/aws/resources/iam/roles.py @@ -22,6 +22,6 @@ def _parse_role(self, raw_role): role_dict['inline_policies'] = raw_role.get('inline_policies') role_dict['inline_policies_count'] = raw_role.get('inline_policies_count') role_dict['assume_role_policy'] = raw_role.get('assume_role_policy') - if (len(raw_role['tags']['Tags']) > 0): - role_dict['Tags'] = raw_role['tags']['Tags'] + if len(raw_role.get('tags', {}).get('Tags')) > 0: + role_dict['Tags'] = raw_role.get('tags').get('Tags') return role_dict['id'], role_dict From 0351f22a322d522293a70d4cdff26f2e1d808fc3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 16:48:31 +0100 Subject: [PATCH 745/979] Improve code quality --- ScoutSuite/providers/aws/provider.py | 32 +++++++++++++++++----------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 08877559d..f8c539231 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -522,12 +522,15 @@ def process_vpc_peering_connections_callback(self, current_config, path, current else: current_config['peer_info']['name'] = current_config['peer_info']['OwnerId'] - def match_roles_and_cloudformation_stacks_callback(self, current_config, path, current_path, stack_id, - callback_args): - if 'RoleARN' not in current_config: - return - role_arn = current_config.pop('RoleARN') - current_config['iam_role'] = self._get_role_info('arn', role_arn) + def match_roles_and_cloudformation_stacks_callback(self, + current_config, path, current_path, stack_id, callback_args): + try: + if 'RoleARN' not in current_config: + return + role_arn = current_config.pop('RoleARN') + current_config['iam_role'] = self._get_role_info('arn', role_arn) + except Exception as e: + print_exception(f'Unable to match roles and CloudFormation stacks: {e}') def match_roles_and_vpc_flowlogs_callback(self, current_config, path, current_path, flowlog_id, callback_args): if 'DeliverLogsPermissionArn' not in current_config: @@ -537,13 +540,16 @@ def match_roles_and_vpc_flowlogs_callback(self, current_config, path, current_pa 'arn', delivery_role_arn) def _get_role_info(self, attribute_name, attribute_value): - iam_role_info = {'name': None, 'id': None} - for role_id in self.services['iam']['roles']: - if self.services['iam']['roles'][role_id][attribute_name] == attribute_value: - iam_role_info['name'] = self.services['iam']['roles'][role_id]['name'] - iam_role_info['id'] = role_id - break - return iam_role_info + try: + iam_role_info = {'name': None, 'id': None} + for role_id in self.services['iam'].get('roles', []): + if self.services['iam']['roles'][role_id][attribute_name] == attribute_value: + iam_role_info['name'] = self.services['iam']['roles'][role_id]['name'] + iam_role_info['id'] = role_id + break + return iam_role_info + except Exception as e: + print_exception(f'Unable to get role info for attribute {attribute_name} with value {attribute_value}: {e}') def match_security_groups_and_resources_callback(self, current_config, path, current_path, resource_id, callback_args): From 4296e421860e4f10f1c9ce686f6466cd633c9c45 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Feb 2022 17:16:10 +0100 Subject: [PATCH 746/979] Improve error logging and handling --- .../providers/aws/resources/iam/base.py | 50 ++++++++++--------- ScoutSuite/providers/base/services.py | 4 +- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/iam/base.py b/ScoutSuite/providers/aws/resources/iam/base.py index b70d687b1..fd678ba38 100755 --- a/ScoutSuite/providers/aws/resources/iam/base.py +++ b/ScoutSuite/providers/aws/resources/iam/base.py @@ -6,6 +6,7 @@ from ScoutSuite.providers.aws.resources.iam.roles import Roles from ScoutSuite.providers.aws.resources.iam.passwordpolicy import PasswordPolicy from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.core.console import print_exception class IAM(AWSCompositeResources): @@ -29,30 +30,33 @@ async def fetch_all(self, partition_name='aws', **kwargs): self['password_policy_count'] = 0 async def finalize(self): - # Update permissions for managed policies - self['permissions'] = {} - policies = [policy for policy in self['policies'].values()] - self._parse_inline_policies_permissions('groups') - self._parse_inline_policies_permissions('users') - self._parse_inline_policies_permissions('roles') + try: + # Update permissions for managed policies + self['permissions'] = {} + policies = [policy for policy in self['policies'].values()] + self._parse_inline_policies_permissions('groups') + self._parse_inline_policies_permissions('users') + self._parse_inline_policies_permissions('roles') - for policy in policies: - policy_id = policy['id'] - if 'attached_to' in policy and len(policy['attached_to']) > 0: - for entity_type in policy['attached_to']: - for entity in policy['attached_to'][entity_type]: - entity['id'] = self._get_id_for_resource( - entity_type, entity['name']) - entities = self[entity_type] - entities[entity['id']].setdefault('policies', []) - entities[entity['id']].setdefault('policies_counts', 0) - entities[entity['id']]['policies'].append(policy_id) - entities[entity['id']]['policies_counts'] += 1 - self._parse_permissions( - policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) - else: - self._parse_permissions( - policy_id, policy['PolicyDocument'], 'policies', None, None) + for policy in policies: + policy_id = policy['id'] + if 'attached_to' in policy and len(policy['attached_to']) > 0: + for entity_type in policy['attached_to']: + for entity in policy['attached_to'][entity_type]: + entity['id'] = self._get_id_for_resource( + entity_type, entity['name']) + entities = self[entity_type] + entities[entity['id']].setdefault('policies', []) + entities[entity['id']].setdefault('policies_counts', 0) + entities[entity['id']]['policies'].append(policy_id) + entities[entity['id']]['policies_counts'] += 1 + self._parse_permissions( + policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) + else: + self._parse_permissions( + policy_id, policy['PolicyDocument'], 'policies', None, None) + except Exception as e: + print_exception(f'Error finalizing IAM service: {e}') def _parse_inline_policies_permissions(self, resource_type): for resource_id in self[resource_type]: diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index 244c43b1e..31c0005f8 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -57,6 +57,6 @@ async def _fetch(self, service, regions=None, excluded_regions=None): if hasattr(service_config, 'finalize'): await service_config.finalize() else: - print_debug('No method to fetch service %s.' % service) + print_debug(f'No method to fetch service {service}.') except Exception as e: - print_exception(f'Could not fetch {service} configuration: {e}') + print_exception(f'Could not fetch {format_service_name(service)} configuration: {e}') From bea8ec116ef222615073bbeb54b77e749ddda0c2 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 1 Mar 2022 10:24:01 +0100 Subject: [PATCH 747/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/awslambda.py | 5 +- ScoutSuite/providers/aws/provider.py | 89 ++++++++++--------- .../providers/aws/resources/iam/base.py | 20 +++-- ScoutSuite/providers/base/configs/browser.py | 2 +- 4 files changed, 62 insertions(+), 54 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/awslambda.py b/ScoutSuite/providers/aws/facade/awslambda.py index aebe9fe96..01a4cc6ed 100755 --- a/ScoutSuite/providers/aws/facade/awslambda.py +++ b/ScoutSuite/providers/aws/facade/awslambda.py @@ -53,6 +53,9 @@ async def get_env_variables(self, function_name, region): if "Environment" in function_configuration and "Variables" in function_configuration["Environment"]: return function_configuration["Environment"]["Variables"] except Exception as e: - print_exception('Failed to get Lambda function configuration: {}'.format(e)) + if 'ResourceNotFoundException' in e: + print_warning('Failed to get Lambda function configuration: {}'.format(e)) + else: + print_exception('Failed to get Lambda function configuration: {}'.format(e)) return [] diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index f8c539231..1fe22e46b 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -778,50 +778,53 @@ def get_lb_attack_surface(self, current_config, path, current_path, elb_id, call def _security_group_to_attack_surface(self, attack_surface_config, public_ip, current_path, security_groups, listeners=None): - listeners = [] if listeners is None else listeners - manage_dictionary(attack_surface_config, public_ip, {'protocols': {}}) - instance_path = current_path[:-3] - if 'ec2' in self.service_list: # validate that the service was included in run - for sg_id in security_groups: - sg_path = copy.deepcopy(current_path[0:6]) - sg_path[1] = 'ec2' - sg_path.append('security_groups') - sg_path.append(sg_id) - sg_path.append('rules') - sg_path.append('ingress') - ingress_rules = get_object_at(self, sg_path) - for p in ingress_rules['protocols']: - for port in ingress_rules['protocols'][p]['ports']: - if len(listeners) == 0 and 'cidrs' in ingress_rules['protocols'][p]['ports'][port]: - manage_dictionary( - attack_surface_config[public_ip]['protocols'], p, {'ports': {}}) - manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'], port, - {'cidrs': []}) - attack_surface_config[public_ip]['protocols'][p]['ports'][port]['cidrs'] += \ - ingress_rules['protocols'][p]['ports'][port]['cidrs'] - else: - ports = port.split('-') - if len(ports) > 1: - port_min = int(ports[0]) - port_max = int(ports[1]) - elif port == 'N/A': - port_min = port_max = None - elif port == 'ALL': - port_min = 0 - port_max = 65535 - elif p == 'ICMP': - port_min = port_max = None + try: + listeners = [] if listeners is None else listeners + manage_dictionary(attack_surface_config, public_ip, {'protocols': {}}) + instance_path = current_path[:-3] + if 'ec2' in self.service_list: # validate that the service was included in run + for sg_id in security_groups: + sg_path = copy.deepcopy(current_path[0:6]) + sg_path[1] = 'ec2' + sg_path.append('security_groups') + sg_path.append(sg_id) + sg_path.append('rules') + sg_path.append('ingress') + ingress_rules = get_object_at(self, sg_path) + for p in ingress_rules['protocols']: + for port in ingress_rules['protocols'][p]['ports']: + if len(listeners) == 0 and 'cidrs' in ingress_rules['protocols'][p]['ports'][port]: + manage_dictionary( + attack_surface_config[public_ip]['protocols'], p, {'ports': {}}) + manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'], port, + {'cidrs': []}) + attack_surface_config[public_ip]['protocols'][p]['ports'][port]['cidrs'] += \ + ingress_rules['protocols'][p]['ports'][port]['cidrs'] else: - port_min = port_max = int(port) - for listener in listeners: - if (port_min and port_max) and port_min < int(listener) < port_max and \ - 'cidrs' in ingress_rules['protocols'][p]['ports'][port]: - manage_dictionary( - attack_surface_config[public_ip]['protocols'], p, {'ports': {}}) - manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'], - str(listener), {'cidrs': []}) - attack_surface_config[public_ip]['protocols'][p]['ports'][str(listener)]['cidrs'] += \ - ingress_rules['protocols'][p]['ports'][port]['cidrs'] + ports = port.split('-') + if len(ports) > 1: + port_min = int(ports[0]) + port_max = int(ports[1]) + elif port == 'N/A': + port_min = port_max = None + elif port == 'ALL': + port_min = 0 + port_max = 65535 + elif p == 'ICMP': + port_min = port_max = None + else: + port_min = port_max = int(port) + for listener in listeners: + if (port_min and port_max) and port_min < int(listener) < port_max and \ + 'cidrs' in ingress_rules['protocols'][p]['ports'][port]: + manage_dictionary( + attack_surface_config[public_ip]['protocols'], p, {'ports': {}}) + manage_dictionary(attack_surface_config[public_ip]['protocols'][p]['ports'], + str(listener), {'cidrs': []}) + attack_surface_config[public_ip]['protocols'][p]['ports'][str(listener)]['cidrs'] += \ + ingress_rules['protocols'][p]['ports'][port]['cidrs'] + except Exception as e: + print_exception(f'Failed to match SG to attack surface: {e}') def _parse_elb_policies(self): self._go_to_and_do(self.services['elb'], diff --git a/ScoutSuite/providers/aws/resources/iam/base.py b/ScoutSuite/providers/aws/resources/iam/base.py index fd678ba38..db7999b06 100755 --- a/ScoutSuite/providers/aws/resources/iam/base.py +++ b/ScoutSuite/providers/aws/resources/iam/base.py @@ -43,15 +43,17 @@ async def finalize(self): if 'attached_to' in policy and len(policy['attached_to']) > 0: for entity_type in policy['attached_to']: for entity in policy['attached_to'][entity_type]: - entity['id'] = self._get_id_for_resource( - entity_type, entity['name']) - entities = self[entity_type] - entities[entity['id']].setdefault('policies', []) - entities[entity['id']].setdefault('policies_counts', 0) - entities[entity['id']]['policies'].append(policy_id) - entities[entity['id']]['policies_counts'] += 1 - self._parse_permissions( - policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) + try: + entity['id'] = self._get_id_for_resource(entity_type, entity['name']) + entities = self[entity_type] + entities[entity['id']].setdefault('policies', []) + entities[entity['id']].setdefault('policies_counts', 0) + entities[entity['id']]['policies'].append(policy_id) + entities[entity['id']]['policies_counts'] += 1 + self._parse_permissions( + policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) + except Exception as e: + print_exception(f'Error setting entity for ID {entity["id"]}: {e}') else: self._parse_permissions( policy_id, policy['PolicyDocument'], 'policies', None, None) diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index eb4eb983c..78eed9518 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -100,7 +100,7 @@ def get_value_at(all_info, current_path, key, to_string=False): elif p == '': pass else: - target_obj = target_obj[p] + target_obj = target_obj.get(p) except Exception as e: print_exception(f'Unable to get \"{p}\" from target object \"{target_obj}\": {e}', additional_details={'current_path': current_path, From 82336d36a3deab608f8fe4e84c62343b8eaacec0 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 1 Mar 2022 12:58:03 +0100 Subject: [PATCH 748/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/cloudformation.py | 3 ++- ScoutSuite/providers/aws/facade/ec2.py | 6 ++++-- ScoutSuite/providers/aws/resources/iam/base.py | 13 +++++++------ ScoutSuite/providers/base/configs/browser.py | 2 ++ 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/cloudformation.py b/ScoutSuite/providers/aws/facade/cloudformation.py index 4b5365d52..d209a2b24 100755 --- a/ScoutSuite/providers/aws/facade/cloudformation.py +++ b/ScoutSuite/providers/aws/facade/cloudformation.py @@ -40,7 +40,8 @@ async def _get_and_set_template(self, stack: {}, region: str): stack['template'] = await run_concurrently( lambda: client.get_template(StackName=stack['StackName'])['TemplateBody']) except Exception as e: - print_exception(f'Failed to get CloudFormation template: {e}') + if 'is not ready' not in e: + print_exception(f'Failed to get CloudFormation template: {e}') stack['template'] = None async def _get_and_set_policy(self, stack: {}, region: str): diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 00a5ea273..60ab932a3 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -156,8 +156,10 @@ async def _get_and_set_snapshot_attributes(self, snapshot: {}, region: str): Attribute='createVolumePermission', SnapshotId=snapshot['SnapshotId'])['CreateVolumePermissions']) except Exception as e: - print_exception( - f'Failed to describe EC2 snapshot attributes: {e}') + if 'NotFound' in e: + print_warning(f'Failed to describe EC2 snapshot attributes: {e}') + else: + print_exception(f'Failed to describe EC2 snapshot attributes: {e}') async def get_network_acls(self, region: str, vpc: str): filters = [{'Name': 'vpc-id', 'Values': [vpc]}] diff --git a/ScoutSuite/providers/aws/resources/iam/base.py b/ScoutSuite/providers/aws/resources/iam/base.py index db7999b06..0937c1d52 100755 --- a/ScoutSuite/providers/aws/resources/iam/base.py +++ b/ScoutSuite/providers/aws/resources/iam/base.py @@ -46,12 +46,13 @@ async def finalize(self): try: entity['id'] = self._get_id_for_resource(entity_type, entity['name']) entities = self[entity_type] - entities[entity['id']].setdefault('policies', []) - entities[entity['id']].setdefault('policies_counts', 0) - entities[entity['id']]['policies'].append(policy_id) - entities[entity['id']]['policies_counts'] += 1 - self._parse_permissions( - policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) + if entity['id'] is not None: + entities[entity['id']].setdefault('policies', []) + entities[entity['id']].setdefault('policies_counts', 0) + entities[entity['id']]['policies'].append(policy_id) + entities[entity['id']]['policies_counts'] += 1 + self._parse_permissions( + policy_id, policy['PolicyDocument'], 'policies', entity_type, entity['id']) except Exception as e: print_exception(f'Error setting entity for ID {entity["id"]}: {e}') else: diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index 78eed9518..5d936e9da 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -99,6 +99,8 @@ def get_value_at(all_info, current_path, key, to_string=False): target_obj = p elif p == '': pass + elif target_obj is None: + pass else: target_obj = target_obj.get(p) except Exception as e: From c3ade7c587ac8d6763f350f76b4663304514721a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 2 Mar 2022 14:31:08 +0100 Subject: [PATCH 749/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/elbv2.py | 7 +++++-- ScoutSuite/providers/aws/provider.py | 12 +++++++++--- ScoutSuite/providers/base/configs/browser.py | 2 +- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/elbv2.py b/ScoutSuite/providers/aws/facade/elbv2.py index 64873ad45..ef1961cff 100755 --- a/ScoutSuite/providers/aws/facade/elbv2.py +++ b/ScoutSuite/providers/aws/facade/elbv2.py @@ -1,6 +1,6 @@ import asyncio -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.aws.utils import ec2_classic @@ -56,7 +56,10 @@ async def _get_and_set_load_balancer_tags(self, load_balancer: dict, region: str ResourceArns=[load_balancer['LoadBalancerArn']])['TagDescriptions'][0]['Tags'] ) except Exception as e: - print_exception(f'Failed to describe ELBv2 tags: {e}') + if 'LoadBalancerNotFound' in e: + print_warning(f'Failed to describe ELBv2 tags: {e}') + else: + print_exception(f'Failed to describe ELBv2 tags: {e}') async def get_listeners(self, region: str, load_balancer_arn: str): return await AWSFacadeUtils.get_all_pages( diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 1fe22e46b..390cd5375 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -270,7 +270,7 @@ def _complete_information_on_ec2_attack_surface(self, current_config, current_pa ec2_info = ec2_info[p] # Fill the rest of the attack surface details on that IP self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info.get('name') - if 'PublicDnsName' in current_config.get('Association'): + if 'PublicDnsName' in current_config.get('Association', {}): self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \ current_config['Association'].get('PublicDnsName') except Exception as e: @@ -803,8 +803,14 @@ def _security_group_to_attack_surface(self, attack_surface_config, public_ip, cu else: ports = port.split('-') if len(ports) > 1: - port_min = int(ports[0]) - port_max = int(ports[1]) + if port[0]: + port_min = int(ports[0]) + else: + port_min = None + if port[1]: + port_max = int(ports[1]) + else: + port_max = None elif port == 'N/A': port_min = port_max = None elif port == 'ALL': diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index 5d936e9da..4bff12ef9 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -104,7 +104,7 @@ def get_value_at(all_info, current_path, key, to_string=False): else: target_obj = target_obj.get(p) except Exception as e: - print_exception(f'Unable to get \"{p}\" from target object \"{target_obj}\": {e}', + print_exception(f'Unable to get \"{p}\" from target object \"{target_obj}\" in path \"{target_path}\": {e}', additional_details={'current_path': current_path, 'target_obj': target_obj, 'p': p}) From e7063873c26e58bdc191aa97cb44ac8c822ff503 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 3 Mar 2022 13:02:23 +0100 Subject: [PATCH 750/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/s3.py | 17 +++++++++++++---- ScoutSuite/providers/aws/provider.py | 18 +++++++++++------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 82d3f0f94..19df97b17 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -2,7 +2,7 @@ from botocore.exceptions import ClientError -from ScoutSuite.core.console import print_exception, print_debug +from ScoutSuite.core.console import print_exception, print_debug, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently @@ -63,7 +63,10 @@ async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None): try: location = await run_concurrently(lambda: client.get_bucket_location(Bucket=bucket['Name'])) except Exception as e: - print_exception('Failed to get bucket location for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in e: + print_warning('Failed to get bucket location for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get bucket location for {}: {}'.format(bucket['Name'], e)) location = None if location: @@ -82,7 +85,10 @@ async def _get_and_set_s3_bucket_logging(self, bucket: {}): try: logging = await run_concurrently(lambda: client.get_bucket_logging(Bucket=bucket['Name'])) except Exception as e: - print_exception('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in e: + print_warning('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) bucket['logging'] = 'Unknown' else: if 'LoggingEnabled' in logging: @@ -98,7 +104,10 @@ async def _get_and_set_s3_bucket_versioning(self, bucket: {}): bucket['versioning_status_enabled'] = self._status_to_bool(versioning.get('Status')) bucket['version_mfa_delete_enabled'] = self._status_to_bool(versioning.get('MFADelete')) except Exception as e: - print_exception('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in e: + print_warning('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) bucket['versioning_status_enabled'] = None bucket['version_mfa_delete_enabled'] = None diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 390cd5375..b6f5eb847 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -270,7 +270,7 @@ def _complete_information_on_ec2_attack_surface(self, current_config, current_pa ec2_info = ec2_info[p] # Fill the rest of the attack surface details on that IP self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info.get('name') - if 'PublicDnsName' in current_config.get('Association', {}): + if current_config and 'PublicDnsName' in current_config.get('Association', {}): self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \ current_config['Association'].get('PublicDnsName') except Exception as e: @@ -803,13 +803,17 @@ def _security_group_to_attack_surface(self, attack_surface_config, public_ip, cu else: ports = port.split('-') if len(ports) > 1: - if port[0]: - port_min = int(ports[0]) - else: + try: + if port[0]: + port_min = int(ports[0]) + else: + port_min = None + if port[1]: + port_max = int(ports[1]) + else: + port_max = None + except Exception as e: port_min = None - if port[1]: - port_max = int(ports[1]) - else: port_max = None elif port == 'N/A': port_min = port_max = None From 2d845ac0cf85ccf7135470b51f58981d36628bd1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 4 Mar 2022 10:28:32 +0100 Subject: [PATCH 751/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/iam.py | 7 +++++-- ScoutSuite/providers/aws/provider.py | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/iam.py b/ScoutSuite/providers/aws/facade/iam.py index 1f24eab02..d74c61bbd 100755 --- a/ScoutSuite/providers/aws/facade/iam.py +++ b/ScoutSuite/providers/aws/facade/iam.py @@ -3,7 +3,7 @@ from botocore.exceptions import ClientError -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import get_non_provider_id, run_concurrently, get_and_set_concurrently @@ -50,7 +50,10 @@ async def get_credential_reports(self): return credential_reports except Exception as e: - print_exception(f'Failed to download credential report: {e}') + if 'ReportNotPresent' in e: + print_warning(f'Failed to download credential report: {e}') + else: + print_exception(f'Failed to download credential report: {e}') return [] async def get_groups(self): diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index b6f5eb847..ca5b1edd7 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -270,9 +270,9 @@ def _complete_information_on_ec2_attack_surface(self, current_config, current_pa ec2_info = ec2_info[p] # Fill the rest of the attack surface details on that IP self.services['ec2']['external_attack_surface'][public_ip]['InstanceName'] = ec2_info.get('name') - if current_config and 'PublicDnsName' in current_config.get('Association', {}): + if current_config is not None and 'PublicDnsName' in current_config.get('Association', {}): self.services['ec2']['external_attack_surface'][public_ip]['PublicDnsName'] = \ - current_config['Association'].get('PublicDnsName') + current_config.get('Association', {}).get('PublicDnsName') except Exception as e: print_exception(f"Error completing EC2 network attack surface information: {e}") From 5b95251e5b1d054a961f543343e276e35ee71910 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 8 Mar 2022 15:28:38 +0100 Subject: [PATCH 752/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/cloudformation.py | 7 +++++-- ScoutSuite/providers/aws/facade/sns.py | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/cloudformation.py b/ScoutSuite/providers/aws/facade/cloudformation.py index d209a2b24..12d9fcc98 100755 --- a/ScoutSuite/providers/aws/facade/cloudformation.py +++ b/ScoutSuite/providers/aws/facade/cloudformation.py @@ -1,6 +1,6 @@ import json -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import get_and_set_concurrently @@ -30,7 +30,10 @@ async def _get_and_set_description(self, stack: {}, region: str): stack_description = await run_concurrently( lambda: client.describe_stacks(StackName=stack['StackName'])['Stacks'][0]) except Exception as e: - print_exception(f'Failed to describe CloudFormation stack: {e}') + if 'does not exist' in e: + print_warning(f'Failed to describe CloudFormation stack: {e}') + else: + print_exception(f'Failed to describe CloudFormation stack: {e}') else: stack.update(stack_description) diff --git a/ScoutSuite/providers/aws/facade/sns.py b/ScoutSuite/providers/aws/facade/sns.py index 4004eaa9f..27d896378 100755 --- a/ScoutSuite/providers/aws/facade/sns.py +++ b/ScoutSuite/providers/aws/facade/sns.py @@ -1,6 +1,6 @@ import asyncio -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently @@ -27,7 +27,10 @@ async def _get_and_set_topic_attributes(self, topic: {}, region: str): lambda: sns_client.get_topic_attributes(TopicArn=topic['TopicArn'])['Attributes'] ) except Exception as e: - print_exception(f'Failed to get SNS topic attributes: {e}') + if 'NotFound' in e: + print_warning(f'Failed to get SNS topic attributes: {e}') + else: + print_exception(f'Failed to get SNS topic attributes: {e}') async def get_subscriptions(self, region: str, topic_name: str): await self.cache_subscriptions(region) From 991cdb785f6864cbae850c2dd7dd8ac7f4cb4f1c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 9 Mar 2022 14:15:35 +0100 Subject: [PATCH 753/979] Improve CloudTrail support --- .../partials/aws/services.cloudtrail.regions.id.trails.html | 1 + ScoutSuite/providers/aws/resources/cloudtrail/trails.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html index 6869b3520..83db1a458 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html +++ b/ScoutSuite/output/data/html/partials/aws/services.cloudtrail.regions.id.trails.html @@ -14,6 +14,7 @@

    Information

    {{/if}} {{#unless scout_link}} +
  • Organization Trail: {{is_organization_trail}}
  • Logging: {{convert_bool_to_enabled IsLogging}}
  • Start Logging Time: {{format_date StartLoggingTime}}
  • Stop Logging Time: {{format_date StopLoggingTime}}
    • diff --git a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py index 92ecfaa81..86a4ee448 100755 --- a/ScoutSuite/providers/aws/resources/cloudtrail/trails.py +++ b/ScoutSuite/providers/aws/resources/cloudtrail/trails.py @@ -21,6 +21,8 @@ def _parse_trail(self, raw_trail): trail_id = get_non_provider_id(trail['name']) trail['arn'] = raw_trail.get('TrailARN') + trail['is_organization_trail'] = raw_trail.get('IsOrganizationTrail') + trail['home_region'] = raw_trail.get('HomeRegion') # Do not duplicate entries for multiregion trails if 'IsMultiRegionTrail' in raw_trail and raw_trail['IsMultiRegionTrail'] and \ From 6e76c838a5c6217dede4e5fe70e3494db7a7a16d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 9 Mar 2022 15:01:22 +0100 Subject: [PATCH 754/979] Fix bug --- ScoutSuite/providers/aws/facade/elbv2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/elbv2.py b/ScoutSuite/providers/aws/facade/elbv2.py index ef1961cff..04838c20b 100755 --- a/ScoutSuite/providers/aws/facade/elbv2.py +++ b/ScoutSuite/providers/aws/facade/elbv2.py @@ -58,7 +58,7 @@ async def _get_and_set_load_balancer_tags(self, load_balancer: dict, region: str except Exception as e: if 'LoadBalancerNotFound' in e: print_warning(f'Failed to describe ELBv2 tags: {e}') - else: + else: print_exception(f'Failed to describe ELBv2 tags: {e}') async def get_listeners(self, region: str, load_balancer_arn: str): From 1d240a18672212cfdfd9a61f16369333ce7e841f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 10 Mar 2022 10:59:30 +0100 Subject: [PATCH 755/979] Improve error logging and handling --- ScoutSuite/providers/aws/facade/s3.py | 64 ++++++++++++++++++++------- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 19df97b17..7f3cfeaf6 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -63,7 +63,7 @@ async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None): try: location = await run_concurrently(lambda: client.get_bucket_location(Bucket=bucket['Name'])) except Exception as e: - if 'NoSuchBucket' in e: + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): print_warning('Failed to get bucket location for {}: {}'.format(bucket['Name'], e)) else: print_exception('Failed to get bucket location for {}: {}'.format(bucket['Name'], e)) @@ -85,7 +85,7 @@ async def _get_and_set_s3_bucket_logging(self, bucket: {}): try: logging = await run_concurrently(lambda: client.get_bucket_logging(Bucket=bucket['Name'])) except Exception as e: - if 'NoSuchBucket' in e: + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): print_warning('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) else: print_exception('Failed to get logging configuration for {}: {}'.format(bucket['Name'], e)) @@ -104,7 +104,7 @@ async def _get_and_set_s3_bucket_versioning(self, bucket: {}): bucket['versioning_status_enabled'] = self._status_to_bool(versioning.get('Status')) bucket['version_mfa_delete_enabled'] = self._status_to_bool(versioning.get('MFADelete')) except Exception as e: - if 'NoSuchBucket' in e: + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): print_warning('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) else: print_exception('Failed to get versioning configuration for {}: {}'.format(bucket['Name'], e)) @@ -120,7 +120,10 @@ async def _get_and_set_s3_bucket_webhosting(self, bucket: {}): if "NoSuchWebsiteConfiguration" in str(e): bucket['web_hosting_enabled'] = False else: - print_exception('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get web hosting configuration for {}: {}'.format(bucket['Name'], e)) async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): bucket_name = bucket['Name'] @@ -141,12 +144,18 @@ async def _get_and_set_s3_bucket_default_encryption(self, bucket: {}): bucket['default_encryption_enabled'] = None bucket['default_encryption_algorithm'] = None bucket['default_encryption_key'] = None - print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning(f'Failed to get encryption configuration for {bucket_name}: {e}') + else: + print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') except Exception as e: bucket['default_encryption'] = 'Unknown' bucket['default_encryption_algorithm'] = None bucket['default_encryption_key'] = None - print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning(f'Failed to get encryption configuration for {bucket_name}: {e}') + else: + print_exception(f'Failed to get encryption configuration for {bucket_name}: {e}') async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): bucket_name = bucket['Name'] @@ -176,7 +185,10 @@ async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): self._set_s3_permissions(grantees[grantee]['permissions'], permission) bucket['grantees'] = grantees except Exception as e: - print_exception(f'Failed to get ACL configuration for {bucket_name}: {e}') + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning(f'Failed to get ACL configuration for {bucket_name}: {e}') + else: + print_exception(f'Failed to get ACL configuration for {bucket_name}: {e}') bucket['grantees'] = {} async def _get_and_set_s3_bucket_policy(self, bucket: {}): @@ -186,9 +198,15 @@ async def _get_and_set_s3_bucket_policy(self, bucket: {}): bucket['policy'] = json.loads(bucket_policy['Policy']) except ClientError as e: if e.response['Error']['Code'] != 'NoSuchBucketPolicy': - print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) except Exception as e: - print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get bucket policy for {}: {}'.format(bucket['Name'], e)) bucket['grantees'] = {} async def _get_and_set_s3_bucket_tags(self, bucket: {}): @@ -198,9 +216,15 @@ async def _get_and_set_s3_bucket_tags(self, bucket: {}): bucket['tags'] = {x['Key']: x['Value'] for x in bucket_tagset['TagSet']} except ClientError as e: if e.response['Error']['Code'] != 'NoSuchTagSet': - print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) except Exception as e: - print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get bucket tags for {}: {}'.format(bucket['Name'], e)) bucket['tags'] = {} async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}): @@ -212,7 +236,10 @@ async def _get_and_set_s3_bucket_block_public_access(self, bucket: {}): # No such configuration found for the bucket, nothing to be done pass except Exception as e: - print_exception('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to get the public access block configuration for {}: {}'.format(bucket['Name'], e)) def _get_and_set_s3_bucket_creationdate(self, buckets): # When using region other than 'us-east-1', the 'CreationDate' is the last modified time according to bucket's @@ -249,7 +276,10 @@ def _set_s3_bucket_secure_transport(self, bucket: {}): else: bucket['secure_transport_enabled'] = False except Exception as e: - print_exception('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e)) + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e)) + else: + print_exception('Failed to evaluate bucket policy for {}: {}'.format(bucket['Name'], e)) bucket['secure_transport'] = None def get_s3_public_access_block(self, account_id): @@ -269,8 +299,12 @@ def get_s3_public_access_block(self, account_id): "RestrictPublicBuckets": False } except Exception as e: - print_exception( - f'Failed to get the public access block configuration for the account {account_id}: {e}') + if 'NoSuchBucket' in str(e) or 'InvalidToken' in str(e): + print_warning( + f'Failed to get the public access block configuration for the account {account_id}: {e}') + else: + print_exception( + f'Failed to get the public access block configuration for the account {account_id}: {e}') return None @staticmethod From 5200976ea0d9a304bbabb229ff2422f7e8cf5c67 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Thu, 10 Mar 2022 10:22:21 +0000 Subject: [PATCH 756/979] Version updated to 5.11.0 --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 569066eb5..32ece961f 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.11.0RC4' +__version__ = '5.11.0' ERRORS_LIST = [] From 8605c6338e6bf4de1616c47e087c694de5e11022 Mon Sep 17 00:00:00 2001 From: "Alessandro.Gonzalez" Date: Thu, 10 Mar 2022 10:36:29 +0000 Subject: [PATCH 757/979] Update some data before the release --- ScoutSuite/data/aws/ip-ranges/aws.json | 22880 +++++++++++++++++++++-- 1 file changed, 21625 insertions(+), 1255 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index 6b7fb93ab..e969c26ef 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,6 +1,6 @@ { - "syncToken": "1608731058", - "createDate": "2020-12-23-13-44-18", + "syncToken": "1646837001", + "createDate": "2022-03-09-14-43-21", "prefixes": [ { "ip_prefix": "3.5.140.0/22", @@ -8,12 +8,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.37.64/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.34.65.64/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "13.34.66.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "43.224.79.154/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.174/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.153.170/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.234/32", "region": "us-west-1", @@ -32,30 +68,102 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.219.170.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "99.87.32.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "120.52.22.96/27", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.86/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.81.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.54/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.11.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.24.160/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.50.32/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.52.96/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.39.60/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.48/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.212/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.68/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.248/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.94.152.9/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.219.168.0/24", "region": "eu-central-1", @@ -68,6 +176,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.108.0.0/14", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.43.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.52.0/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.64.32/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.181.232.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "15.230.39.208/31", "region": "us-east-2", @@ -80,6 +218,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.127.163/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.164/31", "region": "us-west-2", @@ -110,6 +254,30 @@ "service": "AMAZON", "network_border_group": "us-east-1-iah-1" }, + { + "ip_prefix": "13.34.43.96/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.48.0/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.62.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.64.96/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "13.248.56.0/22", "region": "ap-east-1", @@ -170,18 +338,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.252.248/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.154.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "15.230.39.44/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.249.45.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.4.0.0/14", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.174/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.68/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.27/32", "region": "eu-west-1", @@ -206,18 +404,54 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.80/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "13.248.70.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.73.192/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "43.224.76.28/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "50.16.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.189.108/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.127.133/32", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.198.0/25", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.208.0/22", "region": "us-east-1", @@ -230,18 +464,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.104/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "104.255.59.114/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "150.222.84.0/24", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.129.244/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.82/31", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.50/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "205.251.249.0/24", "region": "GLOBAL", @@ -254,12 +512,42 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.49.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.193.3.0/24", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.216.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-2" + }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "43.224.76.152/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.169/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.153.148/32", "region": "eu-west-2", @@ -296,6 +584,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.34.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.197.34.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.205.0.0/16", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "15.230.39.10/31", "region": "us-east-2", @@ -303,10 +609,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.2/32", - "region": "eu-central-1", + "ip_prefix": "16.12.6.0/23", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.46.190.68/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.82.169.16/28", @@ -338,18 +650,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.131.192.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "150.222.122.104/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.17.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.236.0.0/14", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.158.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.206.0.0/15", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.77.192/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.220.0/22", "region": "eu-north-1", @@ -398,12 +740,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.219.204.0/22", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "99.78.152.0/22", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "142.4.160.56/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "150.222.135.0/24", "region": "ap-east-1", @@ -422,6 +776,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.0.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-6" + }, + { + "ip_prefix": "13.34.53.192/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.60.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.83.0/24", "region": "ap-southeast-2", @@ -434,6 +806,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.252.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "15.221.35.0/24", "region": "ap-southeast-1", @@ -446,6 +824,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.248.28.0/22", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.0/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.35.212/32", "region": "ap-east-1", @@ -470,6 +860,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.94.152.44/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.182.0/23", "region": "ap-northeast-3", @@ -494,12 +890,66 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.41.192/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.248.72.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.196/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.9/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "43.224.76.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.70/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.200/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.192/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.119.252.0/22", "region": "us-west-2", @@ -512,6 +962,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "69.107.7.16/29", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "99.77.130.0/24", "region": "us-west-2", @@ -524,18 +980,66 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.11.78/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.52/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.68/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "180.163.57.128/26", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.50.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.68.192/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.200.0.0/16", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.76.144/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.102/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.212/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.206.0.0/16", "region": "ap-southeast-2", @@ -567,10 +1071,10 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "150.222.243.19/32", - "region": "eu-south-1", + "ip_prefix": "13.34.15.32/27", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "ap-northeast-1" }, { "ip_prefix": "13.34.29.224/27", @@ -590,30 +1094,102 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.222.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "15.230.67.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.212.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "43.224.76.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.94/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.222/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.136/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.192.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.77.132.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "104.255.59.82/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.120.242/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.146.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.181.247.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.230.200.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.232.0.0/14", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.0/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.82.169.0/28", "region": "cn-northwest-1", @@ -644,6 +1220,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.118.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.54.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.119.0/24", "region": "eu-west-1", @@ -656,6 +1244,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.179.16/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.93.81.0/24", "region": "eu-west-1", @@ -674,6 +1268,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.15.124/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.114.0/24", "region": "ap-east-1", @@ -692,6 +1292,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.39.32/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "15.220.207.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "15.230.39.206/31", "region": "us-east-2", @@ -705,20 +1317,38 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.83.0.0/16", - "region": "cn-northwest-1", + "ip_prefix": "18.102.0.0/16", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.93.14.18/32", - "region": "us-west-2", + "ip_prefix": "52.46.190.144/30", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "52.94.6.0/24", - "region": "ap-northeast-2", + "ip_prefix": "52.46.191.98/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.83.0.0/16", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.93.14.18/32", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.94.6.0/24", + "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, @@ -728,6 +1358,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.122.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "69.107.7.56/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "150.222.2.0/24", "region": "us-east-1", @@ -741,10 +1383,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "150.222.240.245/32", - "region": "eu-south-1", + "ip_prefix": "150.222.164.220/31", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-west-1" }, { "ip_prefix": "13.34.23.0/27", @@ -752,12 +1394,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.248.67.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.230.138.0/24", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "43.224.79.254/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.32/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.47.0.0/16", "region": "eu-west-3", @@ -776,6 +1436,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.95.136.0/23", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.255.64/28", "region": "eu-west-1", @@ -795,10 +1461,10 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "52.219.48.0/22", - "region": "ap-southeast-1", + "ip_prefix": "52.219.143.0/24", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-east-2" }, { "ip_prefix": "54.240.236.22/32", @@ -818,6 +1484,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.38.64/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "13.208.0.0/16", "region": "ap-northeast-3", @@ -837,22 +1509,46 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.50.136/31", + "ip_prefix": "15.230.70.0/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.230.74.128/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.230.76.0/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "43.224.79.96/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.64/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.50.166/31", + "ip_prefix": "52.93.50.136/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.66.155/32", - "region": "ap-northeast-1", + "ip_prefix": "52.93.50.166/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.96.0/24", @@ -860,6 +1556,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.122.203/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.194/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.156.0.0/14", "region": "us-east-1", @@ -878,12 +1586,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.18/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.98/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.3.160/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "15.181.160.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "15.230.29.0/24", "region": "ap-southeast-1", @@ -902,6 +1640,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.56/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.210.0/26", "region": "eu-west-1", @@ -920,12 +1664,42 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.232.88/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.55.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.82.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.80.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "52.46.191.60/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.156/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.112/32", "region": "ap-southeast-1", @@ -987,16 +1761,22 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.39.34/31", - "region": "us-east-2", + "ip_prefix": "13.34.39.64/27", + "region": "eu-central-2", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "eu-central-2" }, { - "ip_prefix": "15.230.44.0/22", - "region": "ap-south-1", + "ip_prefix": "13.247.0.0/16", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "15.230.39.34/31", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { "ip_prefix": "18.192.0.0/15", @@ -1005,11 +1785,23 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.92.60.0/22", + "ip_prefix": "35.71.114.0/24", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.191.68/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.234/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.126.132/32", "region": "eu-central-1", @@ -1058,6 +1850,30 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "54.239.102.234/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "104.255.59.103/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "150.222.28.136/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.59.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.100.0/24", "region": "eu-north-1", @@ -1070,6 +1886,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.183.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.160.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.190.204/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.5.0/24", "region": "ca-central-1", @@ -1088,6 +1922,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.55.146/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.71.30/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.120.178/32", "region": "us-west-1", @@ -1118,18 +1964,54 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "69.107.7.136/29", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "107.20.0.0/14", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.28.130/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.28.140/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.129.62/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.5.160.0/22", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.13.53/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.221.36.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.40.0/24", "region": "us-east-1", @@ -1196,12 +2078,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.3.224/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.5.46/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.39.192/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "15.221.7.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.132.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.202.0/30", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.251.0.27/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "43.224.79.194/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.208.0/21", "region": "eu-north-1", @@ -1220,6 +2144,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.95.187.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "63.32.0.0/14", "region": "eu-west-1", @@ -1244,6 +2174,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.45.160/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.36.0.0/14", "region": "eu-west-3", @@ -1263,10 +2199,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.92.72.0/22", - "region": "sa-east-1", + "ip_prefix": "52.93.91.101/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.240.188/31", @@ -1274,18 +2210,42 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "70.232.80.0/21", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.82.184.0/22", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.0.19/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.28.108/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.121.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.34/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "172.96.98.0/24", "region": "eu-west-1", @@ -1293,16 +2253,40 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.66.0/26", + "ip_prefix": "13.34.13.20/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "15.230.131.32/28", - "region": "eu-central-1", + "ip_prefix": "13.34.20.0/27", + "region": "me-south-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "13.34.35.160/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "43.224.76.188/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.136/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.46.252.0/22", @@ -1310,12 +2294,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.126.198/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.94.152.67/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.255.16/28", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.219.141.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.240.236.38/32", "region": "eu-south-1", @@ -1329,10 +2331,22 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.131.8/31", - "region": "eu-central-1", + "ip_prefix": "13.34.55.64/27", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.0.12/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.87.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "18.236.0.0/15", @@ -1340,6 +2354,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "51.20.0.0/14", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.46.188.72/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.244/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.230/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.142/31", "region": "us-east-1", @@ -1364,6 +2402,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.95.139.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "54.240.198.0/24", "region": "us-west-1", @@ -1376,6 +2420,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.77.183.0/24", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "150.222.227.0/24", "region": "us-east-1", @@ -1388,6 +2438,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.52.64/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.32.0/20", "region": "ap-east-1", @@ -1419,10 +2475,16 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "150.222.243.9/32", - "region": "eu-south-1", + "ip_prefix": "150.222.28.106/31", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "161.188.148.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" }, { "ip_prefix": "176.32.125.230/31", @@ -1436,6 +2498,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.11.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.20.64/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "13.34.23.224/27", "region": "us-west-2", @@ -1460,6 +2534,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.116.0.0/14", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.192.0.0/15", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.46.189.16/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.235/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.218/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.239/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.153/32", "region": "eu-south-1", @@ -1502,12 +2612,54 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.38.160/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.65.0/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.77.28/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.92.0/22", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.190.104/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.158/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.178/31", "region": "us-east-1", @@ -1544,6 +2696,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.152/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.100/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.187/32", "region": "us-west-1", @@ -1574,6 +2756,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "63.246.113.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.136.0/24", "region": "eu-central-1", @@ -1586,6 +2774,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.158.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "13.34.26.96/27", "region": "us-west-2", @@ -1593,14 +2787,38 @@ "network_border_group": "us-west-2" }, { - "ip_prefix": "52.93.127.69/32", - "region": "us-east-1", + "ip_prefix": "15.230.74.192/26", + "region": "ap-northeast-2", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.93.193.199/32", - "region": "ca-central-1", + "ip_prefix": "15.230.78.192/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.76.184/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.69/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.193.199/32", + "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, @@ -1640,17 +2858,53 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.35.224/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.230.178.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.230.192.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.58/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.120/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.121/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.240.194/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.168.0/24", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.144.224.128/26", @@ -1682,12 +2936,60 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.37.0/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.248.110.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.197.32.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.40/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.7/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.104/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.212/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.228/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.240.0/24", "region": "sa-east-1", @@ -1718,18 +3020,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "150.222.243.177/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, - { - "ip_prefix": "150.222.244.37/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.234/31", "region": "us-east-1", @@ -1742,12 +3032,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.4.3.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-1" + }, { "ip_prefix": "15.222.0.0/15", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "43.224.79.198/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.62.0/24", "region": "us-east-2", @@ -1760,18 +3062,60 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.94.176.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "69.235.128.0/18", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "150.222.234.142/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.6.224/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.24.96/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.43.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.61.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.221.50.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.96.0.0/12", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.20.0/24", "region": "us-west-2", @@ -1814,6 +3158,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.64/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.45.64/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.46.0/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.76.0/24", "region": "ap-northeast-2", @@ -1821,10 +3183,28 @@ "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.230.131.10/31", - "region": "eu-central-1", + "ip_prefix": "15.230.135.0/24", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.77.96/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.180/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.52/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.30.0.0/15", @@ -1832,6 +3212,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.71.27/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.8.0/24", "region": "ap-northeast-1", @@ -1886,6 +3284,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.56/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.156.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.3.24.0/22", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.30.0.0/15", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "13.34.23.64/27", "region": "us-east-2", @@ -1898,12 +3320,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.181.253.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "15.197.0.0/23", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "43.249.47.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.46.188.48/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.55.156/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.226.0.0/15", "region": "us-east-1", @@ -1928,12 +3386,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.144.0.0/13", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.5.14/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.49.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.46.191.24/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.166/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.128.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.244.0/24", "region": "eu-west-1", @@ -1958,18 +3446,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "172.96.110.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.56.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.18.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.149.11/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "18.231.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "43.224.79.136/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.8/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.201/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.234/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.152.182/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.252.0.0/16", "region": "ap-southeast-2", @@ -1988,6 +3524,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.142/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.79.0/24", "region": "us-east-1", @@ -2000,12 +3542,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.248.68.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.230.39.2/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.208/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.162/31", "region": "us-east-1", @@ -2072,6 +3644,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.45.224/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.72.0/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.46.190.40/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.62/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.34.126/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.159/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.141.220/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.248.0/24", "region": "ap-east-1", @@ -2090,6 +3704,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "99.77.56.0/21", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "142.4.160.40/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "150.222.120.248/31", "region": "eu-central-1", @@ -2115,16 +3741,28 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "52.93.57.0/24", - "region": "af-south-1", + "ip_prefix": "15.230.14.18/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.92.67/32", - "region": "us-west-1", + "ip_prefix": "52.46.189.128/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.192/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.57.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" }, { "ip_prefix": "52.93.127.93/32", @@ -2132,18 +3770,42 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.254/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.95.63.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.40/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "142.4.160.8/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, { "ip_prefix": "150.222.3.212/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "157.241.0.0/16", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "13.34.32.32/27", "region": "us-west-1", @@ -2151,7 +3813,55 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.92.65/32", + "ip_prefix": "13.34.40.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.57.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.181.112.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "15.230.16.20/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.189.128/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.50/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.34.40/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" @@ -2162,6 +3872,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.177/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.127.196/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.217/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.180/31", "region": "us-west-2", @@ -2198,6 +3926,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "99.151.120.0/21", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "108.136.0.0/15", "region": "ap-southeast-3", @@ -2217,22 +3951,34 @@ "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "150.222.243.43/32", - "region": "eu-south-1", + "ip_prefix": "13.34.28.160/27", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "150.222.244.35/32", - "region": "eu-south-1", + "ip_prefix": "13.34.35.0/27", + "region": "me-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "me-central-1" }, { - "ip_prefix": "13.34.28.160/27", - "region": "us-west-2", + "ip_prefix": "13.34.38.0/27", + "region": "eu-south-2", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.51.192/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" }, { "ip_prefix": "35.176.0.0/15", @@ -2240,6 +3986,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.234/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.193.195/32", "region": "ca-central-1", @@ -2271,10 +4023,76 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "15.230.131.3/32", - "region": "eu-central-1", + "ip_prefix": "161.188.136.0/23", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1-phl-1" + }, + { + "ip_prefix": "3.4.7.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.5.80/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.12.244/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.43.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.53.32/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.56.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.61.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.221.6.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.19.248/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.79.64/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "16.12.10.0/23", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" }, { "ip_prefix": "52.219.148.0/23", @@ -2282,6 +4100,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "69.107.7.88/29", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "99.77.155.0/24", "region": "eu-west-1", @@ -2294,6 +4118,66 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.252.250/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.40.96/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.46.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.53.160/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.57.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.230.67.0/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.16/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.82/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.220/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.179/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.206/32", "region": "us-west-1", @@ -2330,6 +4214,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.84/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.112/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.128/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "160.1.0.0/16", "region": "us-gov-west-1", @@ -2342,12 +4244,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.181.241.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.230.21.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.67.128/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -2360,6 +4274,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.76.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.76/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.76/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.37.222/32", "region": "us-west-1", @@ -2384,18 +4322,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "150.222.234.78/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.104.0.0/14", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.62.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.193.5.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.197.16.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.24/31", "region": "us-east-2", @@ -2408,12 +4364,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.184.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.106/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.176/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.80.0.0/16", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.94.250.16/28", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "52.95.216.0/22", "region": "us-east-1", @@ -2433,10 +4413,10 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "54.231.244.0/22", - "region": "us-east-1", + "ip_prefix": "64.252.121.0/24", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "99.150.32.0/21", @@ -2444,6 +4424,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "108.156.0.0/14", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "150.222.99.0/24", "region": "us-east-1", @@ -2452,9 +4438,15 @@ }, { "ip_prefix": "150.222.218.0/24", - "region": "us-west-2", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.234.104/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "175.41.128.0/18", @@ -2468,12 +4460,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.59.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.194/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.152.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.46.189.68/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.167/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.215/32", "region": "us-west-1", @@ -2498,18 +4514,54 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "161.188.130.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "13.34.37.96/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.230.193.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.229.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.46.189.72/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.148/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.174/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.127.238/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.178.182/32", "region": "us-west-1", @@ -2528,18 +4580,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.144.230.204/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.219.195.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.219.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.28.122/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.32.0.0/16", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.230.0.6/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "35.182.0.0/15", "region": "ca-central-1", @@ -2547,16 +4623,28 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "52.93.122.255/32", - "region": "us-west-1", + "ip_prefix": "43.224.76.24/30", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "52.95.236.0/24", - "region": "ap-south-2", + "ip_prefix": "43.224.77.44/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-south-2" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.178/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.122.255/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "54.230.192.0/21", @@ -2564,6 +4652,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "70.232.124.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.191.0/24", "region": "us-east-1", @@ -2582,6 +4676,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.62.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.250.0.0/15", "region": "ap-southeast-1", @@ -2594,12 +4694,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.80/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "44.192.0.0/11", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.189.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.168/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.17/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.127.99/32", "region": "cn-northwest-1", @@ -2608,9 +4732,9 @@ }, { "ip_prefix": "52.95.166.0/23", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.144.216.2/31", @@ -2630,6 +4754,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.58.32/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.230.39.136/31", "region": "us-east-2", @@ -2642,6 +4772,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.10/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.215.0/31", "region": "eu-west-1", @@ -2690,6 +4826,42 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "161.188.140.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "13.34.12.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.46.192/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.60.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.78.64/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.191.2/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.129/32", "region": "us-east-1", @@ -2750,6 +4922,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.13.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.21.96/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.168.0.0/16", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.230.14.252/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.32.0/24", "region": "eu-west-1", @@ -2763,16 +4959,28 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.178.179/32", - "region": "us-west-1", + "ip_prefix": "15.230.79.0/26", + "region": "ca-central-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ca-central-1" }, { - "ip_prefix": "54.231.248.0/22", - "region": "ap-southeast-2", + "ip_prefix": "43.224.77.184/30", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.178.179/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "54.240.236.18/32", @@ -2816,6 +5024,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.37.160/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.230.39.72/31", "region": "us-east-2", @@ -2828,12 +5042,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.180/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.74/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.56.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.55.162/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.92.74/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.248/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.153.149/32", "region": "eu-west-2", @@ -2870,6 +5114,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.0/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "150.222.100.0/24", "region": "us-east-1", @@ -2877,10 +5127,10 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.27.0/27", - "region": "eu-west-2", + "ip_prefix": "13.34.24.64/27", + "region": "ap-south-2", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-south-2" }, { "ip_prefix": "13.34.33.64/27", @@ -2888,6 +5138,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.48.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.105.0/24", "region": "ap-south-1", @@ -2900,6 +5156,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "52.46.189.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.188/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.58.0.0/15", "region": "eu-central-1", @@ -2912,6 +5180,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.121.195/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.25/32", "region": "eu-west-1", @@ -2936,6 +5210,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.62.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.0.0/20", "region": "ap-northeast-3", @@ -2954,6 +5240,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.219/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.177/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.94.152.63/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.29.0/26", "region": "us-east-2", @@ -2966,12 +5270,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.219.142.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.77.152.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.217.248/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.131.0.0/16", "region": "us-east-2", @@ -2985,26 +5301,80 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "15.230.39.158/31", - "region": "us-east-2", + "ip_prefix": "13.34.53.224/27", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.219.0.0/20", - "region": "ap-northeast-1", + "ip_prefix": "13.34.59.64/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.240.248.0/21", - "region": "us-west-2", + "ip_prefix": "13.34.63.0/27", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "ap-east-1" }, { - "ip_prefix": "69.107.6.120/29", - "region": "us-west-1", + "ip_prefix": "15.230.39.158/31", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.73.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.46.191.88/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.236/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.122.202/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.18/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.195/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.219.0.0/20", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "54.240.248.0/21", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "69.107.6.120/29", + "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, @@ -3015,10 +5385,10 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.240.239/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.1/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "176.32.125.252/31", @@ -3026,6 +5396,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.133.26/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.46.189.100/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.124/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.130/32", "region": "us-west-1", @@ -3038,6 +5426,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.234.5/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "205.251.246.0/24", "region": "us-east-1", @@ -3050,6 +5444,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "13.34.10.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.197.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.79.190/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.176/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.108/32", "region": "ap-southeast-1", @@ -3080,6 +5498,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "69.107.3.184/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.232/31", "region": "ap-southeast-1", @@ -3092,12 +5516,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.6/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.252.0/22", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "13.34.18.192/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.220.232.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -3110,6 +5552,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.190.228/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.115/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.151.0/24", "region": "sa-east-1", @@ -3134,6 +5588,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.133/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "3.4.1.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-3" + }, + { + "ip_prefix": "13.34.42.192/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.56.0.0/16", "region": "us-west-1", @@ -3153,10 +5625,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.12/31", - "region": "eu-central-1", + "ip_prefix": "15.251.0.28/32", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "il-central-1" }, { "ip_prefix": "18.184.0.0/15", @@ -3164,6 +5636,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.190.212/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.125.43/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.127.131/32", "region": "ap-south-1", @@ -3194,6 +5678,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.128.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "205.251.200.0/21", "region": "GLOBAL", @@ -3218,12 +5708,30 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "15.230.162.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.160.0.0/13", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "43.194.0.0/16", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.46.191.148/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.48.0.0/14", "region": "eu-west-1", @@ -3231,17 +5739,23 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.94.198.80/28", - "region": "ap-south-1", + "ip_prefix": "52.93.124.97/32", + "region": "eu-west-3", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-west-3" }, { - "ip_prefix": "54.231.0.0/17", + "ip_prefix": "52.94.152.11/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.198.80/28", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "99.77.137.0/24", "region": "eu-north-1", @@ -3249,10 +5763,10 @@ "network_border_group": "eu-north-1" }, { - "ip_prefix": "150.222.243.53/32", - "region": "eu-south-1", + "ip_prefix": "150.222.232.116/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "223.71.71.128/25", @@ -3272,12 +5786,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.181.144.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.39.66/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.89.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "43.200.0.0/14", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "43.224.77.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.96/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.68.0.0/15", "region": "ap-northeast-1", @@ -3302,6 +5852,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.59.224/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.181.254.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.230.72.192/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "18.60.0.0/15", "region": "ap-south-2", @@ -3314,6 +5882,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.126.123/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.124.0/22", "region": "us-east-1", @@ -3326,6 +5900,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "99.151.80.0/21", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "120.253.245.128/26", "region": "GLOBAL", @@ -3362,18 +5942,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.34.1.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.110/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.224.0.0/14", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "43.224.76.88/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.32.184/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.93.50.176/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.121.197/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.24/32", "region": "eu-west-1", @@ -3416,6 +6026,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.110/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "161.188.142.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "13.34.13.52/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.51.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.97.0/24", "region": "eu-central-1", @@ -3434,6 +6068,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.55.152/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.143/32", "region": "us-west-1", @@ -3446,6 +6086,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "104.255.59.119/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "150.222.129.252/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.213.40/32", "region": "us-west-1", @@ -3464,17 +6116,119 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.63.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.230.39.18/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.204.2/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.196.0.0/15", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "43.224.79.30/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.250/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.236/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.218/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.96/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.134/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "150.222.11.92/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.22.96/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.31.192/27", - "region": "us-west-1", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.39.96/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.56.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.62.0/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.197.8.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" }, { "ip_prefix": "15.230.39.154/31", @@ -3482,12 +6236,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.70.192/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.77.176/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.72/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.152/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.73.0/26", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.91.105/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.72/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.137/32", "region": "us-west-1", @@ -3530,18 +6326,54 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.90/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.230.124/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.26/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.56.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.58.0/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.66.128/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "13.50.0.0/16", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.251.0.12/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.44.0.0/15", "region": "us-east-1", @@ -3555,10 +6387,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.92.40.0/21", - "region": "eu-west-1", + "ip_prefix": "52.93.55.144/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "52.219.32.0/21", @@ -3596,12 +6428,30 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.234.84/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.252.246/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.228.0/22", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.34.3.128/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.30.64/27", "region": "us-east-1", @@ -3609,77 +6459,203 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "15.230.133.16/32", - "region": "ap-southeast-1", + "ip_prefix": "13.34.63.128/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.8.0/22", - "region": "ap-southeast-1", + "ip_prefix": "13.34.65.160/27", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "il-central-1" }, { - "ip_prefix": "150.222.3.236/31", - "region": "ap-southeast-1", + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "GLOBAL" }, { - "ip_prefix": "3.124.0.0/14", - "region": "eu-central-1", + "ip_prefix": "15.181.176.0/20", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1-chi-1" }, { - "ip_prefix": "15.230.4.19/32", + "ip_prefix": "15.230.19.12/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.133.16/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.82.176.0/22", - "region": "cn-northwest-1", + "ip_prefix": "15.230.149.8/31", + "region": "ap-southeast-2", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "52.93.240.150/31", - "region": "us-west-2", + "ip_prefix": "43.224.79.196/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-east-1" }, { - "ip_prefix": "52.144.194.192/26", - "region": "us-west-1", + "ip_prefix": "52.93.8.0/22", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "54.183.0.0/16", - "region": "us-west-1", + "ip_prefix": "52.93.91.111/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.240.236.33/32", - "region": "eu-south-1", + "ip_prefix": "52.93.123.255/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.240.236.49/32", - "region": "eu-south-1", + "ip_prefix": "52.93.124.213/32", + "region": "eu-west-3", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-west-3" }, { - "ip_prefix": "3.24.0.0/14", - "region": "ap-southeast-2", + "ip_prefix": "52.94.152.65/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "150.222.3.236/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.124.0.0/14", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.47.0/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.181.48.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "15.230.4.19/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.76.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.116/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.82.176.0/22", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.93.240.150/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.144.194.192/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.183.0.0/16", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.240.236.33/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "54.240.236.49/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "99.83.120.0/22", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "142.4.160.64/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.24.0.0/14", + "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.58.64/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.197.18.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.190.202/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.133.133/32", "region": "eu-south-1", @@ -3704,6 +6680,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.130/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "150.222.13.0/24", "region": "eu-west-1", @@ -3746,12 +6728,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "43.224.79.38/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.182/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.152.177/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "64.252.103.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.24/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "150.222.28.126/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.122.102/31", "region": "eu-central-1", @@ -3759,10 +6777,22 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.240.135/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.132/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.116.0.0/14", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.56.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "15.177.86.0/24", @@ -3776,18 +6806,72 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.221.49.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.76.128/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.230.91.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "15.230.208.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.144.0.0/15", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "18.238.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "18.244.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.188.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.90.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.114/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.123.6/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.127.105/32", "region": "cn-northwest-1", @@ -3842,12 +6926,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.0/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.230.173.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.190.128/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.251.0.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.0.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.188.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.184.0/23", "region": "cn-northwest-1", @@ -3897,17 +7011,41 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "150.222.234.0/24", - "region": "us-west-1", + "ip_prefix": "205.251.208.0/20", + "region": "GLOBAL", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "GLOBAL" }, { - "ip_prefix": "205.251.208.0/20", + "ip_prefix": "208.110.48.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.33.35.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.45.128/27", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.46.189.96/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.184/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.12.12/32", "region": "us-west-2", @@ -3950,12 +7088,36 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.14/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.126/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.3.28.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.22.192/27", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.48.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.120.0/24", "region": "eu-west-2", @@ -3968,6 +7130,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.76.64/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "16.62.0.0/15", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "43.224.77.108/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.226/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.136/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.54.0.0/15", "region": "us-east-1", @@ -3980,12 +7172,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.55.158/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.153.179/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.95.230.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ip_prefix": "54.222.80.0/21", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.240.225.0/24", "region": "ap-northeast-1", @@ -4004,6 +7214,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "104.255.59.138/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.3.208/31", "region": "ap-southeast-1", @@ -4028,6 +7244,42 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.230.77.64/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.165.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.177.0/31", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.251.0.5/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.128/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.74.0.0/16", "region": "ap-southeast-1", @@ -4052,11 +7304,35 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.154/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.217.250/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.34.31.160/27", - "region": "us-west-1", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.34.54.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.64.64/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" }, { "ip_prefix": "15.177.89.0/24", @@ -4070,12 +7346,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.14.17/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.156.0.0/14", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.92/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.10/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.144/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.244/32", "region": "ap-south-1", @@ -4094,6 +7400,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.95.140.0/23", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.119.196.0/22", "region": "us-east-1", @@ -4136,6 +7448,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.35.192/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.214.0.0/15", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.177.77.0/24", "region": "ap-northeast-3", @@ -4148,12 +7472,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.79.34/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.224.0/20", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.93.91.100/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.146/32", "region": "af-south-1", @@ -4190,6 +7532,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.4.6.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-3" + }, + { + "ip_prefix": "13.34.13.18/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.16.128/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.60.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.79.0/24", "region": "ap-northeast-1", @@ -4202,6 +7568,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.18/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.210.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "16.12.2.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.77.24/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.112/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.118/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.190/31", "region": "us-east-1", @@ -4226,6 +7628,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.0.128/25", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.122.92/31", "region": "eu-central-1", @@ -4250,6 +7658,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.36.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.44.0/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.152/31", "region": "us-east-2", @@ -4263,10 +7683,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.1/32", - "region": "eu-central-1", + "ip_prefix": "15.230.215.0/24", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" }, { "ip_prefix": "35.80.0.0/12", @@ -4274,6 +7700,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.191.80/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.194/32", "region": "us-west-1", @@ -4322,6 +7754,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.36.160/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.45.0/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.66.160/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.118/31", "region": "us-east-2", @@ -4335,8 +7785,44 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.93.178.184/32", - "region": "us-west-1", + "ip_prefix": "18.186.0.0/15", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.79.42/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.64/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.144/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.176/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.148/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.178.184/32", + "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, @@ -4358,6 +7844,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "54.239.1.224/28", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "54.239.64.0/21", "region": "eu-central-1", @@ -4394,6 +7886,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.108/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.64.192/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.46/31", "region": "us-east-2", @@ -4406,12 +7910,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.22/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "43.204.0.0/15", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.79.162/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "46.51.224.0/19", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.190.76/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.124.96/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.93.124.212/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.111.0/24", "region": "ap-northeast-2", @@ -4430,6 +7976,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "67.220.240.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "130.176.128.0/18", "region": "GLOBAL", @@ -4442,6 +7994,30 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.3.8.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.16.96/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "13.34.50.0/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.53.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "13.248.127.0/24", "region": "ap-southeast-1", @@ -4449,10 +8025,16 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.131.5/32", - "region": "eu-central-1", + "ip_prefix": "52.46.189.200/30", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.66/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.144.224.64/26", @@ -4498,15 +8080,33 @@ }, { "ip_prefix": "15.230.64.0/26", - "region": "eu-west-2", + "region": "ap-southeast-3", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-southeast-3" }, { - "ip_prefix": "52.93.92.66/32", - "region": "us-west-1", + "ip_prefix": "15.230.75.192/26", + "region": "ap-northeast-3", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.230.81.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.191.128/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.178.159/32", @@ -4544,12 +8144,30 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.144.233.192/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "70.232.88.0/22", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.131.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "104.255.59.122/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.178/32", "region": "ap-southeast-1", @@ -4586,12 +8204,30 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.76.148/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.78/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.61.0.0/16", "region": "us-gov-west-1", @@ -4616,6 +8252,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "54.231.0.0/16", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.150.48.0/21", "region": "ap-northeast-1", @@ -4628,18 +8270,78 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.164.222/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.45.96/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.96.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.221.32.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.126/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.65.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.185.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.188.128/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.46.191.104/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.182/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.250/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.93.127.155/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.158.0/23", "region": "ap-northeast-3", @@ -4688,12 +8390,30 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.100/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.220.228.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "15.230.64.192/26", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.76.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.12.0.0/15", "region": "us-west-2", @@ -4713,16 +8433,16 @@ "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.220.0.0/15", - "region": "ap-southeast-1", + "ip_prefix": "52.93.240.202/31", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "54.231.252.0/24", - "region": "ap-southeast-2", + "ip_prefix": "52.220.0.0/15", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "ap-southeast-2" + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "54.239.1.128/28", @@ -4736,24 +8456,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.50.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.140/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.2/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.163.0.0/16", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "43.224.76.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.192/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.176/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.182/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.250.0/23", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.34.122/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.240.168/31", "region": "us-west-2", @@ -4772,6 +8534,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.144.230.206/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.199.0.0/16", "region": "ap-northeast-1", @@ -4802,6 +8570,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.69.64/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "18.142.0.0/15", "region": "ap-southeast-1", @@ -4814,6 +8588,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.188.24/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.112/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.181/32", "region": "us-west-1", @@ -4832,24 +8618,72 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.223.0.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.222.32.0/22", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "64.252.123.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "99.151.112.0/21", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.164.208/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "205.251.232.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.51.224/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.65.128/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.32/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.214.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "34.224.0.0/12", "region": "us-east-1", @@ -4892,24 +8726,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.132/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.34.31.96/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.72.64/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "52.46.188.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.138/32", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.141.228/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.153.80/32", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.182.128/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.148.0/23", "region": "eu-west-2", @@ -4934,6 +8798,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.20/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.77.124/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.221/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.248.224/28", "region": "us-gov-west-1", @@ -4970,18 +8852,54 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.40.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.41.64/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.54.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.197.4.0/22", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "16.168.0.0/15", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.191.238/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.133.155/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.141.213/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.16.0/24", "region": "eu-west-3", @@ -5000,18 +8918,54 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.37.128/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.181.0.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "15.230.164.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.79.242/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "43.250.192.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.124.211/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.126.133/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "54.239.102.232/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.239.113.0/24", "region": "eu-west-1", @@ -5024,12 +8978,54 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.151.104.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "99.151.128.0/21", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "176.32.112.0/21", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.63.224/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.66.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.153.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.46.189.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.164/31", "region": "us-east-1", @@ -5042,6 +9038,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.196/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.209.192/26", "region": "eu-west-2", @@ -5066,6 +9068,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.41.224/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.42.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.44.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.47.64/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.124/31", "region": "us-east-2", @@ -5090,6 +9122,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.127.70/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.94.69.0/24", "region": "eu-central-1", @@ -5102,6 +9140,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.144.133.32/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "54.239.40.152/29", "region": "ap-northeast-2", @@ -5121,14 +9165,32 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "13.34.29.64/27", - "region": "us-east-1", + "ip_prefix": "150.222.28.18/31", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "sa-east-1" }, { - "ip_prefix": "13.248.121.0/24", - "region": "eu-west-1", + "ip_prefix": "13.34.21.64/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.29.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.47.224/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.248.121.0/24", + "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, @@ -5138,6 +9200,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.191.212/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.192/32", "region": "us-west-1", @@ -5156,12 +9224,54 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.35.32/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.34.61.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.122.0/24", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.248.36.0/22", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.46.189.180/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.244/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.55.148/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.71.29/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.139/32", "region": "eu-central-1", @@ -5210,6 +9320,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "104.255.59.123/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.244/31", "region": "ap-southeast-1", @@ -5222,6 +9338,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.129.152/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.217.228/30", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.234.74/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.54.64/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.59.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "46.137.224.0/19", "region": "ap-southeast-1", @@ -5234,6 +9380,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.180.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "65.0.0.0/14", "region": "ap-south-1", @@ -5252,12 +9404,54 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.126/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.5.45/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.32.64/27", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.63.96/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.76.84/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.96/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.76.124/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.77.128/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.116/32", "region": "ap-southeast-1", @@ -5282,12 +9476,60 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "63.246.119.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.122.96/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.140/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.5.111/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.44.64/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.55.32/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.16.12/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.179.8/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.76.40/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", @@ -5306,6 +9548,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.240.198/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.94.152.3/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "99.79.0.0/16", "region": "ca-central-1", @@ -5325,10 +9579,28 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "15.230.131.0/32", - "region": "eu-central-1", + "ip_prefix": "150.222.164.211/32", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.36.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.66.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.251.0.3/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "44.224.0.0/11", @@ -5336,12 +9608,36 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.189.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.124/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.130/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.81.0.0/16", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.93.120.177/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.93.135.195/32", "region": "eu-south-1", @@ -5361,10 +9657,16 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.240.207/32", - "region": "eu-south-1", + "ip_prefix": "150.222.129.19/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.12.245/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "13.34.33.96/27", @@ -5372,6 +9674,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.38.128/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.61.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.4.0/23", "region": "us-east-1", @@ -5384,6 +9698,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.70.64/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.224.79.156/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.161/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.172/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.211.64/26", "region": "eu-west-2", @@ -5408,18 +9746,48 @@ "service": "AMAZON", "network_border_group": "us-east-1-bos-1" }, + { + "ip_prefix": "3.48.0.0/12", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.5.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.29.0/27", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.197.12.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "18.164.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.93.126.137/32", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.153.176/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.200/32", "region": "us-west-1", @@ -5450,6 +9818,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "43.224.79.158/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.126.139/32", "region": "ap-southeast-2", @@ -5474,6 +9854,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.72.0/21", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "174.129.0.0/16", "region": "us-east-1", @@ -5492,12 +9878,60 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.174.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.251.0.20/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "52.46.189.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.72/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.34.120/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.198/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.93.134.181/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.93.141.238/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.211/32", "region": "us-west-1", @@ -5528,12 +9962,54 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.4/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.80/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.0.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.19.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.38.96/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.230.31.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.71.31/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.169/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.169/32", "region": "us-west-1", @@ -5558,6 +10034,30 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.83.84.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.248/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.36/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.42/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.28.64/27", "region": "us-west-2", @@ -5576,6 +10076,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.224.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "15.220.227.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-2" + }, { "ip_prefix": "15.230.4.162/31", "region": "ap-southeast-1", @@ -5583,17 +10095,35 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.65.192/26", + "ip_prefix": "18.208.0.0/13", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "18.208.0.0/13", + "ip_prefix": "52.46.189.216/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.142/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.126.131/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.93.240.204/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.245.0/24", "region": "us-east-1", @@ -5625,16 +10155,22 @@ "network_border_group": "ap-southeast-3" }, { - "ip_prefix": "150.222.243.47/32", + "ip_prefix": "15.177.73.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.221.51.0/24", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, { - "ip_prefix": "15.177.73.0/24", - "region": "ap-south-1", + "ip_prefix": "15.230.189.0/25", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-west-1" }, { "ip_prefix": "46.51.216.0/21", @@ -5648,6 +10184,18 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.253/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.94.152.60/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.144.223.128/26", "region": "ap-south-1", @@ -5667,10 +10215,16 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.242.99/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.86/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.252.244/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "176.32.125.254/31", @@ -5684,6 +10238,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.5.113/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.0/31", "region": "us-east-2", @@ -5691,10 +10251,28 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.7/32", - "region": "eu-central-1", + "ip_prefix": "15.230.134.0/24", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.140.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.249.44.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.189.8/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "52.93.75.0/24", @@ -5702,6 +10280,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.123.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.101/32", "region": "cn-northwest-1", @@ -5714,6 +10298,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.94.152.180/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.94.248.32/28", "region": "ap-southeast-1", @@ -5774,6 +10364,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.192/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.108/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.199/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.127.106/32", "region": "ap-southeast-1", @@ -5799,32 +10407,92 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "15.161.0.0/16", - "region": "eu-south-1", + "ip_prefix": "150.222.0.16/32", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "sa-east-1" }, { - "ip_prefix": "52.93.129.95/32", - "region": "eu-south-1", + "ip_prefix": "13.34.43.0/27", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "52.93.193.196/32", - "region": "ca-central-1", + "ip_prefix": "13.34.52.32/27", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "ca-central-1" + "network_border_group": "us-east-2" }, { - "ip_prefix": "54.222.52.0/22", - "region": "cn-north-1", + "ip_prefix": "13.34.54.32/27", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "cn-north-1" + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "64.252.110.0/24", - "region": "ap-northeast-1", + "ip_prefix": "13.34.58.128/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.161.0.0/16", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "43.224.76.60/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.126/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.230/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.129.95/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.93.141.214/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.193.196/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.94.132.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "54.222.52.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "64.252.110.0/24", + "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, @@ -5834,6 +10502,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.35.64/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "18.188.0.0/16", "region": "us-east-2", @@ -5846,12 +10520,42 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "43.224.76.64/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.110/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "46.51.128.0/18", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.44/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.204/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.232/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.165/32", "region": "us-west-1", @@ -5918,12 +10622,48 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.5.49/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.42.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.232.0.0/14", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.220.0.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "15.248.16.0/22", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "52.46.190.254/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.124/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.180/31", "region": "us-east-1", @@ -5948,6 +10688,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.28.116/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.208.84/31", "region": "af-south-1", @@ -5984,6 +10730,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.133.28/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.79.246/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.148/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.156/32", "region": "us-west-1", @@ -6026,6 +10790,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.15.130/31", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.156/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.62/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "184.72.128.0/17", "region": "us-east-1", @@ -6040,9 +10822,15 @@ }, { "ip_prefix": "13.34.31.224/27", - "region": "us-west-1", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.220.16.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" }, { "ip_prefix": "52.93.127.115/32", @@ -6050,12 +10838,60 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.107.7.72/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.246/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "161.188.134.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "13.34.0.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.1.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.13/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.41.160/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.51.128/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.57.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.51.0.0/16", "region": "eu-north-1", @@ -6080,6 +10916,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.197/32", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.207/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.80.0/20", "region": "ca-central-1", @@ -6116,6 +10964,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "104.255.59.101/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "108.166.232.0/21", "region": "us-east-2", @@ -6134,18 +10988,54 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.14.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.34.96/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "35.181.0.0/16", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "43.224.76.240/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.220/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.138.252/32", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.153.171/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.95.190.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.80.0.0/13", "region": "us-east-1", @@ -6170,6 +11060,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "104.255.59.124/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "150.222.139.124/30", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.98.0/24", "region": "ap-northeast-1", @@ -6188,12 +11090,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.77.128/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.142.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.201.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.20.0.0/14", "region": "us-east-1", @@ -6212,12 +11126,6 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, - { - "ip_prefix": "52.219.20.0/22", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" - }, { "ip_prefix": "52.219.24.0/21", "region": "us-west-1", @@ -6248,12 +11156,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.152.0.0/13", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.244.0.0/15", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "43.224.79.32/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.68/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.196/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.197/32", "region": "us-west-1", @@ -6272,6 +11204,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.151.88.0/21", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.24/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "177.72.240.0/21", "region": "sa-east-1", @@ -6290,6 +11234,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.6.192/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.48.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.49.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.0.4/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.16.17/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.167.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.168.0.0/14", "region": "eu-west-2", @@ -6308,6 +11288,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.93.127.237/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.178.226/32", "region": "us-west-1", @@ -6321,16 +11307,16 @@ "network_border_group": "eu-west-3" }, { - "ip_prefix": "150.222.224.0/24", + "ip_prefix": "99.83.101.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.243.15/32", - "region": "eu-south-1", + "ip_prefix": "150.222.224.0/24", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "13.34.31.32/27", @@ -6338,6 +11324,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.63.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.16.0/22", "region": "us-west-1", @@ -6358,10 +11350,70 @@ }, { "ip_prefix": "15.230.64.64/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.231.0.0/16", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.76.100/30", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.76.176/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.100/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.92/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.232/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.252/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.232/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.22/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.218/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.96.0/20", "region": "ca-central-1", @@ -6374,24 +11426,66 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.118/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "108.175.48.0/22", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.144.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "13.34.8.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.23.96/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.47.32/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.16.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.36/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.148.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.172.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.189.0.0/16", "region": "us-east-2", @@ -6399,7 +11493,25 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.66.154/32", + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.77.140/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.40/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.121.189/32", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" @@ -6434,18 +11546,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "69.107.7.128/29", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "99.77.184.0/24", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "150.222.208.94/31", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.96/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.64.0.0/12", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.12.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.230.170.0/23", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "52.93.127.178/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.254.0/24", "region": "us-east-1", @@ -6464,12 +11612,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "70.232.64.0/20", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.82.175.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.83.88.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.87.16.0/20", "region": "ap-south-2", @@ -6482,6 +11642,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.120/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "162.213.234.0/23", "region": "eu-west-1", @@ -6489,10 +11655,28 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.131.14/31", - "region": "eu-central-1", + "ip_prefix": "13.34.13.19/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.55.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.57.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "18.201.0.0/16", @@ -6501,19 +11685,49 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.93.178.191/32", - "region": "us-west-1", + "ip_prefix": "43.224.79.206/31", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-west-2" }, { - "ip_prefix": "52.95.186.0/24", - "region": "ap-south-2", + "ip_prefix": "43.224.79.238/31", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "ap-south-2" + "network_border_group": "us-west-2" }, { - "ip_prefix": "52.119.214.0/23", + "ip_prefix": "43.224.79.244/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.190/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.168/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.178.191/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.95.186.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "52.119.214.0/23", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" @@ -6554,12 +11768,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.234.76/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "208.86.88.0/23", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.20.96/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.230.39.74/31", "region": "us-east-2", @@ -6572,18 +11798,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.90.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "18.175.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.76.120/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.208/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.216.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.203/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.208.0.0/15", "region": "us-east-1", @@ -6602,6 +11852,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "142.4.160.48/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "150.222.208.90/31", "region": "af-south-1", @@ -6615,10 +11871,22 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "150.222.243.17/32", - "region": "eu-south-1", + "ip_prefix": "13.34.65.192/27", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "43.224.76.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.248/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.93.126.205/32", @@ -6626,6 +11894,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.147/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.181/32", "region": "eu-south-1", @@ -6656,6 +11930,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.64/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.48.0.0/15", "region": "eu-north-1", @@ -6680,6 +11960,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.20/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.142/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.228/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.189.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.64.0.0/17", "region": "ap-southeast-2", @@ -6699,10 +12015,28 @@ "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "69.107.6.176/29", - "region": "us-west-1", + "ip_prefix": "104.255.59.132/32", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "150.222.129.69/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "195.17.0.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.5.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { "ip_prefix": "13.34.33.160/27", @@ -6734,12 +12068,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ip_prefix": "15.230.131.4/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "18.220.0.0/14", "region": "us-east-2", @@ -6782,6 +12110,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "150.222.129.64/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.207.0/24", "region": "eu-west-2", @@ -6794,12 +12128,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.65.96/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.152.0.0/16", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.226.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "15.230.76.192/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.77.0/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.104/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.127.180/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.193.197/32", "region": "ca-central-1", @@ -6836,12 +12206,60 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.132.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "3.4.16.0/21", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "13.34.25.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.37.192/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.221.53.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.230.85.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.93.50.144/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.246/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.141.240/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.227/32", "region": "us-west-1", @@ -6854,12 +12272,30 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.239.1.240/28", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "68.79.0.0/18", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "69.107.7.80/29", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "69.107.7.104/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.128.0/24", "region": "us-east-1", @@ -6872,6 +12308,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "150.222.234.138/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "223.71.71.96/27", "region": "GLOBAL", @@ -6884,6 +12326,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "43.224.76.128/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.96/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.126/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.18.179/32", "region": "eu-west-1", @@ -6896,6 +12356,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "52.94.152.62/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.94.196.0/24", "region": "eu-west-1", @@ -6926,12 +12392,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.189.112/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.178.175/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.230.208/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.152.0.0/16", "region": "us-east-1", @@ -6944,6 +12422,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.8.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.16.192/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.26.192/27", "region": "eu-west-2", @@ -6956,6 +12446,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.46.191.54/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.71.37/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.126.234/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.178.131/32", "region": "us-west-1", @@ -7010,6 +12518,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.20/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.14.224/27", "region": "sa-east-1", @@ -7022,6 +12536,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.45.32/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.248.71.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.181.128.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "15.230.39.138/31", "region": "us-east-2", @@ -7034,12 +12566,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.69.0/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.12.8.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.170.0.0/15", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.132.0.0/14", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.46.190.224/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.28/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.70.0.0/15", "region": "us-east-1", @@ -7088,12 +12650,66 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.5.48/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.48.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.60.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.66.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.186/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.240/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.71.28/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.123.11/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.127.232/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.110.0/24", "region": "GLOBAL", @@ -7112,6 +12728,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.234.130/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.14.192/27", "region": "sa-east-1", @@ -7136,18 +12758,66 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.78.128/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.236.0.0/15", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "18.154.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.188.248/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.64/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.36/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.168/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.19/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.216/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.247/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.135/32", "region": "us-west-1", @@ -7208,6 +12878,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.197.28.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.52/31", "region": "us-east-2", @@ -7221,7 +12897,43 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.93.92.68/32", + "ip_prefix": "15.230.69.128/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "43.195.0.0/16", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "43.224.76.56/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.54/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.200/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.55.160/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" @@ -7244,6 +12956,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.92.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.247.0/24", "region": "eu-central-1", @@ -7256,12 +12974,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.234.32/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.9.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.218/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.112/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.236/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.226/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.174/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.95.61.0/24", "region": "eu-west-1", @@ -7292,6 +13046,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.48/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.122/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.235.0/24", "region": "ap-south-1", @@ -7304,12 +13070,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.5.15/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.16.0/21", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.181.245.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.39.82/31", "region": "us-east-2", @@ -7322,6 +13100,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.191.20/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.222/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.240.156/31", "region": "us-west-2", @@ -7346,6 +13136,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.151.96.0/21", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "104.255.59.88/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "150.222.12.0/24", "region": "sa-east-1", @@ -7365,10 +13167,10 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "3.5.0.0/18", - "region": "us-east-1", + "ip_prefix": "13.34.5.47/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "eu-central-1" }, { "ip_prefix": "15.230.39.216/31", @@ -7376,12 +13178,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.133.24/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.149.10/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "35.71.68.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.8.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.46.191.48/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.64/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.121.196/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.126.145/32", "region": "us-west-1", @@ -7394,6 +13232,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.94.152.68/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.94.249.192/28", "region": "ap-southeast-3", @@ -7412,12 +13256,36 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.219.172.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "64.252.83.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "150.222.234.136/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.15.0/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.58.160/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.177.64.0/23", "region": "us-east-1", @@ -7436,12 +13304,42 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.25/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.77.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.130/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "46.51.208.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.86.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.244/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.188/32", "region": "us-west-1", @@ -7460,12 +13358,24 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "54.239.1.208/28", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "64.252.80.0/24", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.88/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "150.222.3.218/31", "region": "ap-southeast-1", @@ -7484,30 +13394,90 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.37.32/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "18.136.0.0/16", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.76.164/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.112.0.0/16", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.91.113/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.97.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.206/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.234.10/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.3.16.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.26.224/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.40.64/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.212.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.197.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.220.233.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.230.39.114/31", "region": "us-east-2", @@ -7520,12 +13490,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.71.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "18.179.0.0/16", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.76.8/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.46/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.100/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.240/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.8/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.162/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.156.0/22", "region": "ap-east-1", @@ -7538,6 +13550,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.95.138.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.200.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "64.252.100.0/24", "region": "ap-south-1", @@ -7574,6 +13598,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.56.192/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.57.0.0/16", "region": "us-west-1", @@ -7586,36 +13616,114 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.64.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "15.230.67.192/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.251.0.13/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.251.0.29/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "52.93.153.175/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.240.172/31", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.219.202.0/23", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "54.239.4.0/22", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "70.232.96.0/20", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "99.77.140.0/24", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "104.255.59.127/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.183/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.5.78/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.222/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.16.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "43.224.76.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.96/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.56/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.14.0/24", "region": "ca-central-1", @@ -7634,18 +13742,42 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.129.242/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.230.114/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.11.0/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "13.34.64.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.230.204.3/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.18.0.0/16", "region": "us-west-1", @@ -7670,6 +13802,18 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.188.28/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.134/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.3.202/31", "region": "ap-southeast-1", @@ -7688,12 +13832,60 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.3.6.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.64.224/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "15.230.16.18/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.230.68.0/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.230.204.0/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.216/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.186/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.63.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.120.176/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.93.178.167/32", "region": "us-west-1", @@ -7706,6 +13898,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.137.0.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "150.222.11.88/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.239.0/24", "region": "eu-west-1", @@ -7724,18 +13928,48 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.37.224/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.230.160.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "43.224.77.188/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.82.128.0/19", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.93.121.187/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.94/32", "region": "cn-northwest-1", @@ -7743,16 +13977,22 @@ "network_border_group": "cn-northwest-1" }, { - "ip_prefix": "52.95.255.96/28", - "region": "us-west-1", + "ip_prefix": "52.93.127.200/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "54.231.128.0/19", - "region": "eu-west-1", + "ip_prefix": "52.94.152.183/32", + "region": "ap-southeast-2", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.95.255.96/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "99.83.98.0/24", @@ -7766,6 +14006,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.16/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "150.222.83.0/24", "region": "ap-south-1", @@ -7779,10 +14025,22 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.240.249/32", - "region": "eu-south-1", + "ip_prefix": "13.34.60.0/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.156.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.251.0.14/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "18.204.0.0/14", @@ -7796,6 +14054,36 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.210/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.60/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.44/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.92/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.110/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.129/32", "region": "ap-south-1", @@ -7850,6 +14138,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.41.96/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.189.252/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.94.116.0/22", "region": "us-west-2", @@ -7862,12 +14162,30 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "64.252.119.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.212.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "208.86.90.0/23", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.248.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "15.230.39.22/31", "region": "us-east-2", @@ -7880,18 +14198,54 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.188.0/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.251.0.21/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.29.0.0/16", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.190.72/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.52/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.92/32", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.175/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.15.0/24", "region": "eu-west-2", @@ -7912,9 +14266,9 @@ }, { "ip_prefix": "52.95.144.0/24", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.144.194.64/26", @@ -7934,30 +14288,78 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.131/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "150.222.230.100/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.114/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.43.64/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.52.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.200.0.0/13", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.230.59.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "16.12.9.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.180.0.0/15", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.76.52/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "46.137.128.0/18", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.191.192/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.2.0/24", "region": "eu-west-1", @@ -7971,8 +14373,14 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "52.93.178.128/32", - "region": "us-west-1", + "ip_prefix": "52.93.127.183/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.178.128/32", + "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, @@ -8000,18 +14408,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.104/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.230.110/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.118/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.2.2.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "13.34.4.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.26.32/27", "region": "us-west-2", @@ -8024,6 +14450,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.39.128/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.48.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.246.0.0/16", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "15.221.2.0/24", "region": "eu-west-1", @@ -8036,12 +14480,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.79.128/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "15.230.149.4/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.46.190.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.240/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.99.0/24", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.71/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.141.244/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.249.240/28", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.40.0/24", "region": "us-west-2", @@ -8090,6 +14576,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.41.128/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.34.47.192/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.54.0.0/15", "region": "ap-southeast-2", @@ -8102,6 +14600,30 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.248.24.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "52.46.188.252/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.164/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.18/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.131/32", "region": "us-east-1", @@ -8116,9 +14638,9 @@ }, { "ip_prefix": "52.95.142.0/23", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.95.235.0/24", @@ -8138,12 +14660,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, - { - "ip_prefix": "54.231.232.0/21", - "region": "us-west-1", - "service": "AMAZON", - "network_border_group": "us-west-1" - }, { "ip_prefix": "54.239.128.0/18", "region": "GLOBAL", @@ -8180,6 +14696,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.11.74/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.28.128/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.72.0/24", "region": "ap-southeast-2", @@ -8192,6 +14720,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.114/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.12.0.0/16", "region": "us-east-2", @@ -8210,6 +14744,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.157.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.181.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "36.103.232.128/26", "region": "GLOBAL", @@ -8228,6 +14780,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.127.255/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.133.131/32", "region": "eu-south-1", @@ -8252,6 +14810,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.219.194.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.150.72.0/21", "region": "eu-west-3", @@ -8265,10 +14829,28 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.240.161/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.12/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.3.5.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-4" + }, + { + "ip_prefix": "13.34.46.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "15.230.14.20/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.34.57/32", @@ -8300,6 +14882,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "71.137.8.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.77.139.0/24", "region": "ap-northeast-1", @@ -8312,18 +14900,90 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.15.128/31", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.129.158/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.129.250/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.217.17/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "204.246.160.0/22", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.43.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.63.64/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.193.4.0/24", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.71.0/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.230.203.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "43.224.76.36/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.222/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.92.70/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.240.158/31", "region": "us-west-2", @@ -8336,6 +14996,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "71.132.0.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.40.0/21", "region": "eu-west-2", @@ -8348,6 +15014,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.118/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -8360,6 +15032,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "13.34.5.81/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.5.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.51.160/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.177.72.0/24", "region": "eu-north-1", @@ -8384,18 +15074,42 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "43.224.79.66/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.2.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.168/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.71.32/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.125/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.66/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.214.128/26", "region": "eu-south-1", @@ -8420,12 +15134,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "104.255.59.105/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.3.228/31", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.17/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "176.32.96.0/21", "region": "us-east-1", @@ -8438,12 +15164,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.160/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.34.46.224/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.248.108.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.251.0.15/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.124.14/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "52.93.126.206/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.240.146/31", "region": "us-west-2", @@ -8487,10 +15243,34 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "150.222.240.251/32", - "region": "eu-south-1", + "ip_prefix": "13.34.19.224/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.42.224/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.181.192.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "52.93.55.166/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.123.136/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.178.144/32", @@ -8540,6 +15320,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.48/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.77.190.0/24", "region": "GLOBAL", @@ -8564,18 +15350,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.28/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.56.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.106.0/24", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.133.17/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.204.1/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ip_prefix": "43.224.77.120/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.111/32", "region": "ap-southeast-1", @@ -8607,40 +15423,40 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.117.0/24", - "region": "eu-north-1", + "ip_prefix": "150.222.28.110/31", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "eu-north-1" + "network_border_group": "sa-east-1" }, { - "ip_prefix": "150.222.240.237/32", - "region": "eu-south-1", + "ip_prefix": "150.222.117.0/24", + "region": "eu-north-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-north-1" }, { - "ip_prefix": "150.222.240.247/32", - "region": "eu-south-1", + "ip_prefix": "216.182.232.0/22", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.243.35/32", - "region": "eu-south-1", + "ip_prefix": "3.120.0.0/14", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "216.182.232.0/22", + "ip_prefix": "13.34.57.160/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.120.0.0/14", - "region": "eu-central-1", + "ip_prefix": "15.181.252.0/24", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-west-2-sea-1" }, { "ip_prefix": "18.198.0.0/15", @@ -8648,18 +15464,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.77.8/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.9.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.46.188.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.188/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.238/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.38.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.94.152.69/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.144.216.4/31", "region": "eu-north-1", @@ -8672,6 +15518,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "69.107.7.0/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.77.141.0/24", "region": "ap-northeast-2", @@ -8684,6 +15536,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.36.0/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.42.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.248.20.0/22", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.251.0.8/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "27.0.0.0/22", "region": "ap-northeast-1", @@ -8696,6 +15572,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.188.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.180/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.98.0/24", "region": "ap-south-1", @@ -8714,6 +15602,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.12/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.144.233.130/31", "region": "ap-northeast-3", @@ -8726,6 +15620,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "69.107.7.112/29", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.136.0.0/13", "region": "us-east-2", @@ -8738,12 +15638,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.14.12/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.83.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.212/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.228/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.164/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.37.223/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.121.188/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.178/32", "region": "us-west-1", @@ -8768,6 +15704,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.44.32/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.248.112.0/24", "region": "us-west-2", @@ -8781,7 +15723,7 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.65.128/26", + "ip_prefix": "15.230.145.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" @@ -8792,6 +15734,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "64.252.120.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.3.179/32", "region": "ap-southeast-1", @@ -8805,10 +15753,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "150.222.243.11/32", - "region": "eu-south-1", + "ip_prefix": "150.222.28.138/31", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "sa-east-1" }, { "ip_prefix": "3.5.144.0/23", @@ -8817,16 +15765,46 @@ "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.93.50.138/31", - "region": "us-east-1", + "ip_prefix": "13.34.35.96/27", + "region": "me-central-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "me-central-1" }, { - "ip_prefix": "52.93.127.95/32", - "region": "cn-northwest-1", + "ip_prefix": "15.230.131.0/24", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.230.182.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.50.138/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.92.66/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.127.95/32", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.93.127.148/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" }, { "ip_prefix": "52.94.248.112/28", @@ -8840,6 +15818,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.16/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.30/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.60.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.61.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.181.242.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.197.2.0/24", "region": "GLOBAL", @@ -8852,12 +15860,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.70.128/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.230.92.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.248.8.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.93.50.152/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.141.226/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.176/32", "region": "us-west-1", @@ -8883,17 +15915,29 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "150.222.243.37/32", - "region": "eu-south-1", + "ip_prefix": "199.127.232.0/22", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "199.127.232.0/22", + "ip_prefix": "13.34.42.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.60.96/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.65.224/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.177.78.0/24", "region": "eu-west-2", @@ -8906,18 +15950,42 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.230.0.14/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.19.18/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.76/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.71.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.66.0.0/16", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.250/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.240.184/31", "region": "us-west-2", @@ -8949,10 +16017,16 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.25.216/29", - "region": "ap-south-1", + "ip_prefix": "13.34.44.192/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.80.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" }, { "ip_prefix": "35.168.0.0/13", @@ -8960,6 +16034,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.79.124/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.234/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.64.128.0/17", "region": "ap-southeast-2", @@ -8972,18 +16058,84 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.136/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "150.222.234.3/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.10.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.46.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.55.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.209.0.0/16", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.181.40.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-nyc-1" + }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "43.224.79.28/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.248/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.224/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.60.0.0/16", "region": "ca-central-1", @@ -9014,12 +16166,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "69.107.3.176/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "72.44.32.0/19", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.28.105/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "205.251.236.0/22", "region": "us-gov-west-1", @@ -9027,10 +16191,28 @@ "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "13.34.22.56/29", - "region": "ap-south-1", + "ip_prefix": "3.100.0.0/16", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.52.192/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.16.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "15.181.96.0/20", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" }, { "ip_prefix": "15.221.3.0/24", @@ -9038,6 +16220,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.248.32.0/22", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.92.0.0/17", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.93.127.202/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.240.236.46/32", "region": "eu-south-1", @@ -9050,12 +16250,36 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.12.243/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.58.0.0/15", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.200/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.84/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.204/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.51.29/32", "region": "us-east-1", @@ -9086,12 +16310,30 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "69.107.7.96/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.102.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.5.44/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.13.50/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.1.0/24", "region": "us-east-1", @@ -9104,6 +16346,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.55.154/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.131.217/32", "region": "eu-south-1", @@ -9146,6 +16394,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.79.40/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.188/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.6/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.132/31", "region": "us-east-1", @@ -9158,12 +16424,48 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.15.126/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.129.255/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.234.116/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.236.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "162.222.148.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "3.4.2.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "13.34.4.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.31.0/27", "region": "us-east-1", @@ -9231,16 +16533,52 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "150.222.242.231/32", - "region": "af-south-1", + "ip_prefix": "13.34.9.32/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "eu-west-1" }, { - "ip_prefix": "150.222.243.13/32", - "region": "eu-south-1", + "ip_prefix": "13.248.65.0/24", + "region": "eu-south-2", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "15.251.0.23/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.79.164/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.218/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.224/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.140/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.42/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "52.93.69.0/24", @@ -9248,6 +16586,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.93.141.242/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.151/32", "region": "us-west-1", @@ -9278,6 +16622,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.40/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.13.0.0/16", "region": "us-east-2", @@ -9296,6 +16646,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.92.128.0/17", "region": "us-east-1", @@ -9314,12 +16670,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "104.255.56.11/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.83/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.233.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "150.222.234.58/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.49.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.210.0.0/15", "region": "ap-southeast-2", @@ -9327,22 +16707,34 @@ "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "52.93.178.140/32", + "ip_prefix": "43.224.77.144/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.55.164/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.178.174/32", + "ip_prefix": "52.93.127.251/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.93.178.140/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.242.128/25", - "region": "cn-northwest-1", + "ip_prefix": "52.93.178.174/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "52.94.17.0/24", @@ -9386,6 +16778,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.91/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "104.255.59.115/32", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "150.222.164.210/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "184.169.128.0/17", "region": "us-west-1", @@ -9398,6 +16808,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.41.0/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.61.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.6.0/24", "region": "ap-southeast-1", @@ -9410,6 +16832,30 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.224.77.84/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.202/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.91.98/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.152.178/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.240.236.65/32", "region": "eu-south-1", @@ -9428,6 +16874,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "104.255.59.85/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.234.124/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.8.0.0/14", "region": "eu-west-2", @@ -9446,6 +16904,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.160/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.93.133.127/32", "region": "eu-south-1", @@ -9458,6 +16928,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.141.230/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.178.232/32", "region": "us-west-1", @@ -9470,12 +16946,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.176.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.204.0.0/15", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "69.107.7.8/29", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.67.0/24", "region": "eu-west-2", @@ -9488,12 +16976,42 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.110/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.232.112/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.202/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.12.12.0/23", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "52.46.191.150/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.204/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.132/32", "region": "us-west-1", @@ -9524,12 +17042,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, - { - "ip_prefix": "150.222.243.41/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.226/31", "region": "us-east-1", @@ -9542,6 +17054,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.42.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.190.16.0/20", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.4.158/31", "region": "ap-southeast-1", @@ -9561,17 +17085,53 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "35.152.0.0/16", - "region": "eu-south-1", + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "35.152.0.0/16", + "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.46.188.52/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.188.64/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.194/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.119/32", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.127.153/32", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.94.252.0/23", "region": "us-east-1", @@ -9609,10 +17169,34 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "150.222.243.33/32", - "region": "eu-south-1", + "ip_prefix": "150.222.129.146/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.53.128/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.55.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.57.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.66.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "13.248.123.0/24", @@ -9626,6 +17210,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.77.168/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.12/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.26/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.127.100/32", "region": "cn-northwest-1", @@ -9645,10 +17247,16 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.240.131/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.22/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.72/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "207.171.160.0/20", @@ -9656,12 +17264,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.51.96/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.58.192/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.230.39.8/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.77.148/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.226/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.7.0/24", "region": "sa-east-1", @@ -9686,6 +17318,18 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.220.220.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.221.48.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", @@ -9710,12 +17354,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "54.239.102.162/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.92.0/22", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "161.188.138.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "3.16.0.0/14", "region": "us-east-2", @@ -9728,18 +17384,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.40.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.191.0.0/16", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.0.8/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.164/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.6/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.130.0.0/16", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.46.188.224/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.72.0.0/15", "region": "us-east-1", @@ -9758,6 +17444,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.93.141.222/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.182.0.0/16", "region": "GLOBAL", @@ -9782,6 +17474,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "99.151.64.0/21", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "120.253.245.192/27", "region": "GLOBAL", @@ -9795,10 +17493,40 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.242.233/32", - "region": "af-south-1", + "ip_prefix": "13.34.5.79/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.54.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.58.96/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.232/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.112/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.202/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.62.0.0/15", @@ -9824,6 +17552,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.141.236/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.94.249.224/28", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.219.44.0/22", "region": "eu-central-1", @@ -9842,6 +17582,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.28.118/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.70.0/24", "region": "sa-east-1", @@ -9866,12 +17612,54 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.60.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "16.12.14.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "16.50.0.0/15", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "43.224.77.104/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.90/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.224/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.133.179/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.94.152.176/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.144.211.200/31", "region": "eu-west-2", @@ -9903,16 +17691,10 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "150.222.242.229/32", - "region": "af-south-1", - "service": "AMAZON", - "network_border_group": "af-south-1" - }, - { - "ip_prefix": "150.222.243.45/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.38/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "157.175.0.0/16", @@ -9926,6 +17708,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.22.128/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.36.32/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.66.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.125.0/24", "region": "ap-southeast-1", @@ -9938,12 +17738,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.66.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.12/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.182/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.126.130/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "52.93.127.164/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.245.0/24", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.94.152.179/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.16.0/21", "region": "us-east-2", @@ -9956,18 +17792,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "150.222.243.51/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.33.128/27", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.220.248.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.39.116/31", "region": "us-east-2", @@ -9975,10 +17811,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.92.16.0/20", - "region": "us-east-1", + "ip_prefix": "15.230.58.0/24", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.76.44/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" }, { "ip_prefix": "52.93.67.0/24", @@ -9998,12 +17840,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "52.219.169.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "54.240.236.66/32", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.77.32.0/20", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.154.0/24", "region": "us-west-1", @@ -10016,6 +17870,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.11.80/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "172.96.97.0/24", "region": "us-east-1", @@ -10034,18 +17894,54 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "16.12.0.0/23", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.64.0.0/14", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.228.0.0/16", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "43.224.79.160/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.16.0.0/15", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.191.240/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.122/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.199/32", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.28.0/24", "region": "us-east-2", @@ -10070,6 +17966,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.219.184.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "120.52.12.64/26", "region": "GLOBAL", @@ -10088,12 +17990,54 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "13.34.50.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.84.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.250.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "43.224.79.62/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.192/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.108/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.32.180/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.93.87.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.102/32", "region": "cn-northwest-1", @@ -10118,12 +18062,42 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.136.64.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "13.34.38.32/27", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "13.34.42.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.47.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.220.236.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "15.230.39.128/31", "region": "us-east-2", @@ -10136,12 +18110,36 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "43.224.76.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.120/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.82.0.0/17", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.185/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.172/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.249.32/28", "region": "eu-west-3", @@ -10160,12 +18158,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.102/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.129.130/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.5.17/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.26.128/27", "region": "eu-north-1", @@ -10178,6 +18188,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.82.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.251.0.22/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "43.224.79.108/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.4/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.108/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.120/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.149.0/24", "region": "us-west-1", @@ -10208,6 +18260,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.250.32/28", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.144.228.64/26", "region": "ap-southeast-2", @@ -10232,6 +18290,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.139.116/30", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.59.192/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.39.198/31", "region": "us-east-2", @@ -10245,43 +18315,115 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.144.228.2/31", - "region": "ap-south-1", + "ip_prefix": "15.230.72.128/26", + "region": "af-south-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "af-south-1" }, { - "ip_prefix": "54.240.199.0/24", - "region": "ap-southeast-1", + "ip_prefix": "15.230.86.0/24", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "64.252.115.0/24", - "region": "eu-west-1", + "ip_prefix": "43.224.79.180/31", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "99.77.161.0/24", - "region": "ap-southeast-1", + "ip_prefix": "52.46.191.46/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.23.160/27", - "region": "us-west-2", + "ip_prefix": "52.46.191.228/31", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-west-2" + "network_border_group": "us-east-1" }, { - "ip_prefix": "15.230.136.0/24", - "region": "eu-north-1", + "ip_prefix": "52.93.124.210/32", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "eu-north-1" + "network_border_group": "eu-south-1" }, { - "ip_prefix": "52.93.127.130/32", + "ip_prefix": "52.93.127.157/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.94.160.0/20", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.144.228.2/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "54.240.199.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "64.252.115.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.77.161.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "150.222.234.103/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.8.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.23.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.49.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.136.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.188.144/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.130/32", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" @@ -10292,6 +18434,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "99.83.112.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "104.255.59.87/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "104.255.59.139/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "150.222.208.92/31", "region": "af-south-1", @@ -10310,42 +18470,138 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.52.224/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.249.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "15.220.205.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.39.80/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.68.64/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.196/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.76.236/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.172/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.190.12/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.88.0.0/15", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.32.176/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.193.194/32", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "69.107.7.64/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.0.18/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.5.244.0/22", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.5.12/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "15.221.40.0/21", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.144/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.149.0/31", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "15.230.206.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.253.0.0/16", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "52.46.190.244/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.192.0/20", "region": "eu-north-1", @@ -10400,6 +18656,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.18.224/27", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.34.47.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.152/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.121.198/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.150.0/24", "region": "ap-northeast-1", @@ -10412,18 +18692,36 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.95.188.0/23", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "99.78.196.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "104.255.59.106/32", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "130.176.192.0/19", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.3.192/27", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.28.0/27", "region": "us-west-2", @@ -10448,6 +18746,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.46.188.184/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.44/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.132/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.229/32", "region": "us-west-1", @@ -10466,18 +18782,54 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.231.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.104.0/21", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.54.0/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.230.39.106/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.198.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "52.46.188.180/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.207/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.93.127.249/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.158/32", "region": "us-west-1", @@ -10520,18 +18872,36 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.208.0.0/12", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.248.64.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.221.0.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.0.5/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.48/31", "region": "us-east-2", @@ -10545,10 +18915,22 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.48/28", - "region": "eu-central-1", + "ip_prefix": "15.230.166.0/24", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.79.120/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.178/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" }, { "ip_prefix": "54.222.64.0/23", @@ -10575,16 +18957,22 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.3.188/32", - "region": "ap-southeast-1", + "ip_prefix": "130.176.254.0/24", + "region": "GLOBAL", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "GLOBAL" }, { - "ip_prefix": "150.222.243.59/32", - "region": "eu-south-1", + "ip_prefix": "142.4.160.72/29", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "150.222.3.188/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "185.48.120.0/22", @@ -10592,12 +18980,42 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.17.24/29", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "52.46.188.56/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.232/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.106/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.138/32", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.93.153.173/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.173/32", "region": "us-west-1", @@ -10611,19 +19029,37 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "54.231.192.0/20", + "ip_prefix": "54.233.128.0/17", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "142.4.160.104/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "150.222.122.110/31", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, { - "ip_prefix": "54.233.128.0/17", - "region": "sa-east-1", + "ip_prefix": "150.222.129.20/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.122.110/31", + "ip_prefix": "150.222.129.240/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "150.222.139.120/30", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" @@ -10634,12 +19070,60 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "204.45.0.0/16", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.220.206.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "15.221.52.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "15.230.39.156/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.77.192/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "43.224.76.0/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.122/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.103/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.146/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.95.80.0/20", "region": "ap-south-1", @@ -10658,6 +19142,18 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.217.234/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "161.188.152.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "176.32.124.128/25", "region": "us-east-1", @@ -10695,10 +19191,16 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "15.230.131.16/28", - "region": "eu-central-1", + "ip_prefix": "52.46.191.34/31", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.34.42/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" }, { "ip_prefix": "52.93.127.26/32", @@ -10730,6 +19232,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "150.222.234.46/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.35.128/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "13.230.0.0/15", "region": "ap-northeast-1", @@ -10748,6 +19262,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.196.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "43.224.77.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.249.46.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.4.0/24", "region": "us-east-1", @@ -10826,18 +19358,42 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.49.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.28.0/22", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.234.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.230.74.0/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.176.0.0/15", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.93.127.154/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.219.144.0/22", "region": "ap-northeast-2", @@ -10886,18 +19442,36 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.28.134/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.20.0.0/14", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.44.160/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.156.0.0/15", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.16.252/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.246/31", "region": "us-east-2", @@ -10916,12 +19490,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.79.90/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.138/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.164/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.48/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.170/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.194/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.66.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.76.0.0/15", "region": "eu-west-1", @@ -10934,6 +19544,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.28.124/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "205.251.192.0/21", "region": "GLOBAL", @@ -10952,30 +19568,66 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.47.96/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.228/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.93.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.77.76/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.40.0.0/14", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.190.180/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.50.154/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.124.15/32", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.93.126.213/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.64/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.170.0/23", "region": "eu-north-1", @@ -11019,10 +19671,34 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.94.11.0/24", - "region": "ap-southeast-1", + "ip_prefix": "43.198.0.0/15", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "43.224.79.204/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.189.0/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.136/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.94.11.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "52.144.200.128/26", @@ -11036,6 +19712,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.137.4.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.104.0/21", "region": "af-south-1", @@ -11048,18 +19730,54 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.129.246/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "204.246.164.0/22", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.43.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.64.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.230.28.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "43.224.77.32/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.127.165/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.198.128/28", "region": "ca-central-1", @@ -11090,6 +19808,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.234.44/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.82/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.5.16/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.26.160/27", "region": "eu-north-1", @@ -11108,12 +19844,36 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.75.64/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.230.207.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "16.12.4.0/23", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "34.240.0.0/13", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.79.122/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.14.19/32", "region": "us-west-2", @@ -11162,18 +19922,54 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "150.222.15.127/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.234.66/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.17.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.29.192/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.73.0/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.162.0.0/16", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.46.191.70/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.141.224/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.30.0/23", "region": "ap-northeast-1", @@ -11210,6 +20006,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.3.0.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "13.34.7.64/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "13.34.58.224/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.32.0.0/14", "region": "us-west-2", @@ -11264,18 +20078,78 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.240.0.0/13", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.13.51/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.27.64/27", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.251.0.24/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.76.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.56/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.0/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.94/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.121.190/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.127.110/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.93.127.181/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.245/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.248.64/28", "region": "ap-southeast-2", @@ -11312,12 +20186,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.234.70/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.12.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.39.0/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "15.230.186.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.116/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.126.214/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.173/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.202/32", "region": "us-west-1", @@ -11354,12 +20264,42 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.113.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.5.148.0/22", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.163.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "15.230.177.2/31", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "43.224.79.102/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.172/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.117/32", "region": "ap-southeast-1", @@ -11367,10 +20307,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.93.242.120/29", - "region": "cn-northwest-1", + "ip_prefix": "52.93.127.156/32", + "region": "ap-northeast-1", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "ap-northeast-1" }, { "ip_prefix": "54.198.0.0/16", @@ -11396,12 +20336,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.34.32/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.164.0.0/15", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.230.150.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.251.0.1/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.98/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.96.0/19", "region": "us-gov-east-1", @@ -11414,6 +20378,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.46.191.214/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.166/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.228/32", "region": "us-west-1", @@ -11445,10 +20421,22 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.131.6/32", - "region": "eu-central-1", + "ip_prefix": "13.34.33.224/27", + "region": "eu-north-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "43.224.76.72/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.127.128/32", @@ -11456,12 +20444,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.205/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.216/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.181/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.239.0.192/28", "region": "ap-northeast-2", @@ -11474,6 +20474,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.40.224/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.52.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.64.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.221.1.0/24", "region": "us-west-2", @@ -11486,6 +20504,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.68.128/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.46.191.4/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.109/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.123/32", "region": "us-east-1", @@ -11499,10 +20535,22 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "150.222.243.39/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.60/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.33.192/27", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.34.59.0/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" }, { "ip_prefix": "15.177.0.0/18", @@ -11510,24 +20558,54 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.181.244.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.53.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.74.64/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.194.0.0/15", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "43.224.79.140/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.230/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.46.64.0/20", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.46.191.152/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.186/31", "region": "us-east-1", @@ -11582,6 +20660,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "142.4.160.96/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "150.222.11.96/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.230.93/32", "region": "eu-central-1", @@ -11594,6 +20684,36 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.12.242/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.27.17/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.44.128/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.45.192/27", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.181.120.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.193.1.0/24", "region": "ap-northeast-1", @@ -11606,6 +20726,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.11/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "43.224.76.68/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.168/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.80.0/21", "region": "eu-west-3", @@ -11618,6 +20762,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.46.189.64/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.104/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.86/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.67.0.0/16", "region": "sa-east-1", @@ -11642,6 +20804,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "150.222.28.112/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "150.222.217.232/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.4.176/28", "region": "ap-southeast-1", @@ -11654,12 +20828,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.62.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "15.230.69.192/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "18.138.0.0/15", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.188.236/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.126.251/32", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.93.193.201/32", "region": "ca-central-1", @@ -11678,6 +20876,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "54.239.1.176/28", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "54.239.1.192/28", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "63.246.114.0/23", "region": "GLOBAL", @@ -11690,6 +20900,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.16.64/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.22.224/27", "region": "us-east-2", @@ -11708,18 +20924,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.154.0/23", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.78/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.4/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.52.0.0/15", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.32.179/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.144.197.128/26", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.219.152.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.233.64.0/18", "region": "sa-east-1", @@ -11727,22 +20973,94 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "3.34.0.0/15", - "region": "ap-northeast-2", + "ip_prefix": "70.232.120.0/22", + "region": "eu-central-2", "service": "AMAZON", - "network_border_group": "ap-northeast-2" + "network_border_group": "eu-central-2" }, { - "ip_prefix": "15.177.74.0/24", - "region": "eu-west-3", + "ip_prefix": "150.222.129.144/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-west-3" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "52.46.172.0/22", - "region": "sa-east-1", + "ip_prefix": "161.188.150.0/23", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "3.34.0.0/15", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.34.50.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.53.64/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.57.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.177.74.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.197.3.0/24", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.56.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.75.128/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "43.224.77.36/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.172.0/22", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "52.46.191.12/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.65.0.0/16", @@ -11793,10 +21111,28 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.243.57/32", - "region": "eu-south-1", + "ip_prefix": "150.222.232.120/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.13.21/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.65.32/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "13.40.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" }, { "ip_prefix": "13.248.104.0/24", @@ -11804,12 +21140,36 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.181.251.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "34.248.0.0/13", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.76.204/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.216/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.189.92/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.237.0/24", "region": "us-west-1", @@ -11840,12 +21200,54 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "142.4.160.32/29", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "142.4.160.112/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "161.188.160.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.73.64/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.78.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "36.103.232.0/25", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "43.224.76.244/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.46.164.0/23", "region": "us-east-1", @@ -11858,12 +21260,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "67.220.224.0/20", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.82.168.0/24", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "104.255.59.137/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "108.128.0.0/13", "region": "eu-west-1", @@ -11882,6 +21296,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.27.16/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.248.126.0/24", "region": "ca-central-1", @@ -11894,6 +21314,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.26/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "18.100.0.0/15", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.93.91.106/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.119.205.0/24", "region": "ap-southeast-1", @@ -11930,6 +21368,42 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.234.8/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.134/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.41.32/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.55.160/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.61.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.248.66.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.177.87.0/24", "region": "me-south-1", @@ -11942,6 +21416,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "43.224.77.80/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.4.0/24", "region": "us-east-2", @@ -11954,6 +21434,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.250.0/28", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "54.222.48.0/22", "region": "cn-north-1", @@ -11979,23 +21465,53 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "176.32.120.0/22", + "ip_prefix": "104.255.56.12/32", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.31.128/27", + "ip_prefix": "150.222.234.106/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "176.32.120.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.31.128/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.177.85.0/24", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.246.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, + { + "ip_prefix": "15.230.75.0/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "52.46.189.52/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.50.170/31", "region": "us-east-1", @@ -12014,12 +21530,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.61/32", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.251.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "54.239.102.236/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "72.41.0.0/20", "region": "us-east-1", @@ -12032,12 +21560,36 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.129.66/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.25.160/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.48.96/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.34.50.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.55.96/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.91.0/24", "region": "af-south-1", @@ -12062,6 +21614,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.191.100/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.141.216/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.181.0/24", "region": "ap-northeast-3", @@ -12098,6 +21662,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.151.136.0/21", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "150.222.3.181/32", "region": "ap-southeast-1", @@ -12117,17 +21687,41 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.242.97/32", + "ip_prefix": "13.34.13.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.36.64/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.46.64/27", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.66.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.116.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.181.240.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "52.76.0.0/17", "region": "ap-southeast-1", @@ -12140,12 +21734,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.125.42/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.193.203/32", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.93.240.200/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.144.216.6/31", "region": "eu-north-1", @@ -12158,12 +21764,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.77.28.0/22", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "120.232.236.128/26", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.28.114/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.34.23.32/27", "region": "us-east-2", @@ -12188,6 +21806,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.34.128/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "13.248.69.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "43.224.79.44/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.18.0.0/15", "region": "eu-west-1", @@ -12206,6 +21842,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.98/32", "region": "cn-northwest-1", @@ -12266,12 +21908,60 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.2.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.36.128/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.230.195.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.248.48.0/21", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "43.224.76.48/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.206/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.239.0.32/28", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.144.0/21", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "104.255.59.81/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.3.196/31", "region": "ap-southeast-1", @@ -12285,10 +21975,10 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "150.222.242.227/32", - "region": "af-south-1", + "ip_prefix": "13.34.49.192/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "eu-west-1" }, { "ip_prefix": "15.230.39.172/31", @@ -12296,18 +21986,48 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.205.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.77.156/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.10.0.0/15", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.46.188.132/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.172/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.164.0/22", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.93.127.184/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.149/32", "region": "us-west-1", @@ -12326,12 +22046,60 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.125/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "13.34.39.224/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.63.192/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.6/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.176.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.248.40.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.190.52/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.84/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.149/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.144.208.64/26", "region": "eu-west-1", @@ -12356,12 +22124,48 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.4.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pilot-2" + }, + { + "ip_prefix": "3.33.128.0/17", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.251.0.4/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.79.114/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.46.191.232/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.46.249.0/24", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.127.220/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.240.190/31", "region": "us-west-2", @@ -12392,6 +22196,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.217.226/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "162.213.233.0/24", "region": "eu-west-1", @@ -12416,6 +22226,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.161.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.46.190.190/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "52.93.91.97/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.91.107/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.255.0/28", "region": "sa-east-1", @@ -12464,6 +22298,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "16.162.0.0/15", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.148.0.0/14", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "52.93.127.168/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.119.184.0/22", "region": "ap-southeast-1", @@ -12488,6 +22340,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.77.16.0/21", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "204.246.176.0/20", "region": "GLOBAL", @@ -12495,17 +22353,77 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "15.230.43.0/24", - "region": "eu-west-2", + "ip_prefix": "13.34.2.128/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.93.178.208/32", - "region": "us-west-1", + "ip_prefix": "13.34.62.128/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.44.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.32.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "15.181.116.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "15.197.24.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.43.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "43.224.76.116/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.152/32", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "52.93.178.208/32", + "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.219.196.0/22", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "65.8.0.0/16", "region": "GLOBAL", @@ -12524,6 +22442,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.11.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.48.64/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.243.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.23.0/24", "region": "ap-southeast-2", @@ -12536,6 +22472,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.216/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.172/32", "region": "us-west-1", @@ -12584,12 +22526,66 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "13.34.44.96/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.52.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.230.61.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.88.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "43.224.77.88/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "51.16.0.0/15", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "52.46.191.166/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.93.58.32/28", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.190/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.230.210/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.79.0.0/16", "region": "ap-southeast-2", @@ -12608,6 +22604,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "104.255.59.86/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "150.222.11.94/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "150.222.206.0/24", "region": "us-east-1", @@ -12626,6 +22634,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.39.160/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.34.56.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.248.107.0/24", "region": "ap-southeast-1", @@ -12650,6 +22670,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "18.254.0.0/16", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "43.224.76.220/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.240/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.50.172/31", "region": "us-east-1", @@ -12674,12 +22712,48 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.11.76/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "150.222.15.125/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "150.222.138.0/24", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.234.2/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.4.24.0/21", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "13.34.61.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "15.220.224.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "15.230.30.0/24", "region": "eu-west-1", @@ -12688,9 +22762,27 @@ }, { "ip_prefix": "15.230.64.128/26", - "region": "eu-west-2", + "region": "ap-southeast-3", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.230.84.0/24", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "43.224.76.224/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.208/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "52.93.126.134/32", @@ -12734,6 +22826,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "108.138.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.253.241.160/27", "region": "GLOBAL", @@ -12741,10 +22839,28 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "150.222.243.55/32", - "region": "eu-south-1", + "ip_prefix": "150.222.234.120/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "15.197.20.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "43.224.79.220/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.28.0.0/16", @@ -12764,6 +22880,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "52.93.32.183/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.93.178.235/32", "region": "us-west-1", @@ -12776,6 +22898,42 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.46.96/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.49.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.34.54.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "43.224.79.60/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.190.44/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.191.188/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.103/32", "region": "cn-northwest-1", @@ -12800,6 +22958,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.48.0/21", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "205.251.240.0/22", "region": "us-east-1", @@ -12812,18 +22976,66 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.33.34.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.14.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.34.53.96/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "13.34.57.32/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.102.0/24", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.19.252/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.199.0/28", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "43.224.79.26/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.250.193.0/24", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.46.190.242/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.77.0.0/16", "region": "ap-southeast-1", @@ -12854,18 +23066,72 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "69.107.7.32/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "150.222.129.142/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.5.236.0/22", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.7.96/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.181.250.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "15.190.0.0/22", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.193.10.0/24", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.230.94.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.230.133.30/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.46.191.110/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.153.178/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.144.192.64/26", "region": "us-east-1", @@ -12884,12 +23150,36 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.151.152.0/21", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "150.222.97.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.232.94/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "150.222.234.0/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.50.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.58/31", "region": "us-east-2", @@ -12914,6 +23204,30 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "43.224.79.184/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "52.46.188.168/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.102/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.140/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.240.0/22", "region": "eu-west-1", @@ -12980,12 +23294,36 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.20.32/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "13.34.36.96/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.34.51.64/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.62/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.179.0/29", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.183.0.0/16", "region": "ap-northeast-1", @@ -12998,6 +23336,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.34.124/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.93.60.0/24", "region": "us-east-1", @@ -13010,18 +23354,66 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.93.127.158/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "70.232.112.0/21", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "99.77.135.0/24", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "104.255.59.135/32", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "13.34.5.112/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "13.34.59.32/27", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.193.8.0/24", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.197.30.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.230.177.4/32", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.82.192.0/18", "region": "cn-northwest-1", @@ -13040,6 +23432,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.91.104/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.123.99/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.178.186/32", "region": "us-west-1", @@ -13082,12 +23486,6 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, - { - "ip_prefix": "150.222.240.137/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.224/31", "region": "us-east-1", @@ -13100,6 +23498,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.34.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.228.0.0/15", "region": "ap-southeast-1", @@ -13112,6 +23516,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.224.76.160/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.79.36/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.93.127.176/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.93.178.221/32", "region": "us-west-1", @@ -13160,6 +23582,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "150.222.0.17/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.3.220/31", "region": "ap-southeast-1", @@ -13172,18 +23600,48 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "209.54.184.0/21", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.34.51.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.148/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.46.188.156/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.191.82/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.82.188.0/22", "region": "cn-northwest-1", @@ -13202,6 +23660,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "69.107.7.120/29", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "99.77.186.0/24", "region": "us-west-2", @@ -13214,6 +23678,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.234.102/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.125.0/25", "region": "us-west-2", @@ -13227,17 +23697,65 @@ "network_border_group": "us-west-2" }, { - "ip_prefix": "15.177.68.0/23", - "region": "eu-central-1", + "ip_prefix": "13.34.60.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.177.68.0/23", + "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.230.71.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "15.230.190.0/25", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.76.4/30", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "43.224.76.228/30", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "43.224.79.166/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.46.188.92/30", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.50.158/31", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.127.252/32", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "150.222.208.64/32", "region": "af-south-1", @@ -13274,150 +23792,24 @@ "service": "CHIME_VOICECONNECTOR", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "54.252.254.192/26", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "177.71.207.128/26", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ip_prefix": "54.255.254.192/26", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ip_prefix": "52.80.198.0/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "54.244.52.192/26", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ip_prefix": "54.251.31.128/26", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ip_prefix": "52.80.197.0/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "54.241.32.64/26", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ip_prefix": "54.245.168.0/26", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ip_prefix": "54.232.40.64/26", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ip_prefix": "52.80.197.128/25", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ip_prefix": "52.83.35.128/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "54.248.220.0/26", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ip_prefix": "52.83.35.0/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "176.34.159.192/26", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ip_prefix": "54.252.79.128/26", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "52.83.34.128/25", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ip_prefix": "54.183.255.128/26", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ip_prefix": "54.250.253.192/26", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, { "ip_prefix": "15.177.0.0/18", "region": "GLOBAL", "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "54.228.16.0/26", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ip_prefix": "107.23.255.0/26", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ip_prefix": "54.243.31.192/26", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.219.170.0/23", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.219.168.0/24", "region": "eu-central-1", @@ -13436,6 +23828,18 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "16.12.6.0/23", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.219.204.0/22", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "76.223.102.0/24", "region": "GLOBAL", @@ -13448,6 +23852,12 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "76.223.96.0/24", "region": "GLOBAL", @@ -13461,10 +23871,28 @@ "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.219.48.0/22", - "region": "ap-southeast-1", + "ip_prefix": "52.219.192.0/23", + "region": "us-west-1", "service": "S3", - "network_border_group": "ap-southeast-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "52.95.136.0/23", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.143.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "3.5.136.0/22", @@ -13478,12 +23906,6 @@ "service": "S3", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "52.92.60.0/22", - "region": "ap-northeast-1", - "service": "S3", - "network_border_group": "ap-northeast-1" - }, { "ip_prefix": "52.219.68.0/22", "region": "ap-northeast-1", @@ -13509,10 +23931,22 @@ "network_border_group": "me-south-1" }, { - "ip_prefix": "52.92.72.0/22", - "region": "sa-east-1", + "ip_prefix": "52.95.187.0/24", + "region": "me-central-1", "service": "S3", - "network_border_group": "sa-east-1" + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "52.219.141.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "52.95.139.0/24", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" }, { "ip_prefix": "52.95.128.0/21", @@ -13526,11 +23960,23 @@ "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.168.0/24", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "S3", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.219.16.0/22", @@ -13544,6 +23990,24 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "16.12.10.0/23", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.219.148.0/23", "region": "ap-northeast-2", @@ -13556,6 +24020,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "52.219.195.0/24", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.72.0/23", "region": "eu-west-1", @@ -13564,9 +24034,9 @@ }, { "ip_prefix": "52.95.166.0/23", - "region": "us-gov-east-1", + "region": "ap-southeast-4", "service": "S3", - "network_border_group": "us-gov-east-1" + "network_border_group": "ap-southeast-4" }, { "ip_prefix": "52.95.169.0/24", @@ -13574,12 +24044,6 @@ "service": "S3", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "54.231.248.0/22", - "region": "ap-southeast-2", - "service": "S3", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "3.5.152.0/21", "region": "ap-northeast-1", @@ -13592,6 +24056,12 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.219.142.0/24", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.219.0.0/20", "region": "ap-northeast-1", @@ -13610,24 +24080,12 @@ "service": "S3", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "54.231.0.0/17", - "region": "us-east-1", - "service": "S3", - "network_border_group": "us-east-1" - }, { "ip_prefix": "76.223.104.0/24", "region": "GLOBAL", "service": "S3", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "52.92.40.0/21", - "region": "eu-west-1", - "service": "S3", - "network_border_group": "eu-west-1" - }, { "ip_prefix": "52.219.32.0/21", "region": "ap-southeast-1", @@ -13664,12 +24122,30 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "52.95.140.0/23", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.95.156.0/24", "region": "eu-west-3", "service": "S3", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "16.12.2.0/24", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.95.160.0/23", "region": "ap-east-1", @@ -13718,6 +24194,12 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "54.231.0.0/16", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.95.158.0/23", "region": "ap-northeast-3", @@ -13730,18 +24212,18 @@ "service": "S3", "network_border_group": "us-east-1" }, - { - "ip_prefix": "54.231.252.0/24", - "region": "ap-southeast-2", - "service": "S3", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "52.219.96.0/20", "region": "us-east-2", "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.95.148.0/23", "region": "eu-west-2", @@ -13766,12 +24248,24 @@ "service": "S3", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.248.228.0/24", "region": "GLOBAL", "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.219.180.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.95.172.0/23", "region": "me-south-1", @@ -13809,10 +24303,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "52.219.20.0/22", - "region": "us-west-1", + "ip_prefix": "52.95.190.0/24", + "region": "ca-central-1", "service": "S3", - "network_border_group": "us-west-1" + "network_border_group": "ca-central-1" }, { "ip_prefix": "52.219.24.0/21", @@ -13856,6 +24350,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.186.0/24", "region": "ap-south-2", @@ -13886,6 +24386,12 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "16.12.8.0/24", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "76.223.101.0/24", "region": "GLOBAL", @@ -13904,18 +24410,30 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "3.5.0.0/18", - "region": "us-east-1", - "service": "S3", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.152.0/23", "region": "eu-south-1", "service": "S3", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.219.172.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "52.95.138.0/24", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "52.219.200.0/24", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.216.0/22", "region": "eu-north-1", @@ -13923,16 +24441,16 @@ "network_border_group": "eu-north-1" }, { - "ip_prefix": "3.5.146.0/23", - "region": "ap-southeast-1", + "ip_prefix": "52.219.202.0/23", + "region": "ap-northeast-2", "service": "S3", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "54.231.128.0/19", - "region": "eu-west-1", + "ip_prefix": "3.5.146.0/23", + "region": "ap-southeast-1", "service": "S3", - "network_border_group": "eu-west-1" + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "52.95.180.0/24", @@ -13940,11 +24458,23 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.144.0/24", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "S3", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "16.12.9.0/24", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" }, { "ip_prefix": "52.95.184.0/23", @@ -13960,16 +24490,22 @@ }, { "ip_prefix": "52.95.142.0/23", - "region": "us-gov-west-1", + "region": "eu-west-2", "service": "S3", - "network_border_group": "us-gov-west-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "54.231.232.0/21", + "ip_prefix": "52.219.194.0/24", "region": "us-west-1", "service": "S3", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.137.8.0/22", + "region": "cn-north-1", + "service": "S3", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -14006,12 +24542,42 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "52.92.0.0/17", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.154.0/23", "region": "eu-west-3", "service": "S3", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.219.176.0/22", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "16.12.12.0/23", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ip_prefix": "76.223.103.0/24", "region": "GLOBAL", @@ -14024,6 +24590,12 @@ "service": "S3", "network_border_group": "us-west-2" }, + { + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.219.156.0/22", "region": "ap-south-1", @@ -14042,6 +24614,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "16.12.14.0/24", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.219.56.0/22", "region": "ap-northeast-2", @@ -14049,10 +24627,16 @@ "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "52.92.16.0/20", - "region": "us-east-1", + "ip_prefix": "52.219.169.0/24", + "region": "eu-central-1", "service": "S3", - "network_border_group": "us-east-1" + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "16.12.0.0/23", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" }, { "ip_prefix": "52.95.146.0/23", @@ -14060,6 +24644,12 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "52.219.184.0/21", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.218.128.0/17", "region": "us-west-2", @@ -14078,6 +24668,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.95.188.0/23", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ip_prefix": "13.248.232.0/24", "region": "GLOBAL", @@ -14091,10 +24687,10 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "54.231.192.0/20", - "region": "eu-central-1", + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", "service": "S3", - "network_border_group": "eu-central-1" + "network_border_group": "eu-south-2" }, { "ip_prefix": "52.219.132.0/22", @@ -14126,6 +24722,12 @@ "service": "S3", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.12.4.0/23", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.95.145.0/24", "region": "ca-central-1", @@ -14138,6 +24740,18 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.219.152.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.222.48.0/22", "region": "cn-north-1", @@ -14162,6 +24776,12 @@ "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.219.196.0/22", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.5.232.0/22", "region": "sa-east-1", @@ -14192,6 +24812,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", @@ -14210,12 +24836,36 @@ "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.70.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "DYNAMODB", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "52.94.26.0/23", "region": "eu-west-1", "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.72.0/24", + "region": "il-central-1", + "service": "DYNAMODB", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "DYNAMODB", + "network_border_group": "me-south-1" + }, { "ip_prefix": "52.119.252.0/22", "region": "us-west-2", @@ -14228,18 +24878,36 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.248.67.0/24", + "region": "ap-southeast-4", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.218.180.0/22", "region": "us-east-1", "service": "DYNAMODB", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.114.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.12.0/24", "region": "us-west-1", "service": "DYNAMODB", "network_border_group": "us-west-1" }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.119.249.0/24", "region": "me-south-1", @@ -14252,6 +24920,30 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "DYNAMODB", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "13.248.68.0/24", + "region": "eu-central-2", + "service": "DYNAMODB", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "DYNAMODB", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "DYNAMODB", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.248.0/24", "region": "ap-east-1", @@ -14264,12 +24956,48 @@ "service": "DYNAMODB", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.119.240.0/21", "region": "eu-west-1", "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "DYNAMODB", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "DYNAMODB", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "DYNAMODB", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "DYNAMODB", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "52.94.5.0/24", "region": "eu-west-1", @@ -14282,24 +25010,72 @@ "service": "DYNAMODB", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "DYNAMODB", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.94.10.0/24", "region": "us-west-2", "service": "DYNAMODB", "network_border_group": "us-west-2" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "DYNAMODB", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.94.22.0/24", "region": "us-gov-east-1", "service": "DYNAMODB", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "DYNAMODB", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.248.71.0/24", + "region": "ap-southeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "DYNAMODB", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "35.71.68.0/22", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.14.0/24", "region": "ca-central-1", "service": "DYNAMODB", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.94.9.0/24", "region": "us-gov-west-1", @@ -14312,6 +25088,12 @@ "service": "DYNAMODB", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "DYNAMODB", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.18.0/24", "region": "eu-south-1", @@ -14324,6 +25106,12 @@ "service": "DYNAMODB", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "DYNAMODB", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "52.94.23.0/24", "region": "eu-north-1", @@ -14342,12 +25130,24 @@ "service": "DYNAMODB", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.248.65.0/24", + "region": "eu-south-2", + "service": "DYNAMODB", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.94.17.0/24", "region": "eu-central-1", "service": "DYNAMODB", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.222.57.0/24", "region": "cn-north-1", @@ -14360,36 +25160,90 @@ "service": "DYNAMODB", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "DYNAMODB", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "52.82.187.0/24", "region": "cn-northwest-1", "service": "DYNAMODB", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "13.248.64.0/24", + "region": "ap-south-2", + "service": "DYNAMODB", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.94.11.0/24", "region": "ap-southeast-1", "service": "DYNAMODB", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "DYNAMODB", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "DYNAMODB", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "DYNAMODB", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "13.248.66.0/24", + "region": "me-central-1", + "service": "DYNAMODB", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.94.4.0/24", "region": "us-east-2", "service": "DYNAMODB", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.248.69.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.19.0/24", "region": "ap-northeast-3", "service": "DYNAMODB", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "DYNAMODB", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.94.20.0/24", "region": "ap-south-1", "service": "DYNAMODB", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "DYNAMODB", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.94.0.0/22", "region": "us-east-1", @@ -14414,12 +25268,30 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.108.0.0/14", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.181.232.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "3.2.0.0/24", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1-iah-1" }, + { + "ip_prefix": "161.188.154.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "52.4.0.0/14", "region": "us-east-1", @@ -14432,6 +25304,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.80/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "50.16.0.0/15", "region": "us-east-1", @@ -14450,24 +25328,66 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.216.0/22", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-2" + }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "15.205.0.0/16", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "64.252.69.0/24", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.131.192.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "13.236.0.0/14", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "43.206.0.0/15", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.95.226.0/24", "region": "ap-east-1", "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.56/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.4.0.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-6" + }, { "ip_prefix": "15.177.83.0/24", "region": "ap-southeast-2", @@ -14480,6 +25400,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.252.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "54.247.0.0/16", "region": "eu-west-1", @@ -14492,6 +25418,18 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ip_prefix": "54.148.0.0/15", "region": "us-west-2", @@ -14534,12 +25472,30 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.222.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "99.77.132.0/24", "region": "us-west-1", "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "161.188.146.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, + { + "ip_prefix": "15.181.247.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.232.0.0/14", "region": "us-east-1", @@ -14552,18 +25508,42 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "64.252.118.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.74.0.0/15", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.220.207.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "18.102.0.0/16", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.83.0.0/16", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "64.252.122.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.47.0.0/16", "region": "eu-west-3", @@ -14612,12 +25592,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.5.40.0/22", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "3.5.136.0/22", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.160.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "18.191.0.0/16", "region": "us-east-2", @@ -14636,6 +25628,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.80.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "54.153.128.0/17", "region": "ap-southeast-2", @@ -14648,12 +25646,24 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.247.0.0/16", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "18.192.0.0/15", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.114.0/24", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.229.0.0/16", "region": "eu-west-1", @@ -14744,24 +25754,54 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.77.183.0/24", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "64.252.79.0/24", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "161.188.148.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "15.188.0.0/16", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "18.116.0.0/14", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "54.200.0.0/15", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.5.36.0/22", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.144.0.0/14", "region": "us-east-1", @@ -14774,12 +25814,30 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "63.246.113.0/24", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "99.77.136.0/24", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.158.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "64.252.72.0/24", "region": "us-west-2", @@ -14804,6 +25862,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.3/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "3.4.3.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-1" + }, { "ip_prefix": "15.222.0.0/15", "region": "ca-central-1", @@ -14870,6 +25940,36 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.156.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "3.30.0.0/15", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.181.253.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.226.0.0/15", "region": "us-east-1", @@ -14888,6 +25988,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.144.0.0/13", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.244.0/24", "region": "eu-west-1", @@ -14924,6 +26030,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.221.0.0/16", "region": "us-east-1", @@ -14936,12 +26054,36 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.40/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "15.228.0.0/15", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.8/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "157.241.0.0/16", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.181.112.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, { "ip_prefix": "52.94.249.208/28", "region": "ap-south-2", @@ -14966,12 +26108,24 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "99.151.120.0/21", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "108.136.0.0/15", "region": "ap-southeast-3", "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "35.176.0.0/15", "region": "eu-west-2", @@ -14990,6 +26144,18 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "161.188.136.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, + { + "ip_prefix": "3.4.7.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.155.0/24", "region": "eu-west-1", @@ -15020,6 +26186,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.181.241.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -15050,6 +26222,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.94.250.16/28", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "64.252.121.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "99.150.32.0/21", "region": "ap-southeast-2", @@ -15068,6 +26252,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "161.188.130.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.229.0.0/16", "region": "sa-east-1", @@ -15093,10 +26283,10 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "52.95.236.0/24", - "region": "ap-south-2", + "ip_prefix": "70.232.124.0/22", + "region": "eu-west-1", "service": "EC2", - "network_border_group": "ap-south-2" + "network_border_group": "eu-west-1" }, { "ip_prefix": "99.77.191.0/24", @@ -15140,6 +26330,24 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "161.188.140.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "15.168.0.0/16", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "99.77.55.24/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.138.0/24", "region": "eu-south-1", @@ -15176,6 +26384,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.0/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.230.0.0/16", "region": "sa-east-1", @@ -15188,6 +26402,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "70.232.86.125/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.152.0/24", "region": "us-west-2", @@ -15218,6 +26438,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.232.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -15236,12 +26462,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.26/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.143.0/24", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.4.1.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-3" + }, { "ip_prefix": "13.56.0.0/16", "region": "us-west-1", @@ -15254,6 +26492,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.128.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-iah-1" + }, { "ip_prefix": "35.160.0.0/13", "region": "us-west-2", @@ -15278,6 +26522,24 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.181.144.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, + { + "ip_prefix": "35.71.96.0/24", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "43.200.0.0/14", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.68.0.0/15", "region": "ap-northeast-1", @@ -15290,6 +26552,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.181.254.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.60.0.0/15", "region": "ap-south-2", @@ -15302,12 +26570,24 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "99.151.80.0/21", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.36.0.0/14", "region": "ap-northeast-2", "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "161.188.142.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "18.190.0.0/16", "region": "us-east-2", @@ -15326,6 +26606,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.227.0/24", "region": "eu-north-1", @@ -15380,12 +26666,24 @@ "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.181.176.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, { "ip_prefix": "3.124.0.0/14", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.48.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "52.82.176.0/22", "region": "cn-northwest-1", @@ -15398,6 +26696,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "142.4.160.64/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "3.24.0.0/14", "region": "ap-southeast-2", @@ -15410,12 +26714,24 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "64.252.103.0/24", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "142.4.160.24/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.177.86.0/24", "region": "ap-east-1", @@ -15458,6 +26774,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "208.110.48.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.33.35.0/24", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.95.255.128/28", "region": "eu-central-1", @@ -15470,6 +26798,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "16.62.0.0/15", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.54.0.0/15", "region": "us-east-1", @@ -15482,6 +26816,12 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ip_prefix": "3.5.48.0/22", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.74.0.0/16", "region": "ap-southeast-1", @@ -15524,6 +26864,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.214.0.0/15", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.177.77.0/24", "region": "ap-northeast-3", @@ -15548,6 +26894,18 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.78.238.255/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "3.4.6.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-3" + }, { "ip_prefix": "15.177.79.0/24", "region": "ap-northeast-1", @@ -15566,6 +26924,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "35.80.0.0/12", "region": "us-west-2", @@ -15596,6 +26960,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "43.204.0.0/15", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "46.51.224.0/19", "region": "ap-northeast-1", @@ -15608,6 +26978,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "99.77.55.254/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "54.170.0.0/15", "region": "eu-west-1", @@ -15620,6 +26996,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "99.77.131.0/24", "region": "us-east-2", @@ -15632,6 +27014,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", @@ -15656,6 +27044,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.220.228.0/22", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "52.12.0.0/15", "region": "us-west-2", @@ -15668,6 +27062,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "99.78.238.253/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "162.250.236.0/24", "region": "us-east-1", @@ -15710,6 +27110,30 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "64.252.123.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "99.77.55.25/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "99.151.112.0/21", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "34.224.0.0/12", "region": "us-east-1", @@ -15752,24 +27176,66 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "16.168.0.0/15", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "64.252.78.0/24", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "99.78.238.251/32", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.181.0.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "64.252.117.0/24", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "99.151.104.0/21", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "99.151.128.0/21", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.80.0.0/15", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.5.44.0/22", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.95.249.0/24", "region": "ap-south-1", @@ -15812,6 +27278,12 @@ "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "63.246.119.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.19.0.0/16", "region": "us-east-1", @@ -15842,18 +27314,36 @@ "service": "EC2", "network_border_group": "us-east-1-bos-1" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "64.252.73.0/24", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "99.151.72.0/21", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "174.129.0.0/16", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.95.255.80/28", "region": "us-east-1", @@ -15872,6 +27362,18 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.181.224.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, + { + "ip_prefix": "15.220.227.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-2" + }, { "ip_prefix": "18.208.0.0/13", "region": "us-east-1", @@ -16004,6 +27506,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.220.0.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "52.95.243.0/24", "region": "ap-northeast-1", @@ -16040,6 +27548,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.16.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "161.188.134.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "13.51.0.0/16", "region": "eu-north-1", @@ -16106,6 +27626,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.151.88.0/21", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "216.182.238.0/23", "region": "us-east-1", @@ -16136,12 +27662,30 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "161.188.144.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "18.189.0.0/16", "region": "us-east-2", "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "35.71.64.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "99.77.184.0/24", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "3.64.0.0/12", "region": "eu-central-1", @@ -16154,6 +27698,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.201.0.0/16", "region": "eu-west-1", @@ -16190,6 +27740,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "142.4.160.48/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, { "ip_prefix": "52.95.246.0/24", "region": "us-west-1", @@ -16214,6 +27770,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "195.17.0.0/24", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "18.220.0.0/14", "region": "us-east-2", @@ -16238,6 +27800,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.226.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "52.95.228.0/24", "region": "me-south-1", @@ -16256,6 +27824,18 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "161.188.132.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bos-1" + }, + { + "ip_prefix": "3.4.16.0/21", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "68.79.0.0/18", "region": "cn-northwest-1", @@ -16292,6 +27872,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.14/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "18.178.0.0/16", "region": "ap-northeast-1", @@ -16310,6 +27896,18 @@ "service": "EC2", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.181.128.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "16.170.0.0/15", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.132.0.0/14", "region": "eu-west-2", @@ -16364,6 +27962,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "54.193.0.0/16", "region": "us-west-1", @@ -16376,6 +27980,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.92.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "99.77.55.0/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.247.0/24", "region": "eu-central-1", @@ -16389,7 +28005,25 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.5.0.0/18", + "ip_prefix": "99.77.55.2/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "15.181.245.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "99.151.96.0/21", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "35.71.68.0/22", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" @@ -16418,6 +28052,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "99.77.55.253/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.177.64.0/23", "region": "us-east-1", @@ -16430,6 +28070,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "46.51.208.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.86.0.0/15", "region": "us-east-1", @@ -16442,6 +28088,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.88/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "18.136.0.0/16", "region": "ap-southeast-1", @@ -16460,6 +28112,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.233.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.179.0.0/16", "region": "ap-northeast-1", @@ -16496,12 +28154,24 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.64.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "99.77.140.0/24", "region": "ap-northeast-3", "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "16.16.0.0/16", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", @@ -16538,6 +28208,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.255.96/28", "region": "us-west-1", @@ -16550,6 +28226,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "142.4.160.16/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "18.204.0.0/14", "region": "us-east-1", @@ -16574,12 +28256,30 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "64.252.119.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "208.86.90.0/23", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.181.248.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.29.0.0/16", "region": "eu-central-1", @@ -16616,6 +28316,18 @@ "service": "EC2", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "13.246.0.0/16", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "52.94.249.240/28", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.95.254.0/24", "region": "eu-west-3", @@ -16682,6 +28394,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.248.144/28", "region": "ap-south-1", @@ -16700,6 +28418,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.3.5.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-4" + }, { "ip_prefix": "54.78.0.0/16", "region": "eu-west-1", @@ -16718,6 +28442,18 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "71.132.0.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.40.0/21", "region": "eu-west-2", @@ -16766,6 +28502,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.77.55.1/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "15.181.192.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", @@ -16796,6 +28544,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.252.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "18.198.0.0/15", "region": "eu-central-1", @@ -16832,6 +28586,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "64.252.120.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.144.0/23", "region": "ap-northeast-2", @@ -16844,6 +28604,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.181.242.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "54.232.0.0/16", "region": "sa-east-1", @@ -16892,6 +28658,24 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.181.40.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-nyc-1" + }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", @@ -16916,6 +28700,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.181.16.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, + { + "ip_prefix": "15.181.96.0/20", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "99.150.112.0/21", "region": "ap-south-2", @@ -16946,6 +28742,18 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "162.222.148.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-lax-1" + }, + { + "ip_prefix": "3.4.2.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, { "ip_prefix": "15.177.75.0/24", "region": "eu-west-1", @@ -17078,6 +28886,18 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "35.152.0.0/16", "region": "eu-south-1", @@ -17090,18 +28910,36 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.220.220.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "35.156.0.0/14", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "161.188.138.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "3.16.0.0/14", "region": "us-east-2", "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.191.0.0/16", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.130.0.0/16", "region": "eu-west-2", @@ -17120,12 +28958,30 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "99.151.64.0/21", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.62.0.0/15", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.94.249.224/28", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "16.50.0.0/15", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "54.160.0.0/13", "region": "us-east-1", @@ -17150,6 +29006,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "70.232.86.126/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "15.220.248.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "52.95.225.0/24", "region": "ap-northeast-3", @@ -17204,6 +29072,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.250.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "52.94.249.176/28", "region": "af-south-1", @@ -17216,12 +29090,24 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.136.64.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.220.236.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "35.154.0.0/16", "region": "ap-south-1", @@ -17240,6 +29126,18 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.94.250.32/28", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "64.252.115.0/24", "region": "eu-west-1", @@ -17252,6 +29150,18 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.181.249.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, + { + "ip_prefix": "15.220.205.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "52.88.0.0/15", "region": "us-west-2", @@ -17306,6 +29216,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.5.32.0/22", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.208.0.0/12", "region": "us-east-1", @@ -17318,12 +29234,24 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "70.232.86.124/32", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "99.77.157.0/24", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "142.4.160.72/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "185.48.120.0/22", "region": "eu-west-1", @@ -17336,6 +29264,30 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "142.4.160.104/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "204.45.0.0/16", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.220.206.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "161.188.152.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1" + }, { "ip_prefix": "184.73.0.0/16", "region": "us-east-1", @@ -17378,6 +29330,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.234.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.176.0.0/15", "region": "ap-northeast-1", @@ -17438,12 +29396,30 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "43.198.0.0/15", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "71.137.4.0/24", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.104.0/21", "region": "af-south-1", "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.248.0/24", "region": "eu-central-1", @@ -17564,6 +29540,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "99.77.55.15/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "176.34.128.0/17", "region": "eu-west-1", @@ -17576,6 +29558,12 @@ "service": "EC2", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.181.244.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "18.194.0.0/15", "region": "eu-central-1", @@ -17594,18 +29582,36 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "142.4.160.96/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "3.6.0.0/15", "region": "ap-south-1", "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.181.120.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.193.1.0/24", "region": "ap-northeast-1", "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.46.184.0/22", "region": "eu-central-1", @@ -17648,6 +29654,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "161.188.150.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, { "ip_prefix": "3.34.0.0/15", "region": "ap-northeast-2", @@ -17660,6 +29672,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.65.0.0/16", "region": "ap-southeast-2", @@ -17672,6 +29690,18 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.40.0.0/14", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.181.251.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "34.248.0.0/13", "region": "eu-west-1", @@ -17690,18 +29720,60 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "142.4.160.32/29", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "142.4.160.112/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-pilot-5" + }, + { + "ip_prefix": "161.188.160.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "3.5.0.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "54.178.0.0/16", "region": "ap-northeast-1", "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "99.77.55.12/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "99.77.55.27/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "108.128.0.0/13", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "18.100.0.0/15", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "52.119.205.0/24", "region": "ap-southeast-1", @@ -17714,6 +29786,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "52.94.250.0/28", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "64.252.71.0/24", "region": "us-west-2", @@ -17732,6 +29810,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.246.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "52.95.251.0/24", "region": "us-east-2", @@ -17768,6 +29852,18 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "99.151.136.0/21", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "15.181.240.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-1" + }, { "ip_prefix": "52.76.0.0/17", "region": "ap-southeast-1", @@ -17792,6 +29888,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "99.151.144.0/21", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.10.0.0/15", "region": "us-west-2", @@ -17810,6 +29912,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.4.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pilot-2" + }, { "ip_prefix": "99.150.64.0/21", "region": "eu-north-1", @@ -17846,6 +29954,36 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "16.162.0.0/15", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "15.181.32.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-chi-1" + }, + { + "ip_prefix": "15.181.116.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.181.243.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "3.5.232.0/22", "region": "sa-east-1", @@ -17858,6 +29996,12 @@ "service": "EC2", "network_border_group": "me-central-1" }, + { + "ip_prefix": "51.16.0.0/15", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "54.79.0.0/16", "region": "ap-southeast-2", @@ -17876,12 +30020,30 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.254.0.0/16", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "64.252.105.0/24", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.4.24.0/21", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "15.220.224.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, { "ip_prefix": "54.207.0.0/16", "region": "sa-east-1", @@ -17900,6 +30062,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.28.0.0/16", "region": "eu-central-1", @@ -17912,6 +30080,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.33.34.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.77.0.0/16", "region": "ap-southeast-1", @@ -17924,18 +30098,36 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "99.77.55.255/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "3.5.236.0/22", "region": "ap-east-1", "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.181.250.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.193.10.0/24", "region": "af-south-1", "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "99.151.152.0/21", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "18.166.0.0/15", "region": "ap-east-1", @@ -17948,6 +30140,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "99.77.55.13/32", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "99.77.160.0/24", "region": "ap-northeast-1", @@ -17978,6 +30176,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.193.8.0/24", "region": "ca-central-1", @@ -18014,6 +30218,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.5.52.0/22", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "3.5.224.0/22", "region": "eu-west-3", @@ -18086,6 +30296,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.160.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "205.251.252.0/23", "region": "GLOBAL", @@ -18128,6 +30344,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "108.156.0.0/14", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.86.0.0/16", "region": "GLOBAL", @@ -18170,12 +30392,30 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.249.0.0/16", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.238.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "18.244.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "205.251.208.0/20", "region": "GLOBAL", @@ -18218,6 +30458,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.164.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "64.252.128.0/18", "region": "GLOBAL", @@ -18254,6 +30500,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.172.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.52.39.128/27", "region": "GLOBAL", @@ -18272,6 +30524,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.154.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.240.128.0/18", "region": "GLOBAL", @@ -18398,6 +30656,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.64.0.0/14", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.52.12.64/26", "region": "GLOBAL", @@ -18482,6 +30746,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "108.138.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.253.241.160/27", "region": "GLOBAL", @@ -18494,6 +30764,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.197.34.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.124.0/24", "region": "us-east-1", @@ -18518,6 +30794,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.197.32.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.197.0.0/23", "region": "GLOBAL", @@ -18536,6 +30818,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.197.16.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.230.192.0/21", "region": "GLOBAL", @@ -18566,12 +30854,36 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.197.8.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.197.18.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.120.0/24", "region": "eu-west-2", "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "3.3.8.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.127.0/24", "region": "ap-southeast-1", @@ -18596,6 +30908,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.223.0.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.82.164.0/24", "region": "sa-east-1", @@ -18644,6 +30962,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.197.12.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.118.0/24", "region": "eu-west-1", @@ -18674,18 +30998,48 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "99.83.101.0/24", + "region": "us-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.82.175.0/24", "region": "us-east-1", "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.8.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.103.0/24", "region": "us-east-1", "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.197.28.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.197.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "3.3.6.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", @@ -18764,6 +31118,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.125.0/24", + "region": "ap-southeast-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "76.223.0.0/17", "region": "GLOBAL", @@ -18794,6 +31154,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.3.0.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.83.96.0/24", "region": "ap-east-1", @@ -18812,6 +31178,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.197.3.0/24", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.104.0/24", "region": "sa-east-1", @@ -18836,12 +31208,24 @@ "service": "GLOBALACCELERATOR", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.33.128.0/17", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.101.0/24", "region": "eu-west-2", "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.197.24.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.77.189.0/24", "region": "GLOBAL", @@ -18854,12 +31238,24 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.197.20.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.102.0/24", "region": "ap-southeast-2", "service": "GLOBALACCELERATOR", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.197.30.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.193.0.0/19", "region": "GLOBAL", @@ -19010,6 +31406,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.177.92.0/24", + "region": "ap-southeast-3", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.177.68.0/23", "region": "eu-central-1", @@ -19040,6 +31442,264 @@ "service": "CHIME_MEETINGS", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "130.176.88.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.134.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.82.134.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.86.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.140.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.0.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.204.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.160.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "70.132.0.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "15.158.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.136.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.170.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.0.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.96.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.184.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "204.246.166.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.64.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.172.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "205.251.218.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.4.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.144.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.176.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.78.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.248.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "64.252.128.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.154.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "64.252.64.0/18", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.144.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.224.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.128.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.32.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.82.128.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.156.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.160.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.240.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.192.0/19", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.76.0/24", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "52.46.16.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.239.208.0/21", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.188.0/23", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.80.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "54.182.128.0/20", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "130.176.72.0/22", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "140.179.1.64/27", "region": "cn-north-1", @@ -19052,6 +31712,12 @@ "service": "CLOUD9", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.113.248/29", + "region": "cn-north-1", + "service": "CODEBUILD", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.15.0/26", "region": "cn-north-1", @@ -19064,6 +31730,48 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.58.88/29", + "region": "cn-north-1", + "service": "EBS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.160/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.192/27", + "region": "cn-north-1", + "service": "CLOUD9", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.79.244/30", + "region": "cn-north-1", + "service": "EBS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.197.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.197.128/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.198.0/25", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.80.198.136/29", "region": "cn-north-1", @@ -19112,6 +31820,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "71.131.196.128/26", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "161.189.148.0/23", "region": "cn-northwest-1", @@ -19172,18 +31886,102 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.34.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.35.0/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.35.128/25", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.83.5.0/26", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "68.79.2.244/30", + "region": "cn-northwest-1", + "service": "EBS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "68.79.2.248/29", + "region": "cn-northwest-1", + "service": "EBS", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.230.219.0/24", + "region": "cn-northwest-1", + "service": "API_GATEWAY", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.234.197.192/26", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.234.197.72/29", + "region": "cn-northwest-1", + "service": "CODEBUILD", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "18.252.126.0/25", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "18.252.145.156/30", + "region": "us-gov-east-1", + "service": "EBS", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.160/29", + "region": "us-gov-east-1", + "service": "EBS", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.168/29", + "region": "us-gov-east-1", + "service": "CODEBUILD", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.192/28", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.145.208/28", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.252.165.0/26", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "18.252.4.0/30", "region": "us-gov-east-1", @@ -19202,6 +32000,12 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "18.252.58.0/23", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "18.253.186.0/24", "region": "us-gov-east-1", @@ -19214,12 +32018,54 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.200.150.0/23", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.176.128/28", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.176.192/26", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.200.28.240/28", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "15.200.28.80/30", "region": "us-gov-west-1", "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.200.28.88/29", + "region": "us-gov-west-1", + "service": "CODEBUILD", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.205.82.0/23", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "15.205.84.0/23", + "region": "us-gov-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "160.1.128.0/24", "region": "us-gov-west-1", @@ -19232,6 +32078,24 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "3.32.190.244/30", + "region": "us-gov-west-1", + "service": "EBS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.32.190.248/29", + "region": "us-gov-west-1", + "service": "EBS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "52.61.193.0/24", + "region": "us-gov-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "52.61.40.104/29", "region": "us-gov-west-1", @@ -19286,6 +32150,36 @@ "service": "CODEBUILD", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.244.244.192/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.244.224/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.0/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.128/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.244.33.64/26", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, { "ip_prefix": "13.244.35.128/26", "region": "af-south-1", @@ -19298,12 +32192,174 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.245.1.32/27", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.112.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.113.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.114.0/24", + "region": "af-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.127.232/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.155.128/27", + "region": "af-south-1", + "service": "CLOUD9", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.155.224/27", + "region": "af-south-1", + "service": "CLOUD9", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.128/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.132/30", + "region": "af-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.166.176/29", + "region": "af-south-1", + "service": "CODEBUILD", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.241.64/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.140/30", + "region": "af-south-1", + "service": "EBS", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.160/29", + "region": "af-south-1", + "service": "EBS", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.176/28", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.245.93.192/28", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "13.246.70.0/23", + "region": "af-south-1", + "service": "API_GATEWAY", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "16.162.162.96/29", + "region": "ap-east-1", + "service": "CODEBUILD", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.162.52.0/24", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.163.196.0/22", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.163.206.0/23", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.163.63.64/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.0/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.32/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.127.64/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.162.189.0/24", "region": "ap-east-1", "service": "API_GATEWAY", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "18.162.221.128/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.221.160/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.162.221.192/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "18.163.139.32/27", "region": "ap-east-1", @@ -19358,6 +32414,66 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "18.166.237.128/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.166.237.64/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.166.237.96/27", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.111.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.112.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.113.0/24", + "region": "ap-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.112/28", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.72/29", + "region": "ap-east-1", + "service": "EBS", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.80/30", + "region": "ap-east-1", + "service": "EBS", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "18.167.88.96/28", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.112.191.184/29", "region": "ap-northeast-1", @@ -19376,6 +32492,72 @@ "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.230.21.128/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.230.21.224/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.230.21.240/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.104/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.112/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.192/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.208/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.64/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.72/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.80/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.231.6.88/29", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "18.176.203.120/30", "region": "ap-northeast-1", @@ -19466,24 +32648,96 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.112.85.96/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.112.96.0/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.112.96.128/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.112.96.160/27", "region": "ap-northeast-1", "service": "API_GATEWAY", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.112.96.64/26", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.113.218.0/26", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.113.218.112/28", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.128/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.68/30", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "3.113.218.72/30", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "3.113.218.76/30", "region": "ap-northeast-1", "service": "AMAZON_APPFLOW", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.72.164.212/30", + "region": "ap-northeast-1", + "service": "EBS", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.164.232/29", + "region": "ap-northeast-1", + "service": "EBS", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.164.240/28", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.255.0/24", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "35.72.36.140/31", "region": "ap-northeast-1", @@ -19508,12 +32762,108 @@ "service": "KINESIS_VIDEO_STREAMS", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.72.36.192/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.36.224/27", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.37.0/25", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.72.37.128/25", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.115.0/28", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.115.128/25", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.73.4.0/24", + "region": "ap-northeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.74.77.240/30", + "region": "ap-northeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.130.0/24", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.131.0/26", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.75.131.80/29", + "region": "ap-northeast-1", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.76.252.0/23", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.77.0.128/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.77.112.0/22", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.77.124.0/23", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.199.127.192/26", "region": "ap-northeast-1", "service": "CLOUDFRONT", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.248.220.0/26", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.250.251.0/24", "region": "ap-northeast-1", @@ -19521,73 +32871,175 @@ "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.124.145.16/29", - "region": "ap-northeast-2", - "service": "CODEBUILD", - "network_border_group": "ap-northeast-2" + "ip_prefix": "54.250.253.192/26", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" }, { - "ip_prefix": "13.124.199.0/24", + "ip_prefix": "13.124.145.104/29", "region": "ap-northeast-2", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.124.247.0/24", + "ip_prefix": "13.124.145.112/29", "region": "ap-northeast-2", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "13.209.1.56/29", + "ip_prefix": "13.124.145.120/29", "region": "ap-northeast-2", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.156.0/23", + "ip_prefix": "13.124.145.16/29", "region": "ap-northeast-2", - "service": "API_GATEWAY", + "service": "CODEBUILD", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.192/27", + "ip_prefix": "13.124.145.24/29", "region": "ap-northeast-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.224/27", + "ip_prefix": "13.124.145.64/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.164.243.32/27", + "ip_prefix": "13.124.145.72/29", "region": "ap-northeast-2", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.165.193.64/26", + "ip_prefix": "13.124.145.80/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "15.165.224.0/23", + "ip_prefix": "13.124.145.88/29", "region": "ap-northeast-2", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.101.192/26", + "ip_prefix": "13.124.145.96/29", "region": "ap-northeast-2", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, { - "ip_prefix": "3.34.228.0/26", + "ip_prefix": "13.124.199.0/24", + "region": "ap-northeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.124.199.0/24", + "region": "ap-northeast-2", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.124.247.0/24", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.1.0/29", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.1.56/29", + "region": "ap-northeast-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.1.8/29", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.1.96/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.71.128/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.209.71.224/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.156.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.0/28", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.192/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.224/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.164.243.32/27", + "region": "ap-northeast-2", + "service": "CLOUD9", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.165.193.64/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.165.224.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.101.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.34.228.0/26", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" @@ -19622,12 +33074,132 @@ "service": "AMAZON_APPFLOW", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.34.89.64/26", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.35.130.128/25", "region": "ap-northeast-2", "service": "CLOUDFRONT", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.36.167.128/25", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.28/30", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.48/29", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.64/28", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.167.80/28", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.190.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.192.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.194.0/23", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.202.0/25", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.245.204/30", + "region": "ap-northeast-2", + "service": "EBS", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.245.232/30", + "region": "ap-northeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.160/28", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.192/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.224/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.36.3.96/27", + "region": "ap-northeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.131.192/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.229.0/25", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.248.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.90.8/29", + "region": "ap-northeast-2", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.78.247.128/26", "region": "ap-northeast-2", @@ -19640,12 +33212,90 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "13.208.131.0/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.128/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.16/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.160/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.192/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.224/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.228/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.232/30", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.24/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.32/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.40/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.131.8/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "13.208.170.0/23", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "13.208.177.224/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "13.208.180.0/24", "region": "ap-northeast-3", @@ -19658,12 +33308,186 @@ "service": "API_GATEWAY", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "13.208.217.64/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.217.96/27", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.227.0/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.227.128/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.0/25", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.128/29", + "region": "ap-northeast-3", + "service": "EBS", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.228.136/30", + "region": "ap-northeast-3", + "service": "EBS", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.16/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.24/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.208.33.8/29", + "region": "ap-northeast-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.10.0/24", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.174.0/23", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.176.0/22", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.0/27", + "region": "ap-northeast-3", + "service": "CLOUD9", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.128/29", + "region": "ap-northeast-3", + "service": "CODEBUILD", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.192/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.32/27", + "region": "ap-northeast-3", + "service": "CLOUD9", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.24.64/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.8.192/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "13.126.23.136/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.144/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.152/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.160/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.23.192/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.126.243.0/24", + "region": "ap-south-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.128/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.127.70.136/29", "region": "ap-south-1", "service": "CODEBUILD", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.127.70.144/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.152/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.127.70.160/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.232.67.128/27", "region": "ap-south-1", @@ -19688,6 +33512,18 @@ "service": "CLOUDFRONT", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.233.177.32/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.234.221.136/29", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.234.221.192/26", "region": "ap-south-1", @@ -19700,6 +33536,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.235.197.96/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.235.228.0/24", "region": "ap-south-1", @@ -19742,6 +33584,48 @@ "service": "CLOUDFRONT", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.108.13.124/30", + "region": "ap-south-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.109.72.0/25", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.109.72.152/29", + "region": "ap-south-1", + "service": "CODEBUILD", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.110.57.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.110.71.0/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.111.110.0/23", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.111.90.0/23", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.6.70.128/26", "region": "ap-south-1", @@ -19773,151 +33657,469 @@ "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.212.3.128/26", - "region": "ap-southeast-1", + "ip_prefix": "65.0.192.176/28", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.0.192.224/27", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.0.234.0/26", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.192/29", + "region": "ap-south-1", + "service": "EBS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.200/30", + "region": "ap-south-1", + "service": "EBS", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.208/28", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.103.224/28", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.170.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.172.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.1.174.0/23", + "region": "ap-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "65.2.14.0/23", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.212.3.64/26", - "region": "ap-southeast-1", + "ip_prefix": "65.2.16.0/23", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "ap-southeast-1" + "network_border_group": "ap-south-1" }, { - "ip_prefix": "13.228.69.0/24", + "ip_prefix": "13.212.209.128/26", "region": "ap-southeast-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.128/27", + "ip_prefix": "13.212.209.94/31", "region": "ap-southeast-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.250.186.160/27", + "ip_prefix": "13.212.209.96/27", "region": "ap-southeast-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.251.113.64/26", + "ip_prefix": "13.212.3.128/26", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.251.116.0/23", + "ip_prefix": "13.212.3.64/26", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.138.134.128/25", + "ip_prefix": "13.213.20.132/30", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.138.244.0/23", + "ip_prefix": "13.213.20.136/29", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.148.0/26", + "ip_prefix": "13.213.20.144/28", "region": "ap-southeast-1", - "service": "AMAZON", + "service": "S3", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.148.128/25", + "ip_prefix": "13.213.20.160/28", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "S3", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.150.0/23", + "ip_prefix": "13.213.21.0/24", "region": "ap-southeast-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.152.0/24", + "ip_prefix": "13.213.22.0/23", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.154.0/23", + "ip_prefix": "13.213.24.0/23", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.226.0/23", + "ip_prefix": "13.213.75.224/29", "region": "ap-southeast-1", - "service": "AMAZON", + "service": "CODEBUILD", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.238.0/26", + "ip_prefix": "13.214.118.0/23", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.66.248/30", + "ip_prefix": "13.214.124.128/26", "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", + "service": "AMAZON", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "18.141.66.252/30", + "ip_prefix": "13.214.224.0/23", "region": "ap-southeast-1", - "service": "AMAZON_APPFLOW", + "service": "API_GATEWAY", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "3.0.5.32/29", + "ip_prefix": "13.214.228.0/22", "region": "ap-southeast-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "API_GATEWAY", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.220.191.0/26", + "ip_prefix": "13.228.69.0/24", "region": "ap-southeast-1", "service": "CLOUDFRONT", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.221.221.128/29", + "ip_prefix": "13.229.187.192/27", "region": "ap-southeast-1", - "service": "CODEBUILD", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "52.76.127.0/24", + "ip_prefix": "13.229.187.232/29", "region": "ap-southeast-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.210.2.192/26", - "region": "ap-southeast-2", - "service": "AMAZON_CONNECT", - "network_border_group": "ap-southeast-2" - }, - { - "ip_prefix": "13.210.67.128/26", - "region": "ap-southeast-2", - "service": "CLOUDFRONT", - "network_border_group": "ap-southeast-2" + "ip_prefix": "13.250.186.0/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "13.236.8.0/25", + "ip_prefix": "13.250.186.128/27", + "region": "ap-southeast-1", + "service": "CLOUD9", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.16/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.160/27", + "region": "ap-southeast-1", + "service": "CLOUD9", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.192/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.200/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.208/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.250.186.8/29", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.251.113.64/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.251.116.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.136.1.192/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.136.1.224/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.138.134.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.138.244.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.139.204.176/28", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.139.204.192/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.140.177.0/26", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.140.177.64/26", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.148.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.148.128/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.150.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.152.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.154.0/23", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.226.0/23", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.238.0/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.238.68/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.66.248/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "18.141.66.252/30", + "region": "ap-southeast-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.0.5.224/27", + "region": "ap-southeast-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "3.0.5.32/29", + "region": "ap-southeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.220.191.0/26", + "region": "ap-southeast-1", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.221.221.128/29", + "region": "ap-southeast-1", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.76.127.0/24", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "54.251.31.128/26", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "54.255.254.192/26", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.210.2.192/26", + "region": "ap-southeast-2", + "service": "AMAZON_CONNECT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.210.67.128/26", + "region": "ap-southeast-2", + "service": "CLOUDFRONT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.160/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.192/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.200/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.208/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.216/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.12.248/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.166.192/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.211.166.200/29", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.236.8.0/25", "region": "ap-southeast-2", "service": "AMAZON_CONNECT", "network_border_group": "ap-southeast-2" @@ -19964,6 +34166,24 @@ "service": "API_GATEWAY", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.105.5.0/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.105.5.32/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.24.1.208/28", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "3.24.227.192/26", "region": "ap-southeast-2", @@ -20036,12 +34256,168 @@ "service": "AMAZON_APPFLOW", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.26.109.216/30", + "region": "ap-southeast-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.127.24/29", + "region": "ap-southeast-2", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.137.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.138.0/23", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.140.64/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.246.0/23", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.248.0/22", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.58.224/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.81.0/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.81.32/27", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.82.236/30", + "region": "ap-southeast-2", + "service": "EBS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.82.240/29", + "region": "ap-southeast-2", + "service": "EBS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.83.0/24", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.84.0/23", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.86.0/23", + "region": "ap-southeast-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.88.0/28", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.88.16/28", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.153.254.0/24", "region": "ap-southeast-2", "service": "WORKSPACES_GATEWAYS", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "54.252.254.192/26", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "54.252.79.128/26", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "108.136.151.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.154.16/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.154.32/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.154.48/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.221.0/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.222.16.32/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "15.222.16.8/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.222.16.96/27", "region": "ca-central-1", @@ -20066,6 +34442,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.222.43.64/26", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "15.223.100.0/24", "region": "ca-central-1", @@ -20114,12 +34496,138 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.97.192.112/29", + "region": "ca-central-1", + "service": "EBS", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.192.128/25", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.217.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.218.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.219.0/24", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.230.0/25", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "3.97.49.128/25", "region": "ca-central-1", "service": "API_GATEWAY", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.97.99.128/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.160/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.64/28", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.97.99.96/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.196/30", + "region": "ca-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.224/29", + "region": "ca-central-1", + "service": "CODEBUILD", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.171.92/30", + "region": "ca-central-1", + "service": "EBS", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.24.0/28", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.24.16/28", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.98.86.0/23", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.99.124.0/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.99.194.0/23", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.99.196.0/22", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.182.14.208/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.182.14.216/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "35.182.14.48/29", "region": "ca-central-1", @@ -20132,6 +34640,42 @@ "service": "WORKSPACES_GATEWAYS", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "35.183.38.0/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.32/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.40/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.48/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.56/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "35.183.38.64/29", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "35.183.92.176/29", "region": "ca-central-1", @@ -20150,6 +34694,18 @@ "service": "CLOUDFRONT", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "99.79.20.192/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "99.79.20.224/27", + "region": "ca-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "99.79.34.0/23", "region": "ca-central-1", @@ -20211,67 +34767,253 @@ "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.120.181.40/29", + "ip_prefix": "18.196.161.0/27", "region": "eu-central-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.122.128.0/23", + "ip_prefix": "18.196.161.184/29", "region": "eu-central-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.123.12.192/26", + "ip_prefix": "18.196.161.192/29", "region": "eu-central-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.123.14.0/24", + "ip_prefix": "18.196.161.200/29", "region": "eu-central-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.123.15.0/25", + "ip_prefix": "18.196.161.32/27", "region": "eu-central-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.127.48.128/26", + "ip_prefix": "18.196.161.80/29", "region": "eu-central-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.127.48.244/30", + "ip_prefix": "18.196.161.88/29", "region": "eu-central-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.127.48.248/30", + "ip_prefix": "3.120.181.224/27", "region": "eu-central-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, { - "ip_prefix": "3.127.74.0/23", + "ip_prefix": "3.120.181.40/29", "region": "eu-central-1", - "service": "API_GATEWAY", + "service": "EC2_INSTANCE_CONNECT", "network_border_group": "eu-central-1" }, { - "ip_prefix": "35.157.127.248/29", + "ip_prefix": "3.122.128.0/23", "region": "eu-central-1", - "service": "CODEBUILD", + "service": "AMAZON", "network_border_group": "eu-central-1" }, { - "ip_prefix": "35.158.127.64/26", + "ip_prefix": "3.123.12.192/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.14.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.15.0/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.0/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.128/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.160/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.80/28", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.123.44.96/27", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.128/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.244/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.48.248/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.127.74.0/23", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.1.0/26", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.1.128/26", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.1.192/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.1.200/29", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.1.64/26", + "region": "eu-central-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.226.232/29", + "region": "eu-central-1", + "service": "EBS", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.64.226.240/30", + "region": "eu-central-1", + "service": "EBS", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.65.246.0/28", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.65.246.16/28", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.66.172.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.68.251.176/30", + "region": "eu-central-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.68.251.232/29", + "region": "eu-central-1", + "service": "CODEBUILD", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.195.128/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.195.64/26", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.211.0/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.70.212.128/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.71.104.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.71.120.0/22", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.157.127.248/29", + "region": "eu-central-1", + "service": "CODEBUILD", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "35.158.127.64/26", "region": "eu-central-1", "service": "AMAZON_CONNECT", "network_border_group": "eu-central-1" @@ -20318,6 +35060,24 @@ "service": "CLOUDFRONT", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.48.4.128/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.144/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.160/28", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.48.4.192/29", "region": "eu-north-1", @@ -20330,6 +35090,24 @@ "service": "EC2_INSTANCE_CONNECT", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.48.4.208/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.216/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.48.4.224/29", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.48.74.0/24", "region": "eu-north-1", @@ -20354,6 +35132,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.49.253.224/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.49.40.64/26", "region": "eu-north-1", @@ -20366,12 +35150,126 @@ "service": "API_GATEWAY", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.51.120.0/24", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.253.80/29", + "region": "eu-north-1", + "service": "CODEBUILD", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.29.0/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.29.32/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.152/29", + "region": "eu-north-1", + "service": "EBS", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.160/30", + "region": "eu-north-1", + "service": "EBS", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.176/28", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.71.192/28", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.95.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.96.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.51.97.0/24", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.53.180.0/23", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.53.63.128/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.53.63.160/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "13.53.63.192/27", + "region": "eu-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.16.2.0/23", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.170.199.0/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "16.171.48.0/22", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "15.160.55.112/29", + "region": "eu-south-1", + "service": "CODEBUILD", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.160.90.64/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.161.135.0/26", "region": "eu-south-1", @@ -20432,6 +35330,42 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "15.161.247.128/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.247.64/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.247.96/27", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.0/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.128/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.161.66.64/26", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.161.68.128/26", "region": "eu-south-1", @@ -20444,6 +35378,54 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "18.102.2.0/23", + "region": "eu-south-1", + "service": "API_GATEWAY", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.128/29", + "region": "eu-south-1", + "service": "EBS", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.136/30", + "region": "eu-south-1", + "service": "EBS", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.144/28", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.74.160/28", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.86.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.87.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.152.88.0/24", + "region": "eu-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "108.128.160.0/23", "region": "eu-west-1", @@ -20456,6 +35438,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "176.34.159.192/26", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "18.200.212.0/23", "region": "eu-west-1", @@ -20468,12 +35456,60 @@ "service": "EC2_INSTANCE_CONNECT", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.248.180.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.180.40/29", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.180.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.0/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.128/25", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.32/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "3.248.186.64/29", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.248.186.92/30", "region": "eu-west-1", "service": "AMAZON_APPFLOW", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.248.216.32/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "3.248.244.0/26", "region": "eu-west-1", @@ -20529,184 +35565,580 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.251.56.0/24", + "ip_prefix": "3.251.104.0/26", "region": "eu-west-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.251.62.128/25", + "ip_prefix": "3.251.104.128/25", "region": "eu-west-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.251.94.0/24", + "ip_prefix": "3.251.105.0/25", "region": "eu-west-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-1" }, { - "ip_prefix": "34.245.205.0/27", + "ip_prefix": "3.251.105.128/25", "region": "eu-west-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-1" }, { - "ip_prefix": "34.245.205.64/27", + "ip_prefix": "3.251.106.128/25", "region": "eu-west-1", - "service": "CLOUD9", + "service": "AMAZON", "network_border_group": "eu-west-1" }, { - "ip_prefix": "34.250.63.248/29", + "ip_prefix": "3.251.109.92/30", "region": "eu-west-1", - "service": "CODEBUILD", + "service": "EBS", "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.19.124.0/23", + "ip_prefix": "3.251.110.208/28", "region": "eu-west-1", - "service": "WORKSPACES_GATEWAYS", + "service": "S3", "network_border_group": "eu-west-1" }, { - "ip_prefix": "52.212.248.0/26", + "ip_prefix": "3.251.110.224/28", "region": "eu-west-1", - "service": "CLOUDFRONT", + "service": "S3", "network_border_group": "eu-west-1" }, { - "ip_prefix": "63.34.60.0/22", + "ip_prefix": "3.251.144.0/29", "region": "eu-west-1", - "service": "AMAZON", + "service": "EBS", "network_border_group": "eu-west-1" }, { - "ip_prefix": "99.80.34.128/25", + "ip_prefix": "3.251.148.120/29", "region": "eu-west-1", - "service": "AMAZON", + "service": "CODEBUILD", "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.130.91.144/30", - "region": "eu-west-2", - "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-2" - }, - { - "ip_prefix": "18.130.91.148/30", - "region": "eu-west-2", + "ip_prefix": "3.251.152.44/30", + "region": "eu-west-1", "service": "AMAZON_APPFLOW", - "network_border_group": "eu-west-2" + "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.132.146.192/26", - "region": "eu-west-2", + "ip_prefix": "3.251.215.192/26", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.132.21.0/24", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.216.0/23", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.132.22.0/23", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.56.0/24", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.133.45.0/26", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.62.128/25", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.133.45.64/26", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.94.0/24", + "region": "eu-west-1", + "service": "API_GATEWAY", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.127.32/27", - "region": "eu-west-2", - "service": "CLOUD9", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.95.128/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.17.0/25", - "region": "eu-west-2", - "service": "API_GATEWAY", - "network_border_group": "eu-west-2" + "ip_prefix": "3.251.95.96/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.17.128/25", - "region": "eu-west-2", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-2" + "ip_prefix": "34.242.153.128/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.201.128/27", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "34.242.153.224/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.201.192/26", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "34.242.153.240/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.10.201.64/27", - "region": "eu-west-2", + "ip_prefix": "34.245.205.0/27", + "region": "eu-west-1", "service": "CLOUD9", - "network_border_group": "eu-west-2" + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.11.53.0/24", - "region": "eu-west-2", - "service": "CLOUDFRONT", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.205.128/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.8.168.0/23", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.205.160/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.8.37.24/29", - "region": "eu-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.205.64/27", + "region": "eu-west-1", + "service": "CLOUD9", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "3.9.94.0/24", - "region": "eu-west-2", - "service": "API_GATEWAY", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.205.96/27", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "35.176.32.0/24", - "region": "eu-west-2", - "service": "WORKSPACES_GATEWAYS", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.82.0/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "35.176.92.32/29", - "region": "eu-west-2", - "service": "CODEBUILD", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.82.16/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" }, { - "ip_prefix": "35.179.42.0/23", - "region": "eu-west-2", - "service": "API_GATEWAY", - "network_border_group": "eu-west-2" + "ip_prefix": "34.245.82.32/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.245.82.48/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "34.250.63.248/29", + "region": "eu-west-1", + "service": "CODEBUILD", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.19.124.0/23", + "region": "eu-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.212.248.0/26", + "region": "eu-west-1", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.215.218.112/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "52.215.218.64/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "54.228.16.0/26", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "63.34.60.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.34.128/25", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.34.48/28", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.34.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.88.0/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "99.80.88.64/26", + "region": "eu-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "13.40.1.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.40.202.0/23", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.40.204.0/22", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.130.91.144/30", + "region": "eu-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.130.91.148/30", + "region": "eu-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.146.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.21.0/24", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.132.22.0/23", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.133.45.0/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.133.45.64/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.134.255.160/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.134.255.192/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.134.255.224/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.135.226.192/26", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.133.0/24", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.33.0/24", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.34.0/23", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.36.0/24", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.0/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.136/29", + "region": "eu-west-2", + "service": "EBS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.144/30", + "region": "eu-west-2", + "service": "EBS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.160/28", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.176/28", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.32/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.48/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.168.37.64/26", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.169.230.136/30", + "region": "eu-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.169.230.200/29", + "region": "eu-west-2", + "service": "CODEBUILD", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.127.32/27", + "region": "eu-west-2", + "service": "CLOUD9", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.17.0/25", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.17.128/25", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.192/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.10.201.64/27", + "region": "eu-west-2", + "service": "CLOUD9", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.11.53.0/24", + "region": "eu-west-2", + "service": "CLOUDFRONT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.168.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.37.24/29", + "region": "eu-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.8.37.96/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.64/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.68/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.159.72/30", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.0/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.32/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.41.64/27", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "3.9.94.0/24", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.176.32.0/24", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.176.92.32/29", + "region": "eu-west-2", + "service": "CODEBUILD", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.128/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.144/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.160/28", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.176/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.184/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.177.154.192/29", + "region": "eu-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.179.42.0/23", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" }, { "ip_prefix": "52.56.127.0/25", @@ -20714,6 +36146,108 @@ "service": "CLOUDFRONT", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.36.155.0/24", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.0/28", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.32/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.18.64/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.76.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.77.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.78.0/24", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.112/29", + "region": "eu-west-3", + "service": "CODEBUILD", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.24/29", + "region": "eu-west-3", + "service": "EBS", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.32/30", + "region": "eu-west-3", + "service": "EBS", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.44/30", + "region": "eu-west-3", + "service": "AMAZON_APPFLOW", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.48/28", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.36.84.64/28", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.37.1.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.38.132.0/22", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.38.140.0/23", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "15.188.102.0/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.188.184.0/24", "region": "eu-west-3", @@ -20780,6 +36314,60 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.180.1.16/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.24/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.32/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.40/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.48/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.56/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.1.8/29", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.112.128/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.180.112.160/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "35.180.112.80/29", "region": "eu-west-3", @@ -20804,6 +36392,12 @@ "service": "CLOUDFRONT", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "52.47.73.160/27", + "region": "eu-west-3", + "service": "ROUTE53_RESOLVER", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.47.73.72/29", "region": "eu-west-3", @@ -20823,98 +36417,344 @@ "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.141.160/27", + "ip_prefix": "15.184.125.0/26", "region": "me-south-1", - "service": "CLOUD9", + "service": "ROUTE53_RESOLVER", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.141.192/26", + "ip_prefix": "15.184.125.128/26", "region": "me-south-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.144.0/23", + "ip_prefix": "15.184.125.224/29", "region": "me-south-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.245.0/26", + "ip_prefix": "15.184.125.232/30", "region": "me-south-1", - "service": "AMAZON", + "service": "EBS", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.33.192/26", + "ip_prefix": "15.184.125.240/28", "region": "me-south-1", - "service": "AMAZON", + "service": "S3", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.86.0/23", + "ip_prefix": "15.184.125.64/26", "region": "me-south-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.185.91.32/27", + "ip_prefix": "15.184.153.0/28", "region": "me-south-1", - "service": "CLOUD9", + "service": "S3", "network_border_group": "me-south-1" }, { - "ip_prefix": "157.175.140.0/23", + "ip_prefix": "15.184.184.96/29", "region": "me-south-1", - "service": "API_GATEWAY", + "service": "CODEBUILD", "network_border_group": "me-south-1" }, { - "ip_prefix": "15.228.1.128/26", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" + "ip_prefix": "15.184.70.200/29", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" }, { - "ip_prefix": "15.228.1.192/26", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" + "ip_prefix": "15.184.70.224/29", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" }, { - "ip_prefix": "15.228.1.64/26", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" + "ip_prefix": "15.185.141.160/27", + "region": "me-south-1", + "service": "CLOUD9", + "network_border_group": "me-south-1" }, { - "ip_prefix": "15.228.72.64/26", - "region": "sa-east-1", - "service": "API_GATEWAY", - "network_border_group": "sa-east-1" + "ip_prefix": "15.185.141.192/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" }, { - "ip_prefix": "15.228.97.0/24", - "region": "sa-east-1", + "ip_prefix": "15.185.144.0/23", + "region": "me-south-1", "service": "API_GATEWAY", - "network_border_group": "sa-east-1" + "network_border_group": "me-south-1" }, { - "ip_prefix": "18.228.246.0/23", - "region": "sa-east-1", + "ip_prefix": "15.185.245.0/26", + "region": "me-south-1", "service": "AMAZON", - "network_border_group": "sa-east-1" + "network_border_group": "me-south-1" }, { - "ip_prefix": "18.228.70.32/29", - "region": "sa-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "sa-east-1" + "ip_prefix": "15.185.251.0/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" }, { - "ip_prefix": "18.229.100.0/26", - "region": "sa-east-1", + "ip_prefix": "15.185.33.192/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.32/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.64/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.33.96/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.86.0/23", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.185.91.32/27", + "region": "me-south-1", + "service": "CLOUD9", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.102.128/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.102.160/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.102.96/27", + "region": "me-south-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.140.0/23", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.175.255.0/24", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.241.2.0/23", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.228.1.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.1.192/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.1.64/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.103.240/29", + "region": "sa-east-1", + "service": "EBS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.104.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.105.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.106.0/24", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.107.0/28", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.107.16/28", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.200/29", + "region": "sa-east-1", + "service": "CODEBUILD", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.48/30", + "region": "sa-east-1", + "service": "EBS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.126.72/30", + "region": "sa-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.129.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.144.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.150.128/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.151.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.72.64/26", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.92.192/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.92.208/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.92.224/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.228.97.0/24", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.229.36.0/23", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.229.40.0/23", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "177.71.207.128/26", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.0/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.16/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.1.8/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.246.0/23", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.228.70.32/29", + "region": "sa-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.0/26", + "region": "sa-east-1", "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, @@ -20930,6 +36770,24 @@ "service": "AMAZON_APPFLOW", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.229.100.128/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.160/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.100.192/26", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.229.220.128/26", "region": "sa-east-1", @@ -20942,6 +36800,24 @@ "service": "CLOUDFRONT", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.229.37.0/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.37.32/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.229.70.96/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.229.99.0/24", "region": "sa-east-1", @@ -20984,12 +36860,54 @@ "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.231.105.0/28", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.128/27", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.160/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.168/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.176/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.231.105.184/29", + "region": "sa-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "18.231.194.8/29", "region": "sa-east-1", "service": "CODEBUILD", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "54.232.40.64/26", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "54.233.204.0/24", "region": "sa-east-1", @@ -21002,6 +36920,18 @@ "service": "CLOUDFRONT", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "107.23.255.0/26", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.206.107.160/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.206.107.24/29", "region": "us-east-1", @@ -21009,9 +36939,171 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "18.233.213.128/25", + "ip_prefix": "18.209.113.240/28", "region": "us-east-1", - "service": "AMAZON_CONNECT", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.209.113.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.213.156.96/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.128/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.32/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.36/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.40/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.44/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.232.1.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.208.72.176/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.202.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.0/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.144/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.160/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.32/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.83.96/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.84.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.84.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.85.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.85.128/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.85.160/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.85.192/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.87.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.209.87.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { @@ -21038,6 +37130,12 @@ "service": "API_GATEWAY", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.216.99.160/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.217.228.0/22", "region": "us-east-1", @@ -21047,199 +37145,793 @@ { "ip_prefix": "3.218.180.0/25", "region": "us-east-1", - "service": "DYNAMODB", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.180.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.181.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.181.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.182.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.182.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.183.0/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.218.183.128/25", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.227.250.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.170.0/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.170.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.170.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.171.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.171.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.172.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.172.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.173.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.173.128/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.173.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.181.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.10/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.100/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.46/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.5/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.6/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.8/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.228.182.96/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.231.2.0/25", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.234.232.224/27", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.234.248.192/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.112.0/21", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.189.100/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.189.96/30", + "region": "us-east-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.202.128/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.26.0/23", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.235.32.0/21", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.169.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.169.192/26", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.32.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.48.0/23", + "region": "us-east-1", + "service": "CLOUDFRONT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.236.94.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.237.107.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.167.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.100/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.104/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.112/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.120/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.128/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.160/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.168/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.197/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.198/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.200/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.208/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.178.224/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.207.0/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.207.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.208.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.208.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.209.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.209.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.210.0/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.212.0/22", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.238.216.128/25", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.12/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.128/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.136/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.46/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.48/28", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.5/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.6/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.64/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.152.8/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.153.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.154.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.155.0/24", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.0/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.10/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.100/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.104/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.156.112/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.188/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.19/32", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.192/26", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.2/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.20/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.24/29", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.32/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.4/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.64/27", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.8/31", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.157.96/30", + "region": "us-east-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.239.232.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.83.168.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "3.91.171.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "34.195.252.0/24", + "region": "us-east-1", + "service": "CLOUDFRONT", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.180.128/25", + "ip_prefix": "34.226.106.180/32", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.181.0/25", + "ip_prefix": "34.226.14.0/24", "region": "us-east-1", - "service": "DYNAMODB", + "service": "CLOUDFRONT", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.181.128/25", + "ip_prefix": "34.228.4.208/28", "region": "us-east-1", - "service": "DYNAMODB", + "service": "CODEBUILD", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.182.0/25", + "ip_prefix": "34.231.114.205/32", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.182.128/25", + "ip_prefix": "34.231.213.21/32", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.183.0/25", + "ip_prefix": "34.236.241.44/30", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.218.183.128/25", + "ip_prefix": "34.238.188.0/29", "region": "us-east-1", - "service": "DYNAMODB", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.227.250.128/25", + "ip_prefix": "35.168.231.216/29", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.231.2.0/25", + "ip_prefix": "35.170.83.0/25", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.234.232.224/27", + "ip_prefix": "35.170.83.144/28", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.234.248.192/26", + "ip_prefix": "35.170.83.160/28", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.112.0/21", + "ip_prefix": "35.170.83.176/28", "region": "us-east-1", - "service": "WORKSPACES_GATEWAYS", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.189.100/30", + "ip_prefix": "35.170.83.192/26", "region": "us-east-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.189.96/30", + "ip_prefix": "35.171.100.0/28", "region": "us-east-1", - "service": "AMAZON_APPFLOW", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.202.128/26", + "ip_prefix": "35.171.100.128/26", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.26.0/23", + "ip_prefix": "35.171.100.208/28", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.235.32.0/21", + "ip_prefix": "35.171.100.224/27", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.169.0/25", + "ip_prefix": "35.171.100.64/26", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.169.192/26", + "ip_prefix": "35.172.155.192/27", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "CLOUD9", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.32.0/22", + "ip_prefix": "35.172.155.96/27", "region": "us-east-1", - "service": "AMAZON", + "service": "CLOUD9", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.48.0/23", + "ip_prefix": "44.192.134.240/28", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "S3", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.236.94.128/25", + "ip_prefix": "44.192.135.0/25", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.237.107.0/25", + "ip_prefix": "44.192.135.128/25", "region": "us-east-1", - "service": "AMAZON", + "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.238.167.0/24", + "ip_prefix": "44.192.140.112/28", "region": "us-east-1", - "service": "AMAZON", + "service": "EBS", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.238.212.0/22", + "ip_prefix": "44.192.140.128/29", "region": "us-east-1", - "service": "API_GATEWAY", + "service": "EBS", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.83.168.0/22", + "ip_prefix": "44.192.140.64/28", "region": "us-east-1", - "service": "AMAZON", + "service": "S3", "network_border_group": "us-east-1" }, { - "ip_prefix": "3.91.171.128/25", + "ip_prefix": "44.192.245.160/28", "region": "us-east-1", - "service": "AMAZON", + "service": "CODEBUILD", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.195.252.0/24", + "ip_prefix": "44.192.255.128/28", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "CODEBUILD", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.226.14.0/24", + "ip_prefix": "44.194.111.224/30", "region": "us-east-1", - "service": "CLOUDFRONT", + "service": "AMAZON_APPFLOW", "network_border_group": "us-east-1" }, { - "ip_prefix": "34.228.4.208/28", + "ip_prefix": "44.199.180.0/23", "region": "us-east-1", - "service": "CODEBUILD", + "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "35.172.155.192/27", + "ip_prefix": "44.199.222.128/26", "region": "us-east-1", - "service": "CLOUD9", + "service": "AMAZON", "network_border_group": "us-east-1" }, { - "ip_prefix": "35.172.155.96/27", + "ip_prefix": "44.202.79.128/25", "region": "us-east-1", - "service": "CLOUD9", + "service": "AMAZON", "network_border_group": "us-east-1" }, { @@ -21260,12 +37952,24 @@ "service": "AMAZON_CONNECT", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.243.31.192/26", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.59.250.0/26", "region": "us-east-2", "service": "CLOUDFRONT", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.117.239.68/30", + "region": "us-east-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.188.9.0/27", "region": "us-east-2", @@ -21278,12 +37982,60 @@ "service": "CLOUD9", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.188.9.64/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.80/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.188.9.88/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.216.170.128/25", "region": "us-east-2", "service": "CLOUDFRONT", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.217.41.192/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.200/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.208/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.216/29", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "18.217.41.64/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, { "ip_prefix": "3.12.216.0/22", "region": "us-east-2", @@ -21338,6 +38090,84 @@ "service": "CLOUDFRONT", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.139.136.128/27", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.139.136.184/30", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.139.136.192/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.140.136.128/27", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.184/29", + "region": "us-east-2", + "service": "EBS", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.192/30", + "region": "us-east-2", + "service": "EBS", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.208/28", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.141.102.224/28", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.143.206.104/29", + "region": "us-east-2", + "service": "CODEBUILD", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.144.141.192/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.220.0/22", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.31.0/26", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.31.128/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "3.15.35.0/24", "region": "us-east-2", @@ -21368,6 +38198,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.18.132.0/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.18.132.64/26", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.19.147.0/25", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.19.147.128/25", + "region": "us-east-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-east-2" + }, { "ip_prefix": "3.21.86.0/23", "region": "us-east-2", @@ -21386,18 +38240,54 @@ "service": "CODEBUILD", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.52.1.0/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.1.16/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.1.32/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.52.110.192/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.52.118.0/23", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.52.146.128/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.52.146.192/26", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.52.200.160/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.52.201.0/24", "region": "us-west-1", @@ -21416,18 +38306,60 @@ "service": "CLOUD9", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.52.32.96/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.52.6.112/29", "region": "us-west-1", "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.56.112.168/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.56.32.200/29", "region": "us-west-1", "service": "CODEBUILD", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.57.180.176/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.184/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.208/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.216/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.57.180.64/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.144.158.0/27", "region": "us-west-1", @@ -21452,6 +38384,12 @@ "service": "API_GATEWAY", "network_border_group": "us-west-1" }, + { + "ip_prefix": "18.144.76.32/29", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.101.100.128/25", "region": "us-west-1", @@ -21470,6 +38408,138 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.101.145.192/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.145.224/27", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.156.0/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.157.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.158.0/23", + "region": "us-west-1", + "service": "CLOUDFRONT", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.240/29", + "region": "us-west-1", + "service": "EBS", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.44/30", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.160.48/28", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.161.0/25", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.161.128/25", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.162.0/24", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.0/26", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.64/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.80/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.163.96/28", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.164.0/24", + "region": "us-west-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.176.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.177.20/30", + "region": "us-west-1", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.177.48/29", + "region": "us-west-1", + "service": "CODEBUILD", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.194.128/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.200.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.202.0/23", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.101.52.208/30", "region": "us-west-1", @@ -21494,6 +38564,18 @@ "service": "CLOUDFRONT", "network_border_group": "us-west-1" }, + { + "ip_prefix": "54.183.255.128/26", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "54.241.32.64/26", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, { "ip_prefix": "18.236.61.0/25", "region": "us-west-2", @@ -21506,42 +38588,258 @@ "service": "EC2_INSTANCE_CONNECT", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.216.226.136/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.144/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.192/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.208/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.224/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.232/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.216.226.240/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.216.51.0/25", "region": "us-west-2", "service": "CLOUDFRONT", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.217.141.0/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.217.141.16/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.217.141.224/27", "region": "us-west-2", "service": "CLOUD9", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.217.141.32/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.112/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.128/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.144/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.218.119.32/27", "region": "us-west-2", "service": "CLOUD9", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.218.119.80/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.119.96/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.160/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.176/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.208/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.218.216.240/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.221.183.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.221.183.32/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.222.66.64/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.112.64/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.223.12.224/27", "region": "us-west-2", "service": "CLOUDFRONT", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.223.21.192/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.22.176/29", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.223.24.0/22", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.223.37.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.223.45.0/25", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.223.45.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.46.0/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.46.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.47.0/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.47.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.49.128/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.51.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.64.224/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "34.223.68.0/22", "region": "us-west-2", @@ -21566,6 +38864,18 @@ "service": "CLOUDFRONT", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.223.92.0/25", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "34.223.95.176/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.162.63.192/26", "region": "us-west-2", @@ -21578,6 +38888,72 @@ "service": "CLOUDFRONT", "network_border_group": "us-west-2" }, + { + "ip_prefix": "35.80.35.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.192/28", + "region": "us-west-2", + "service": "EBS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.208/28", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.36.224/28", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.88.0/22", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.80.92.0/22", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.82.136.192/29", + "region": "us-west-2", + "service": "CODEBUILD", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.83.248.40/29", + "region": "us-west-2", + "service": "CODEBUILD", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.84.36.0/30", + "region": "us-west-2", + "service": "AMAZON_APPFLOW", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.86.187.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.86.66.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "44.227.178.0/24", "region": "us-west-2", @@ -21746,6 +39122,66 @@ "service": "KINESIS_VIDEO_STREAMS", "network_border_group": "us-west-2" }, + { + "ip_prefix": "44.242.176.192/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.0/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.128/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.177.64/26", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.178.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.179.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.180.0/24", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.181.0/27", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.181.32/28", + "region": "us-west-2", + "service": "ROUTE53_RESOLVER", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "44.242.184.128/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.43.76.88/29", "region": "us-west-2", @@ -21763,6 +39199,18 @@ "region": "us-west-2", "service": "WORKSPACES_GATEWAYS", "network_border_group": "us-west-2" + }, + { + "ip_prefix": "54.244.52.192/26", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "54.245.168.0/26", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" } ], "ipv6_prefixes": [ @@ -21772,6 +39220,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1f68:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80ff:4000::/40", "region": "cn-northwest-1", @@ -21784,6 +39244,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d034:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da1b::/36", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "240f:80f8:4000::/40", "region": "cn-northwest-1", @@ -21796,6 +39268,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:f600::/39", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2400:6500:0:9::2/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4874::/47", "region": "us-west-2", @@ -21826,12 +39310,24 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-4" }, + { + "ipv6_prefix": "2a05:d034:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07c:a000::/40", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:da60:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1fa0:4000::/40", "region": "us-west-2", @@ -21850,6 +39346,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:daf1:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f15::/36", "region": "us-gov-east-1", @@ -21880,12 +39382,30 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daa0:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf8:e000::/40", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f60:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/40", "region": "eu-central-1", @@ -21896,7 +39416,7 @@ "ipv6_prefix": "2406:da15::/36", "region": "ap-northeast-2", "service": "AMAZON", - "network_border_group": "ap-northeast-2" + "network_border_group": "ap-northeast-2-wl1-cjj-wlz-1" }, { "ipv6_prefix": "240f:80f9:4000::/40", @@ -21928,6 +39448,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2600:9000:f540::/42", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d000:a000::/40", "region": "eu-south-1", @@ -21946,12 +39472,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f60:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2620:107:4000:2::92/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f68:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2a05:d050:2000::/40", "region": "eu-west-3", @@ -21964,6 +39514,36 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:9000:f000::/38", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f500::/43", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d030:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d030:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1f01:4802::/47", "region": "eu-west-1", @@ -21976,12 +39556,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4860::/47", "region": "ap-northeast-2", "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2600:1ff1:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:9000:a800::/40", "region": "GLOBAL", @@ -22012,6 +39604,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2404:c2c0:2e80::/48", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2600:1ff8:c000::/40", "region": "us-west-1", @@ -22024,6 +39622,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:4000:2::96/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d034:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:da70:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafe:e000::/40", "region": "ap-east-1", @@ -22036,6 +39652,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2620:107:4002::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daf8:4000::/40", "region": "ap-northeast-1", @@ -22054,6 +39676,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ff1:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da1c::/36", "region": "ap-southeast-2", @@ -22084,12 +39712,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, - { - "ipv6_prefix": "2600:9000:5300::/40", - "region": "GLOBAL", - "service": "AMAZON", - "network_border_group": "GLOBAL" - }, { "ipv6_prefix": "2600:9000:a700::/40", "region": "GLOBAL", @@ -22102,12 +39724,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f01:4880::/47", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2400:6500:0:7900::/56", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2404:c2c0:2f00::/40", "region": "cn-northwest-1", @@ -22126,6 +39760,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d071:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d07e:a000::/40", "region": "eu-south-1", @@ -22138,6 +39778,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -22168,12 +39814,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff1:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:9000:ae00::/40", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d000:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07e:4000::/40", "region": "eu-central-1", @@ -22198,6 +39856,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d030:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d079:c000::/40", "region": "eu-west-2", @@ -22246,6 +39910,18 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d07f:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da60:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:82be::/48", "region": "ap-south-1", @@ -22270,6 +39946,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff1:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:80e1::/48", "region": "eu-central-1", @@ -22288,12 +39970,36 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:9000:f800::/37", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2400:6500:0:9::3/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2400:6500:0:9::1/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2404:c2c0:200::/40", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da00:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafe:1000::/40", "region": "af-south-1", @@ -22306,24 +40012,60 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da60:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:dafc:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f00:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2400:6500:0:7a00::/56", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffc:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2400:6500:0:9::4/128", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ff9:1000::/40", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d079:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da68:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:dafe:4000::/40", "region": "ap-northeast-1", @@ -22336,18 +40078,42 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da68:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1ffd:8492::/48", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da70:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f1a:8000::/36", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1-wl1-mia-wlz-1" }, + { + "ipv6_prefix": "2a05:d078:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da19::/36", "region": "ap-southeast-3", @@ -22372,6 +40138,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:9000:f400::/40", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d071:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d078:8000::/40", "region": "eu-west-1", @@ -22396,12 +40174,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d030:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:1f60:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:9000:ac00::/40", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2406:daf9:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2620:107:4000:7400::/56", "region": "us-gov-west-1", @@ -22438,6 +40234,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2606:f40:6800::/48", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:daf8:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:8149::/48", "region": "ap-northeast-1", @@ -22474,6 +40282,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:3001::/48", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2406:daa0:8000::/40", "region": "ap-southeast-1", @@ -22510,12 +40324,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:9000:f538::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2606:f40:3001::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f12::/36", "region": "us-gov-west-1", "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d011::/36", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "240f:80fe:8000::/40", "region": "cn-north-1", @@ -22540,18 +40372,48 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2620:107:4000:2::90/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2406:da1e::/32", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:daf8:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d030:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2400:7fc0:2800::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:da60:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:807b::/48", "region": "us-east-1", @@ -22600,6 +40462,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ffb:60c0::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2400:6500:0:7800::/56", "region": "ap-southeast-3", @@ -22618,18 +40486,66 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f60:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d016::/36", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf1:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2600:9000:5380::/41", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d079:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da17::/36", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daff:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffc:4000::/40", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da60:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2620:107:4000:a900::/58", "region": "ap-southeast-3", @@ -22642,6 +40558,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d07f:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", @@ -22649,10 +40577,10 @@ "network_border_group": "us-east-1" }, { - "ipv6_prefix": "2600:1fa0:8000::/40", - "region": "us-east-1", + "ipv6_prefix": "2406:daf9:f000::/40", + "region": "ap-southeast-4", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-southeast-4" }, { "ipv6_prefix": "2600:1ffe:8000::/40", @@ -22660,6 +40588,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d07e:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2400:6500:0:7400::/56", "region": "ap-northeast-2", @@ -22678,6 +40612,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:f530::/46", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d07f:8000::/40", "region": "eu-west-1", @@ -22690,6 +40630,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d071:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2406:daff:1000::/40", "region": "af-south-1", @@ -22708,6 +40654,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d071:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:daff:9000::/40", "region": "ap-southeast-3", @@ -22720,12 +40672,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffd:8422::/48", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d030:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:da60:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -22744,6 +40714,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:da68:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2a05:d050:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", @@ -22762,12 +40744,24 @@ "service": "AMAZON", "network_border_group": "us-west-2-wl1-den-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -22798,6 +40792,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d000:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf1:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:85e8::/48", "region": "ap-southeast-2", @@ -22810,6 +40816,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2400:7fc0:2e80::/48", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2406:da1f::/36", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:9000:a300::/40", "region": "GLOBAL", @@ -22828,6 +40846,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d078:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da68:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2a05:d07c:2000::/40", "region": "eu-west-3", @@ -22840,6 +40876,18 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f60:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1ff1:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2400:7fc0:500::/40", "region": "GLOBAL", @@ -22852,12 +40900,24 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1ffd:8188::/48", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da60:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:dafc:1000::/40", "region": "af-south-1", @@ -22882,6 +40942,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf1:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:9000:4000::/36", "region": "GLOBAL", @@ -22894,6 +40960,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:daf1:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f00:4000::/40", "region": "us-west-2", @@ -22906,12 +40978,24 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:dafa:6000::/40", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2620:107:4000:2::93/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1ffd:838e::/48", "region": "eu-west-1", @@ -22990,6 +41074,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "240f:80a0:8000::/40", "region": "cn-north-1", @@ -23002,6 +41092,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a01:578:0:7700::/56", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:6700:ff00::/64", "region": "ap-northeast-1", @@ -23026,6 +41122,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf1:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1ffc:8000::/40", "region": "us-east-1", @@ -23074,6 +41176,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d034:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2404:c2c0:500::/40", "region": "GLOBAL", @@ -23086,6 +41194,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1f68:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1ffd:816c::/48", "region": "ap-northeast-1", @@ -23110,12 +41224,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:9000:5308::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f534::/46", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d01c::/36", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1ff8:4000::/40", "region": "us-west-2", @@ -23134,6 +41266,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:da68:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:daff:8000::/40", "region": "ap-southeast-1", @@ -23146,6 +41284,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daff:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1ff9:2000::/40", "region": "us-gov-west-1", @@ -23170,6 +41314,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1f68:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d030:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2404:c2c0:2c00::/40", "region": "cn-northwest-1", @@ -23206,6 +41362,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:daf1:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:da00:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -23242,6 +41410,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2406:dafc:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff9:5000::/40", "region": "us-gov-east-1", @@ -23254,6 +41434,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:da68:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:daf8:1000::/40", "region": "af-south-1", @@ -23272,6 +41458,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d034:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2a05:d07e:8000::/40", "region": "eu-west-1", @@ -23284,6 +41476,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2620:107:4000:2::94/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1f01:48d2::/47", "region": "ap-southeast-2", @@ -23320,6 +41518,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d078:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d078:4000::/40", "region": "eu-central-1", @@ -23338,6 +41542,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:dafc:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d050:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07f:c000::/40", "region": "eu-west-2", @@ -23356,30 +41572,72 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d07e:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2406:dafc:6000::/40", "region": "ap-northeast-3", "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:dafe:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f01:48e0::/47", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2620:107:4000:2::95/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d030:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d03a:a000::/40", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1f68:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ff8:1000::/40", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:9000:5300::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d050:c000::/40", "region": "eu-west-2", @@ -23404,6 +41662,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d079:6000::/40", "region": "eu-north-1", @@ -23416,18 +41680,48 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:daa0:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2a05:d071:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2400:7fc0:2400::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1ffa:c000::/40", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d07c:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07f:2000::/40", "region": "eu-west-3", @@ -23446,6 +41740,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-5" }, + { + "ipv6_prefix": "2a05:d015::/36", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1ff8:8000::/40", "region": "us-east-1", @@ -23512,18 +41812,60 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1ff1:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1ff1:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d07e:e000::/40", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:da60:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da68:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ff1:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ipv6_prefix": "2620:107:4000:2::97/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2406:da68:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1f17:8000::/36", "region": "us-east-1", @@ -23536,6 +41878,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da00:4000::/40", "region": "ap-northeast-1", @@ -23566,6 +41914,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-wl1-sea-wlz-1" }, + { + "ipv6_prefix": "2a05:d071:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:dafc:a000::/40", "region": "ap-south-1", @@ -23584,6 +41938,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:daff:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2600:9000:f520::/44", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d030:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da14::/36", "region": "ap-northeast-1", @@ -23620,6 +41992,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2620:107:4000:2::91/128", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2a05:d000:8000::/40", "region": "eu-west-1", @@ -23644,18 +42022,18 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, - { - "ipv6_prefix": "2600:9000:f000::/36", - "region": "GLOBAL", - "service": "AMAZON", - "network_border_group": "GLOBAL" - }, { "ipv6_prefix": "2804:800:0:7000::/56", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f10:8000::/36", "region": "us-east-1", @@ -23686,12 +42064,48 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1f68:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2606:f40:4000::/48", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:daf9:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d07c:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da70:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da00:ff00::/64", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da60:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f01:4830::/47", "region": "eu-central-1", @@ -23734,6 +42148,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2a05:d018:1000::/36", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2400:6500:0:7b00::/56", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "240f:80fc:4000::/40", "region": "cn-northwest-1", @@ -23758,6 +42184,30 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:da70:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2600:1f60:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da00:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:833b::/48", "region": "us-east-2", @@ -23770,6 +42220,18 @@ "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2620:107:4004::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07e:2000::/40", "region": "eu-west-3", @@ -23794,12 +42256,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d071:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:e000::/40", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daa0:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f00:1000::/40", "region": "ca-central-1", @@ -23830,6 +42304,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d071:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2400:6500:100:7200::/56", "region": "cn-northwest-1", @@ -23848,6 +42328,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf1:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1ffa:e000::/40", "region": "sa-east-1", @@ -23860,12 +42346,30 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:dafc:ff80::/46", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ffb:60c1::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -23884,6 +42388,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a01:578:0:7900::/56", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d07f:a000::/40", "region": "eu-south-1", @@ -23914,12 +42424,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:9000:5320::/43", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d03a:2000::/40", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d03a:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1f18:8000::/36", "region": "us-east-1", @@ -23950,18 +42472,48 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2a05:d034:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1f70:e000::/40", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:9000:5310::/44", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2a05:d019::/36", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:dafe:9000::/40", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:9000:f580::/41", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -24004,6 +42556,18 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2a05:d07f:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -24034,24 +42598,60 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf8:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:9000::/40", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:1f01:4870::/47", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a01:578:0:7800::/56", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d079:e000::/40", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1fa0:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2406:dafe:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf1:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f01:4844::/47", "region": "us-east-2", @@ -24064,12 +42664,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d03a:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daf9:4000::/40", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f68:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ff9:4000::/40", "region": "us-west-2", @@ -24088,12 +42700,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d079:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1ffe:4000::/40", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2620:107:4007::/64", "region": "us-east-1", @@ -24118,6 +42742,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:9000:5340::/42", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2606:f40:1001::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", @@ -24130,6 +42772,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d034:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:4000::/40", "region": "eu-central-1", @@ -24154,6 +42802,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da68:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ffa:2000::/40", "region": "us-gov-west-1", @@ -24172,6 +42832,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f70:5000::/40", "region": "us-gov-east-1", @@ -24190,6 +42856,24 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d034:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2406:da68:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:dafe:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:80cb::/48", "region": "eu-central-1", @@ -24202,6 +42886,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2620:107:4005::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d000:6000::/40", "region": "eu-north-1", @@ -24214,18 +42904,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da68:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1f01:4814::/47", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:da60:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:9000:a600::/40", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:4003::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d07c:e000::/40", "region": "me-south-1", @@ -24244,6 +42952,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2a05:d07c:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d07e:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -24262,6 +42982,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d050:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "240f:80fe:4000::/40", "region": "cn-northwest-1", @@ -24311,292 +43037,112 @@ "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2600:1fff:5000::/40", - "region": "us-gov-east-1", - "service": "AMAZON", - "network_border_group": "us-gov-east-1" - }, - { - "ipv6_prefix": "2600:1f1b:8000::/36", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2-wl1-sfo-wlz-1" - }, - { - "ipv6_prefix": "2600:1ffe:2000::/40", - "region": "us-gov-west-1", + "ipv6_prefix": "2600:1f60:c000::/40", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-gov-west-1" + "network_border_group": "us-west-1" }, { - "ipv6_prefix": "2400:6500:0:7100::/56", - "region": "ap-northeast-1", + "ipv6_prefix": "2600:1fff:5000::/40", + "region": "us-gov-east-1", "service": "AMAZON", - "network_border_group": "ap-northeast-1" + "network_border_group": "us-gov-east-1" }, { - "ipv6_prefix": "2406:da70:a000::/40", + "ipv6_prefix": "2406:daf0:a000::/40", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2a05:d078:6000::/40", - "region": "eu-north-1", + "ipv6_prefix": "2600:1f1b:8000::/36", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "eu-north-1" + "network_border_group": "us-west-2-wl1-sfo-wlz-1" }, { - "ipv6_prefix": "2a05:d03a:8000::/40", - "region": "eu-west-1", + "ipv6_prefix": "2a05:d000:1000::/40", + "region": "eu-south-2", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "eu-south-2" }, { - "ipv6_prefix": "2400:6500:0:7300::/56", - "region": "ap-east-1", + "ipv6_prefix": "2a05:d030:e000::/40", + "region": "me-south-1", "service": "AMAZON", - "network_border_group": "ap-east-1" + "network_border_group": "me-south-1" }, { - "ipv6_prefix": "2600:1ff8:e000::/40", - "region": "sa-east-1", + "ipv6_prefix": "2406:da68:a000::/40", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2600:1f14:fff:f800::/53", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2406:da18:7ff:f800::/53", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2406:da00:ff00::6b17:ff00/122", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2400:7fc0:83cc:cc00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ipv6_prefix": "2804:800:ff00::b147:cf80/122", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2406:da18:fff:f800::/53", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2406:da1c:7ff:f800::/53", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2600:1f18:7fff:f800::/53", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2406:da1c:fff:f800::/53", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2400:6500:ff00::36fb:1f80/122", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2403:b300:ff00::36fc:fec0/122", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2400:6500:ff00::36ff:fec0/122", - "region": "ap-southeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-1" - }, - { - "ipv6_prefix": "2a01:578:3::36e4:1000/122", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" - }, - { - "ipv6_prefix": "2400:7fc0:83cc:ce00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:cd00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:ce00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2600:1f1c:7ff:f800::/53", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2400:6700:ff00::36fa:fdc0/122", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2620:108:700f::36f4:34c0/122", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2600:1f1e:7ff:f800::/53", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2403:b300:ff00::36fc:4f80/122", - "region": "ap-southeast-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-southeast-2" - }, - { - "ipv6_prefix": "2404:c2c0:83cc:cc00::/56", - "region": "cn-northwest-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-northwest-1" - }, - { - "ipv6_prefix": "2600:1f1c:fff:f800::/53", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" - }, - { - "ipv6_prefix": "2620:108:700f::36f5:a800/122", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" - }, - { - "ipv6_prefix": "2406:da14:7ff:f800::/53", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" - }, - { - "ipv6_prefix": "2600:1f18:3fff:f800::/53", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" - }, - { - "ipv6_prefix": "2804:800:ff00::36e8:2840/122", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" - }, - { - "ipv6_prefix": "2600:1f1e:fff:f800::/53", - "region": "sa-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "sa-east-1" + "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2406:da00:ff00::36f3:1fc0/122", - "region": "us-east-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-east-1" + "ipv6_prefix": "2600:1ffe:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" }, { - "ipv6_prefix": "2406:da14:fff:f800::/53", + "ipv6_prefix": "2400:6500:0:7100::/56", "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", + "service": "AMAZON", "network_border_group": "ap-northeast-1" }, { - "ipv6_prefix": "2620:107:300f::36f1:2040/122", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" + "ipv6_prefix": "2406:da70:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2a01:578:3::b022:9fc0/122", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" + "ipv6_prefix": "2a05:d078:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" }, { - "ipv6_prefix": "2620:107:300f::36b7:ff80/122", - "region": "us-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-1" + "ipv6_prefix": "2a05:d03a:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2400:6700:ff00::36f8:dc00/122", - "region": "ap-northeast-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "ap-northeast-1" + "ipv6_prefix": "2400:6500:0:7300::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" }, { - "ipv6_prefix": "2a05:d018:fff:f800::/53", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" + "ipv6_prefix": "2600:1ff8:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" }, { - "ipv6_prefix": "2400:7fc0:83cc:cd00::/56", - "region": "cn-north-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "cn-north-1" + "ipv6_prefix": "2a05:d07a:a000::/40", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" }, { - "ipv6_prefix": "2600:1f14:7ff:f800::/53", - "region": "us-west-2", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "us-west-2" + "ipv6_prefix": "2600:1f68:1000::/40", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" }, { - "ipv6_prefix": "2a05:d018:7ff:f800::/53", - "region": "eu-west-1", - "service": "ROUTE53_HEALTHCHECKS", - "network_border_group": "eu-west-1" + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" }, { - "ipv6_prefix": "2a05:d07a:a000::/40", - "region": "eu-south-1", + "ipv6_prefix": "2a05:d034:5000::/40", + "region": "il-central-1", "service": "S3", - "network_border_group": "eu-south-1" + "network_border_group": "il-central-1" }, { "ipv6_prefix": "240f:80f8:4000::/40", @@ -24616,6 +43162,12 @@ "service": "S3", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fa0:4000::/40", "region": "us-west-2", @@ -24634,12 +43186,24 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daa0:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf8:e000::/40", "region": "ap-east-1", "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "240f:80f9:4000::/40", "region": "cn-northwest-1", @@ -24664,6 +43228,18 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1f68:4000::/40", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2a05:d050:2000::/40", "region": "eu-west-3", @@ -24676,12 +43252,30 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ff8:c000::/40", "region": "us-west-1", "service": "S3", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d034:2000::/40", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2406:daf8:4000::/40", "region": "ap-northeast-1", @@ -24706,6 +43300,18 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a05:d07a:2000::/40", "region": "eu-west-3", @@ -24730,6 +43336,12 @@ "service": "S3", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d050:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1ff9:6000::/40", "region": "us-east-2", @@ -24760,6 +43372,36 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d079:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da68:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2406:da68:2000::/40", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2a05:d034:8000::/40", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d078:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1ffa:4000::/40", "region": "us-west-2", @@ -24778,12 +43420,24 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:daf9:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ff8:5000::/36", "region": "us-gov-east-1", "service": "S3", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:daf8:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ff9:c000::/40", "region": "us-west-1", @@ -24802,12 +43456,24 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf8:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2400:7fc0:2800::/40", "region": "cn-north-1", "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "240f:80a0:4000::/40", "region": "cn-northwest-1", @@ -24839,10 +43505,22 @@ "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:1fa0:8000::/40", - "region": "us-east-1", + "ipv6_prefix": "2a05:d079:9000::/40", + "region": "eu-central-2", "service": "S3", - "network_border_group": "us-east-1" + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf9:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" }, { "ipv6_prefix": "2600:1f60:6000::/40", @@ -24850,6 +43528,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -24862,18 +43546,48 @@ "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:da68:6000::/40", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2a05:d050:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2a05:d050:a000::/40", "region": "eu-south-1", "service": "S3", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d078:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da68:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:e000::/40", "region": "ap-east-1", @@ -24886,6 +43600,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1fa0:6000::/40", "region": "us-east-2", @@ -24898,6 +43618,12 @@ "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:dafa:6000::/40", "region": "ap-northeast-3", @@ -24940,18 +43666,42 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2a05:d034:4000::/40", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daf8:8000::/40", "region": "ap-southeast-1", "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1f68:c000::/40", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d034:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1ff8:4000::/40", "region": "us-west-2", "service": "S3", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da68:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1ff9:2000::/40", "region": "us-gov-west-1", @@ -24964,6 +43714,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1f68:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2404:c2c0:2c00::/40", "region": "cn-northwest-1", @@ -24976,18 +43732,36 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff9:5000::/40", "region": "us-gov-east-1", "service": "S3", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:da68:c000::/40", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:daf8:1000::/40", "region": "af-south-1", "service": "S3", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d034:e000::/40", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80f9:8000::/40", "region": "cn-north-1", @@ -25000,6 +43774,12 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2a05:d078:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d078:4000::/40", "region": "eu-central-1", @@ -25012,6 +43792,24 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d050:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2600:1f68:5000::/40", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ff8:1000::/40", "region": "ca-central-1", @@ -25036,12 +43834,30 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d079:6000::/40", "region": "eu-north-1", "service": "S3", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daa0:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2400:7fc0:2400::/40", "region": "cn-north-1", @@ -25072,12 +43888,30 @@ "service": "S3", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:da68:4000::/40", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da68:8000::/40", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1ffa:1000::/40", "region": "ca-central-1", "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1ff9:8000::/40", "region": "us-east-1", @@ -25102,6 +43936,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1fa0:5000::/40", "region": "us-gov-east-1", @@ -25114,6 +43954,18 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:2000::/40", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2406:daf9:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1fa0:e000::/40", "region": "sa-east-1", @@ -25138,6 +43990,24 @@ "service": "S3", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2406:daa0:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:9000:a210::/48", "region": "GLOBAL", @@ -25174,6 +44044,12 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", @@ -25186,6 +44062,18 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d034:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:daa0:1000::/40", "region": "af-south-1", @@ -25198,24 +44086,48 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:6000::/40", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fa0:1000::/40", "region": "ca-central-1", "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:daf8:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:9000::/40", "region": "ap-southeast-3", "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d079:e000::/40", "region": "me-south-1", "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1fa0:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1fa0:c000::/40", "region": "us-west-1", @@ -25228,6 +44140,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f68:e000::/40", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ff9:4000::/40", "region": "us-west-2", @@ -25240,18 +44158,48 @@ "service": "S3", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d079:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:9000:a105::/48", "region": "GLOBAL", "service": "S3", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d034:c000::/40", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2406:daa0:c000::/40", "region": "ap-southeast-2", "service": "S3", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:da68:e000::/40", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ffa:2000::/40", "region": "us-gov-west-1", @@ -25264,6 +44212,30 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2a05:d034:a000::/40", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2406:da68:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da68:1000::/40", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -25276,6 +44248,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d050:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1ffa:5000::/40", "region": "us-gov-east-1", @@ -25288,6 +44266,18 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:daf0:a000::/40", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da68:a000::/40", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2a05:d078:6000::/40", "region": "eu-north-1", @@ -25300,12 +44290,24 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80ff:4000::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da1b::/36", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f19:8000::/36", "region": "us-east-1", @@ -25324,12 +44326,24 @@ "service": "EC2", "network_border_group": "us-east-1-pilot-4" }, + { + "ipv6_prefix": "2406:da60:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f1d:8000::/36", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2-pilot-2" }, + { + "ipv6_prefix": "2406:daf1:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f15::/36", "region": "us-gov-east-1", @@ -25348,6 +44362,18 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f60:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2a05:d070:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/40", "region": "eu-central-1", @@ -25358,7 +44384,7 @@ "ipv6_prefix": "2406:da15::/36", "region": "ap-northeast-2", "service": "EC2", - "network_border_group": "ap-northeast-2" + "network_border_group": "ap-northeast-2-wl1-cjj-wlz-1" }, { "ipv6_prefix": "2406:da70:8000::/40", @@ -25378,18 +44404,60 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f60:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1ff0:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2404:c2c0::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d030:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d030:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf0:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:daf0:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2600:1ff1:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d01e::/36", "region": "me-south-1", @@ -25408,18 +44476,36 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:da70:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1fff:1000::/40", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2620:107:4002::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f18::/33", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ff1:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:da1c::/36", "region": "ap-southeast-2", @@ -25432,6 +44518,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:daf0:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2404:c2c0:2f00::/40", "region": "cn-northwest-1", @@ -25444,6 +44536,18 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d071:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d070:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -25456,17 +44560,47 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff1:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d000:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1f14::/35", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2a05:d030:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2600:1ffd:807f::/48", "region": "us-east-1", "service": "EC2", - "network_border_group": "us-east-1" + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d07f:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da60:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" }, { "ipv6_prefix": "2600:1ffd:82be::/48", @@ -25480,12 +44614,30 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1ff1:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:80e1::/48", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:da00:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da60:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1f00:5000::/40", "region": "us-gov-east-1", @@ -25504,6 +44656,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da70:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f1a:8000::/36", "region": "us-east-1", @@ -25516,12 +44674,30 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1f70:c000::/40", "region": "us-west-1", "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d030:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:1f60:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2620:108:700f::/64", "region": "us-west-2", @@ -25540,6 +44716,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2606:f40:6800::/48", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1ffd:8149::/48", "region": "ap-northeast-1", @@ -25564,12 +44746,24 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2606:f40:3001::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f12::/36", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d011::/36", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2400:7fc0:2100::/40", "region": "cn-north-1", @@ -25594,6 +44788,24 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2a05:d030:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2406:da60:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2600:1ff0:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffd:807b::/48", "region": "us-east-1", @@ -25630,18 +44842,72 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ffb:60c0::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f60:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d016::/36", "region": "eu-north-1", "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf1:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:da17::/36", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:daf0:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:daff:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:da60:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2a05:d014::/36", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d07f:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2406:da60:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", @@ -25660,6 +44926,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d071:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2406:daff:1000::/40", "region": "af-south-1", @@ -25678,6 +44950,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d071:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:daff:9000::/40", "region": "ap-southeast-3", @@ -25690,12 +44968,30 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff0:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffd:8422::/48", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d030:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:da60:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2a01:578:3::/64", "region": "eu-west-1", @@ -25708,12 +45004,24 @@ "service": "EC2", "network_border_group": "us-west-2-wl1-den-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -25732,6 +45040,18 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d000:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf1:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:85e8::/48", "region": "ap-southeast-2", @@ -25744,12 +45064,48 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da1f::/36", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da60:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2600:1f60:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1ff1:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2406:daf0:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1ffd:8188::/48", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da60:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f70:8000::/40", "region": "us-east-1", @@ -25762,18 +45118,36 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf1:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2a05:d012::/36", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:daf1:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f00:4000::/40", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daf0:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1ffd:838e::/48", "region": "eu-west-1", @@ -25810,6 +45184,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daf1:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1fff:e000::/40", "region": "sa-east-1", @@ -25834,6 +45214,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf1:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2620:107:300f::/64", "region": "us-west-1", @@ -25900,12 +45286,36 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:daff:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2a05:d030:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2600:1ffd:83d2::/48", "region": "sa-east-1", "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf1:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2406:da00:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -25936,6 +45346,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2600:1ff0:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ffd:85c0::/48", "region": "ap-southeast-2", @@ -25978,6 +45394,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:daf0:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2a05:d030:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d03a:a000::/40", "region": "eu-south-1", @@ -25990,18 +45418,42 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d070:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2406:da00:1000::/40", "region": "af-south-1", "service": "EC2", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:daf0:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2620:108:d00f::/64", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d071:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:daf1:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2a05:d07f:2000::/40", "region": "eu-west-3", @@ -26014,6 +45466,12 @@ "service": "EC2", "network_border_group": "us-east-1-pilot-5" }, + { + "ipv6_prefix": "2a05:d015::/36", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1f1f::/36", "region": "us-west-2", @@ -26044,18 +45502,48 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ff1:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1ff1:6000::/40", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2406:da60:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ff1:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1f17:8000::/36", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1-wl1-nyc-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da00:4000::/40", "region": "ap-northeast-1", @@ -26074,12 +45562,30 @@ "service": "EC2", "network_border_group": "us-west-2-wl1-sea-wlz-1" }, + { + "ipv6_prefix": "2a05:d071:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daff:c000::/40", "region": "ap-southeast-2", "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:daff:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2a05:d030:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2406:da14::/36", "region": "ap-northeast-1", @@ -26110,18 +45616,42 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf0:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f10:8000::/36", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1-wl1-bos-wlz-1" }, + { + "ipv6_prefix": "2606:f40:4000::/48", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da70:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da00:ff00::/64", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da60:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:8508::/48", "region": "us-west-2", @@ -26134,12 +45664,42 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2a05:d018:1000::/36", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2600:1f11::/36", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da70:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ipv6_prefix": "2600:1f60:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d070:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2406:da00:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:833b::/48", "region": "us-east-2", @@ -26152,6 +45712,18 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2620:107:4004::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2a05:d070:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:da70:1000::/40", "region": "af-south-1", @@ -26170,6 +45742,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d071:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:e000::/40", "region": "me-south-1", @@ -26188,6 +45766,30 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d071:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2406:daf1:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:daf0:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2600:1ffb:60c1::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -26236,6 +45838,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d03a:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1f18:8000::/36", "region": "us-east-1", @@ -26248,6 +45856,18 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d019::/36", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d070:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -26278,6 +45898,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d07f:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -26296,6 +45922,30 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d070:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2406:daf1:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2a05:d03a:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2600:1ff0:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2620:107:4007::/64", "region": "us-east-1", @@ -26314,6 +45964,18 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2606:f40:1001::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:daff:4000::/40", "region": "ap-northeast-1", @@ -26338,12 +46000,24 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1ff0:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2400:7fc0:2200::/40", "region": "cn-north-1", "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf0:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1f70:5000::/40", "region": "us-gov-east-1", @@ -26356,6 +46030,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2620:107:4005::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d000:6000::/40", "region": "eu-north-1", @@ -26368,6 +46048,18 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da60:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2620:107:4003::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f16:8000::/36", "region": "us-east-2", @@ -26398,18 +46090,42 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1f60:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1fff:5000::/40", "region": "us-gov-east-1", "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:daf0:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f1b:8000::/36", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2-wl1-sfo-wlz-1" }, + { + "ipv6_prefix": "2a05:d000:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d030:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2406:da70:a000::/40", "region": "ap-south-1", @@ -26417,67 +46133,145 @@ "network_border_group": "ap-south-1" }, { - "ipv6_prefix": "2a05:d03a:8000::/40", - "region": "eu-west-1", - "service": "EC2", - "network_border_group": "eu-west-1" + "ipv6_prefix": "2a05:d03a:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2600:9000:3000::/36", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f600::/39", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f540::/42", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f000::/38", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f500::/43", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:ddd::/48", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f800::/37", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f400::/40", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f538::/45", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:5380::/41", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:1000::/36", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:2000::/36", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:3000::/36", + "ipv6_prefix": "2400:7fc0:500::/40", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:ddd::/48", + "ipv6_prefix": "2600:9000:4000::/36", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:5300::/40", + "ipv6_prefix": "2600:9000:fff::/48", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:1000::/36", + "ipv6_prefix": "2404:c2c0:500::/40", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:2000::/36", + "ipv6_prefix": "2600:9000:5308::/45", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2400:7fc0:500::/40", + "ipv6_prefix": "2600:9000:f534::/46", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:4000::/36", + "ipv6_prefix": "2600:9000:f520::/44", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:fff::/48", + "ipv6_prefix": "2600:9000:5320::/43", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2404:c2c0:500::/40", + "ipv6_prefix": "2600:9000:5310::/44", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:f580::/41", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:f000::/36", + "ipv6_prefix": "2600:9000:5340::/42", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" @@ -26488,12 +46282,24 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2400:7fc0:4000:100::/56", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2400:7fc0:4000:200::/56", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2400:7fc0:4000:300::/56", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ipv6_prefix": "2400:7fc0:4000:400::/56", "region": "cn-north-1", @@ -26506,12 +46312,42 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2400:7fc0:83cc:cc00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2400:7fc0:83cc:cd00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2400:7fc0:83cc:ce00::/56", + "region": "cn-north-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-north-1" + }, + { + "ipv6_prefix": "2404:c2c0:4000:100::/56", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2404:c2c0:4000:200::/56", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2404:c2c0:4000:300::/56", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ipv6_prefix": "2404:c2c0:4000:400::/56", "region": "cn-northwest-1", @@ -26524,24 +46360,138 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2404:c2c0:83cc:cc00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:cd00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2404:c2c0:83cc:ce00::/56", + "region": "cn-northwest-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "cn-northwest-1" + }, + { + "ipv6_prefix": "2406:da70:1000:100::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ipv6_prefix": "2406:da70:1000:200::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, + { + "ipv6_prefix": "2406:da70:1000:400::/56", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:da70:1000::/56", "region": "af-south-1", "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2406:da70:e000:100::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da70:e000:200::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2406:da70:e000:400::/56", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:da70:e000::/56", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:da14:7ff:f800::/56", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da14:fff:f800::/56", + "region": "ap-northeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:100::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:200::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:300::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da70:4000:400::/56", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:da70:4000::/56", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2406:da70:2000:100::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:200::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:300::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2406:da70:2000:400::/56", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2406:da70:2000::/56", "region": "ap-northeast-2", @@ -26554,96 +46504,516 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da70:a000:100::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:200::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:300::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da70:a000:400::/56", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:da70:a000::/56", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:da18:7ff:f800::/56", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da18:fff:f800::/56", + "region": "ap-southeast-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:100::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:200::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:300::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:da70:8000:400::/56", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2406:da70:8000::/56", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:da1c:7ff:f800::/56", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da1c:fff:f800::/56", + "region": "ap-southeast-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:100::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:200::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:300::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2406:da70:c000:400::/56", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:da70:c000::/56", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1f70:1000:100::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:200::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:300::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:1f70:1000:400::/56", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1f70:1000::/56", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d03a:4000:100::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d03a:4000:200::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d03a:4000:300::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2a05:d03a:4000:400::/56", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d03a:4000::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2a05:d03a:6000:100::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d03a:6000:200::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2a05:d03a:6000:400::/56", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d03a:6000::/56", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2a05:d03a:a000:100::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2a05:d03a:a000:200::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2a05:d03a:a000:400::/56", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a05:d03a:a000::/56", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d018:7ff:f800::/56", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d018:fff:f800::/56", + "region": "eu-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d03a:8000:100::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d03a:8000:200::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d03a:8000:300::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d03a:8000:400::/56", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d03a:8000::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d03a:c000:100::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d03a:c000:200::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d03a:c000:300::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2a05:d03a:c000:400::/56", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d03a:c000::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d03a:2000:100::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d03a:2000:200::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d03a:2000:300::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d03a:2000:400::/56", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d03a:2000::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d03a:e000:100::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2a05:d03a:e000:200::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2a05:d03a:e000:400::/56", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2a05:d03a:e000::/56", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1f1e:7ff:f800::/56", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f1e:fff:f800::/56", + "region": "sa-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:100::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:200::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f70:e000:400::/56", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1f70:e000::/56", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1f18:3fff:f800::/56", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:1f18:7fff:f800::/56", + "region": "us-east-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f70:8000::/56", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1f70:6000:100::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:200::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:300::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f70:6000:400::/56", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f70:6000::/56", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1f1c:7ff:f800::/56", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f1c:fff:f800::/56", + "region": "us-west-1", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:100::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:200::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:300::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:1f70:c000:400::/56", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1f70:c000::/56", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1f14:7ff:f800::/56", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f14:fff:f800::/56", + "region": "us-west-2", + "service": "ROUTE53_HEALTHCHECKS", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:100::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:200::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:300::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f70:4000:400::/56", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1f70:4000::/56", "region": "us-west-2", From ddaeae9ca12a44d14364abff4041159abe374abf Mon Sep 17 00:00:00 2001 From: yk Date: Tue, 15 Mar 2022 12:00:35 +0530 Subject: [PATCH 758/979] Fixing False Positive in cloudwatch iam_policy_changes --- ScoutSuite/providers/aws/resources/cloudwatch/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/cloudwatch/base.py b/ScoutSuite/providers/aws/resources/cloudwatch/base.py index 624a7ce76..c66469e41 100755 --- a/ScoutSuite/providers/aws/resources/cloudwatch/base.py +++ b/ScoutSuite/providers/aws/resources/cloudwatch/base.py @@ -42,7 +42,7 @@ async def finalize(self): self['regions'][region]['metric_filters_pattern_checks']['console_login_mfa'] = True if metric_filter['pattern'] == "{ $.userIdentity.type = \"Root\" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != \"AwsServiceEvent\" }": self['regions'][region]['metric_filters_pattern_checks']['root_usage'] = True - if metric_filter['pattern'] == "{ ($.eventName=DeleteGroupPolicy) || ($..eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }": + if metric_filter['pattern'] == "{ ($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy) }": self['regions'][region]['metric_filters_pattern_checks']['iam_policy_changes'] = True if metric_filter['pattern'] == "{ ($.eventName = CreateTrail) || ($.eventName = UpdateTrail) || ($.eventName = DeleteTrail) || ($.eventName = StartLogging) || ($.eventName = StopLogging) }": self['regions'][region]['metric_filters_pattern_checks']['cloudtrail_configuration_changes'] = True From 9071ba19226968758598af3c8177d40fffe2b8d6 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:09:39 +0100 Subject: [PATCH 759/979] Bugfix --- ScoutSuite/providers/aws/utils.py | 4 ++-- ScoutSuite/providers/gcp/utils.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 30f703de3..02c3f6672 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -37,8 +37,8 @@ def is_throttled(exception): and exception.response["Error"]["Code"] in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] ) - except Exception as exception: - print_exception(f'Unable to validate exception {e} for AWS throttling: {exception}') + except Exception as e: + print_exception(f'Unable to validate exception {exception} for AWS throttling: {e}') return False diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index 4b52c765f..66d797e5f 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -12,6 +12,6 @@ def is_throttled(exception): return True else: return False - except Exception as exception: - print_exception(f'Unable to validate exception {e} for GCP throttling: {exception}') + except Exception as e: + print_exception(f'Unable to validate exception {exception} for GCP throttling: {e}') return False From 05763d6936de179efc556b2e452f9defab6e662d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:11:02 +0100 Subject: [PATCH 760/979] Change logging level --- ScoutSuite/providers/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index ca382b1fc..27c6afb7f 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -2,7 +2,7 @@ from hashlib import sha1 import inspect -from ScoutSuite.core.console import print_info +from ScoutSuite.core.console import print_info, print_warning from ScoutSuite.providers.aws.utils import is_throttled as aws_is_throttled from ScoutSuite.providers.gcp.utils import is_throttled as gcp_is_throttled @@ -29,7 +29,7 @@ async def run_concurrently(function, backoff_seconds=15): if is_throttled(e): source_file = inspect.getsourcefile(function) source_file_line = inspect.getsourcelines(function)[1] - print_info(f'Hitting API rate limiting ({"/".join(source_file.split("/")[-2:])} L{source_file_line}), will retry in {backoff_seconds}s') + print_warning(f'Hitting API rate limiting ({"/".join(source_file.split("/")[-2:])} L{source_file_line}), will retry in {backoff_seconds}s') await asyncio.sleep(backoff_seconds) return await run_concurrently(function, backoff_seconds + 15) else: From ed18efdd99500ba8ba0da5309f5cc8cf8a336e99 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:13:54 +0100 Subject: [PATCH 761/979] Change logging level --- ScoutSuite/providers/aws/facade/rds.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/facade/rds.py b/ScoutSuite/providers/aws/facade/rds.py index f9d629e4a..72a913b51 100755 --- a/ScoutSuite/providers/aws/facade/rds.py +++ b/ScoutSuite/providers/aws/facade/rds.py @@ -54,7 +54,10 @@ async def _get_and_set_instance_tags(self, instance: {}, region: str): if e.response['Error']['Code'] != 'NoSuchTagSet': print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) except Exception as e: - print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) + if 'DBInstanceNotFound' in e: + print_warning('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) + else: + print_exception('Failed to get db instance tags for {}: {}'.format(instance['DBInstanceIdentifier'], e)) instance['Tags'] = {} async def _get_and_set_instance_clusters(self, instance: {}, region: str): From e781be404b6260b0454d2d9169f33aab2253ee4f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:35:05 +0100 Subject: [PATCH 762/979] Better error handling --- ScoutSuite/providers/aws/facade/awslambda.py | 4 ++-- ScoutSuite/providers/aws/facade/cloudformation.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/awslambda.py b/ScoutSuite/providers/aws/facade/awslambda.py index 01a4cc6ed..9824650e5 100755 --- a/ScoutSuite/providers/aws/facade/awslambda.py +++ b/ScoutSuite/providers/aws/facade/awslambda.py @@ -40,7 +40,7 @@ async def get_role_with_managed_policies(self, role_name): role['policies'] = managed_policies return role except Exception as e: - if 'NoSuchEntity' in e: + if 'NoSuchEntity' in str(e): print_warning(f'Failed to get role from managed policies: {e}') else: print_exception(f'Failed to get role from managed policies: {e}') @@ -53,7 +53,7 @@ async def get_env_variables(self, function_name, region): if "Environment" in function_configuration and "Variables" in function_configuration["Environment"]: return function_configuration["Environment"]["Variables"] except Exception as e: - if 'ResourceNotFoundException' in e: + if 'ResourceNotFoundException' in str(e): print_warning('Failed to get Lambda function configuration: {}'.format(e)) else: print_exception('Failed to get Lambda function configuration: {}'.format(e)) diff --git a/ScoutSuite/providers/aws/facade/cloudformation.py b/ScoutSuite/providers/aws/facade/cloudformation.py index 12d9fcc98..835c60977 100755 --- a/ScoutSuite/providers/aws/facade/cloudformation.py +++ b/ScoutSuite/providers/aws/facade/cloudformation.py @@ -30,7 +30,7 @@ async def _get_and_set_description(self, stack: {}, region: str): stack_description = await run_concurrently( lambda: client.describe_stacks(StackName=stack['StackName'])['Stacks'][0]) except Exception as e: - if 'does not exist' in e: + if 'does not exist' in str(e): print_warning(f'Failed to describe CloudFormation stack: {e}') else: print_exception(f'Failed to describe CloudFormation stack: {e}') @@ -43,7 +43,7 @@ async def _get_and_set_template(self, stack: {}, region: str): stack['template'] = await run_concurrently( lambda: client.get_template(StackName=stack['StackName'])['TemplateBody']) except Exception as e: - if 'is not ready' not in e: + if 'is not ready' not in str(e): print_exception(f'Failed to get CloudFormation template: {e}') stack['template'] = None From 37f1b911912070f12a5b77ad5c33c6d5fcd69f51 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:40:34 +0100 Subject: [PATCH 763/979] Print error here --- ScoutSuite/providers/base/configs/browser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index 4bff12ef9..126eb8d71 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -42,7 +42,7 @@ def get_object_at(object, path, attribute_name=None): else: return o except Exception as e: - raise e + print_exception(f'Failed to get object {object} from path {path}: e') def get_value_at(all_info, current_path, key, to_string=False): From bdfc865f50718f0386234ae99dc62159c2109d3e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 13:41:35 +0100 Subject: [PATCH 764/979] Change logging level --- ScoutSuite/providers/aws/facade/sqs.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/sqs.py b/ScoutSuite/providers/aws/facade/sqs.py index 04ec4ac7f..d7ecfb0b7 100755 --- a/ScoutSuite/providers/aws/facade/sqs.py +++ b/ScoutSuite/providers/aws/facade/sqs.py @@ -1,4 +1,4 @@ -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.basefacade import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import run_concurrently, map_concurrently @@ -28,7 +28,9 @@ async def _get_queue_attributes(self, queue_url: str, region: str, attribute_nam 'Attributes'] ) except Exception as e: - print_exception(f'Failed to get SQS queue attributes: {e}') - raise + if 'NonExistentQueue' in e: + print_warning(f'Failed to get SQS queue attributes: {e}') + else: + print_exception(f'Failed to get SQS queue attributes: {e}') return queue_url, queue_attributes From 16936d7da1377f289a329c49a7d7d6799e74b94b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 23 Mar 2022 14:03:22 +0100 Subject: [PATCH 765/979] Change logging level --- ScoutSuite/providers/gcp/facade/base.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 25cb7ce73..b267ade77 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -126,12 +126,16 @@ async def _get_projects_recursively(self, parent_type, parent_id): 'you may have specified a non-existing Organization, Folder or Project') except Exception as e: + if 'The service is currently unavailable' in e or 'Internal error encountered' in e: + print_level = print_warning + else: + print_level = print_exception try: content = e.content.decode("utf-8") content_dict = json.loads(content) - print_exception(f'Unable to list accessible Projects: {content_dict.get("error").get("message")}') + print_level(f'Unable to list accessible Projects: {content_dict.get("error").get("message")}') except Exception as e: - print_exception(f'Unable to list accessible Projects: {e}') + print_level(f'Unable to list accessible Projects: {e}') finally: return projects From e37440e671cc5a1bfe9eb659b33a0feff3bbb480 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 24 Mar 2022 10:21:18 +0100 Subject: [PATCH 766/979] Fix bug --- ScoutSuite/providers/base/configs/browser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index 126eb8d71..deecb6921 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -42,7 +42,7 @@ def get_object_at(object, path, attribute_name=None): else: return o except Exception as e: - print_exception(f'Failed to get object {object} from path {path}: e') + print_exception(f'Failed to get path {path} from object {object}:{e}') def get_value_at(all_info, current_path, key, to_string=False): From d6d704cc264b9024a3baa7816c4bee1f6f31ddb8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 24 Mar 2022 10:22:53 +0100 Subject: [PATCH 767/979] Improve handling --- ScoutSuite/providers/aws/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index ca5b1edd7..9564649f9 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -592,7 +592,7 @@ def match_security_groups_and_resources_callback(self, current_config, path, cur sg_id = resource_sg[callback_args['sg_id_attribute_name']] else: sg_id = resource_sg - if unknown_vpc_id: + if unknown_vpc_id and sg_id: vpc_id = self.sg_map[sg_id]['vpc_id'] sg_base_path = copy.deepcopy(current_path[0:4]) sg_base_path[1] = 'ec2' From 2c988c60b66b8b5890fca649323cc5b5ebd66a7e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 24 Mar 2022 10:31:56 +0100 Subject: [PATCH 768/979] Remove handling --- ScoutSuite/providers/base/configs/browser.py | 25 +++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/providers/base/configs/browser.py b/ScoutSuite/providers/base/configs/browser.py index deecb6921..710ca69d7 100755 --- a/ScoutSuite/providers/base/configs/browser.py +++ b/ScoutSuite/providers/base/configs/browser.py @@ -27,22 +27,19 @@ def get_object_at(object, path, attribute_name=None): :return: """ o = object - try: - for p in path: - if type(o) is dict: - o = o[p] - else: - o = getattr(o, p) + for p in path: + if type(o) is dict: + o = o[p] + else: + o = getattr(o, p) - if attribute_name: - if type(o) is dict: - return o[attribute_name] - else: - return getattr(o, attribute_name) + if attribute_name: + if type(o) is dict: + return o[attribute_name] else: - return o - except Exception as e: - print_exception(f'Failed to get path {path} from object {object}:{e}') + return getattr(o, attribute_name) + else: + return o def get_value_at(all_info, current_path, key, to_string=False): From f5c459559326502e9e1ed843e9fe59b0eb0e51b3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 25 Mar 2022 17:37:56 +0100 Subject: [PATCH 769/979] Change logging level --- ScoutSuite/providers/aws/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 9564649f9..72d1fdf1d 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -653,7 +653,7 @@ def set_emr_vpc_ids_callback(self, current_config, path, current_path, vpc_id, c elif 'RequestedEc2SubnetIds' in cluster['Ec2InstanceAttributes']: subnet_id = cluster['Ec2InstanceAttributes']['RequestedEc2SubnetIds'] else: - print_exception('Unable to determine VPC id for EMR cluster %s' % str(cluster_id)) + print_warning('Unable to determine VPC id for EMR cluster %s' % str(cluster_id)) continue if sg_id in self.sg_map: vpc_id = self.sg_map[sg_id]['vpc_id'] From 07c29b9729dd6472b077365e0f98df4bd487f152 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 28 Mar 2022 16:29:21 +0200 Subject: [PATCH 770/979] Change logging level --- ScoutSuite/providers/aws/provider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/provider.py b/ScoutSuite/providers/aws/provider.py index 72d1fdf1d..5b6268fc8 100755 --- a/ScoutSuite/providers/aws/provider.py +++ b/ScoutSuite/providers/aws/provider.py @@ -667,7 +667,7 @@ def set_emr_vpc_ids_callback(self, current_config, path, current_path, vpc_id, c pop_list.append(cluster_id) sid_found = True if not sid_found: - print_exception('Unable to determine VPC id for %s' % (str(subnet_id) if subnet_id else str(sg_id))) + print_warning('Unable to determine VPC id for %s' % (str(subnet_id) if subnet_id else str(sg_id))) continue if vpc_id: region_vpcs_config = get_object_at(self, current_path) From e84459f1814b51cbab85de081ca89e21175e3de1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 15:11:07 +0200 Subject: [PATCH 771/979] Handle additional cases --- ScoutSuite/providers/aws/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 02c3f6672..f95d783e6 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -35,7 +35,7 @@ def is_throttled(exception): and exception.response and "Error" in exception.response and exception.response["Error"]["Code"] - in ["Throttling", "RequestLimitExceeded", "ThrottlingException"] + in ["Throttling", "RequestLimitExceeded", "ThrottlingException", "TooManyRequestsException"] ) except Exception as e: print_exception(f'Unable to validate exception {exception} for AWS throttling: {e}') From 4d7b19330534b6df08bf07386badd7cff1d29ec3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 15:30:56 +0200 Subject: [PATCH 772/979] Handle missing value --- .../providers/gcp/resources/memorystore/redis_instances.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py b/ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py index 3e1b04ec5..bda5b9e3a 100755 --- a/ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py +++ b/ScoutSuite/providers/gcp/resources/memorystore/redis_instances.py @@ -19,7 +19,7 @@ def _parse_instance(self, raw_instance): instance_dict = {} instance_dict['id'] = get_non_provider_id(raw_instance['name']) - instance_dict['name'] = raw_instance['displayName'] + instance_dict['name'] = raw_instance.get('displayName') instance_dict['project_id'] = self.project_id instance_dict['location'] = raw_instance['locationId'] instance_dict['redis_version'] = raw_instance['redisVersion'] From dfaa8025fdf09ab7158e95408ee655d1cb5924b5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 15:33:06 +0200 Subject: [PATCH 773/979] Handle all errors --- ScoutSuite/providers/gcp/facade/kms.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/kms.py b/ScoutSuite/providers/gcp/facade/kms.py index 6ceade9ae..4cab0cd4c 100755 --- a/ScoutSuite/providers/gcp/facade/kms.py +++ b/ScoutSuite/providers/gcp/facade/kms.py @@ -11,12 +11,9 @@ class KMSFacade(GCPBaseFacade): def __init__(self): # This facade is currently using both libraries as the Cloud Client library doesn't support locations - # Cloud Client client_info = ClientInfo(user_agent=get_user_agent()) self.cloud_client = kms.KeyManagementServiceClient(client_info=client_info) - # self.cloud_client = kms.KeyManagementServiceClient() - super().__init__('cloudkms', 'v1') # API Client async def get_locations(self, project_id: str): @@ -42,7 +39,7 @@ async def list_key_rings(self, project_id: str): lambda: list(self.cloud_client.list_key_rings(parent))) return key_rings except Exception as e: - if 'Billing is disabled for project' not in e: + if 'Billing is disabled for project' not in str(e): print_exception(f'Failed to retrieve KMS key rings: {e}') return {} From 23fd21b71f96e8e65c31d50d29895700aef086b8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 15:46:22 +0200 Subject: [PATCH 774/979] Check conditions --- .../findings/iam-assume-role-policy-allows-all.json | 9 +++++++++ .../aws/rules/findings/s3-bucket-world-policy-arg.json | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json index dc173713c..aab0e1b0c 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-policy-allows-all.json @@ -27,6 +27,15 @@ [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id" ] + ], + [ + "_INCLUDE_(conditions/policy-statement-poor-condition.json)", + [ + "_STATEMENT_" + ], + [ + "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id" + ] ] ] } diff --git a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json index f8431676f..15b8cb0fa 100755 --- a/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json +++ b/ScoutSuite/providers/aws/rules/findings/s3-bucket-world-policy-arg.json @@ -42,6 +42,15 @@ [ "s3.buckets.id.policy.Statement.id" ] + ], + [ + "_INCLUDE_(conditions/policy-statement-poor-condition.json)", + [ + "_STATEMENT_" + ], + [ + "s3.buckets.id.policy.Statement.id" + ] ] ], "key": "s3-bucket-world-_ARG_0_-policy", From a1d84c85e86f3cddb7561b8210edf7abf4dcd26b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 16:22:49 +0200 Subject: [PATCH 775/979] Return expected format --- ScoutSuite/providers/gcp/facade/dns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/dns.py b/ScoutSuite/providers/gcp/facade/dns.py index 88cdfeb13..12a48689e 100755 --- a/ScoutSuite/providers/gcp/facade/dns.py +++ b/ScoutSuite/providers/gcp/facade/dns.py @@ -16,4 +16,4 @@ async def get_zones(self, project_id): ) except Exception as e: print_exception(f'Failed to retrieve zones: {e}') - return [] + return {} From c02989641471d5e05f6589dd84a95ef29e9bf160 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 16:23:10 +0200 Subject: [PATCH 776/979] Add type --- ScoutSuite/providers/gcp/utils.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index 66d797e5f..34f863ba1 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -4,12 +4,14 @@ def is_throttled(exception): """ Determines whether the exception is due to API throttling. - :param exception: Exception raised + :param exception: Exception raised :return: True if it's a throttling exception else False """ try: if 'Quota exceeded' in str(exception): return True + elif 'API_SHARED_QUOTA_EXHAUSTED' in str(exception): + return True else: return False except Exception as e: From a9d515c129893b9e13eb623d64807d42f3d2b0e6 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 16:37:14 +0200 Subject: [PATCH 777/979] Fix bug --- ScoutSuite/providers/gcp/resources/dns/managed_zones.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/dns/managed_zones.py b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py index bbfdfc1ed..d72cc7720 100755 --- a/ScoutSuite/providers/gcp/resources/dns/managed_zones.py +++ b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py @@ -9,7 +9,7 @@ def __init__(self, facade: GCPFacade, project_id: str): async def fetch_all(self): raw_zones = await self.facade.dns.get_zones(self.project_id) - for raw_zone in raw_zones['managedZones']: + for raw_zone in raw_zones.get('managedZones'): zone_id, zone = self._parse_zone(raw_zone) self[zone_id] = zone From e108c92f174ca28e317831cf19bc486b18ab2805 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 16:41:38 +0200 Subject: [PATCH 778/979] Fix bug --- ScoutSuite/providers/gcp/resources/dns/managed_zones.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/dns/managed_zones.py b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py index d72cc7720..227845363 100755 --- a/ScoutSuite/providers/gcp/resources/dns/managed_zones.py +++ b/ScoutSuite/providers/gcp/resources/dns/managed_zones.py @@ -9,7 +9,7 @@ def __init__(self, facade: GCPFacade, project_id: str): async def fetch_all(self): raw_zones = await self.facade.dns.get_zones(self.project_id) - for raw_zone in raw_zones.get('managedZones'): + for raw_zone in raw_zones.get('managedZones', []): zone_id, zone = self._parse_zone(raw_zone) self[zone_id] = zone From 4887e99a71a31ad3656fd60269ad0ee126c0a188 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 4 Apr 2022 17:10:13 +0200 Subject: [PATCH 779/979] Fix service list quota bug --- ScoutSuite/providers/gcp/facade/base.py | 57 +++++++++++++++++-------- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index b267ade77..087dbd9e0 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -1,4 +1,5 @@ import json +import asyncio from ScoutSuite.core.console import print_exception, print_info, print_warning from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade @@ -39,6 +40,10 @@ def __init__(self, self.stackdriverlogging = StackdriverLoggingFacade() self.stackdrivermonitoring = StackdriverMonitoringFacade() + # lock to minimize concurrent calls to get_services() + self.projects_services_lock = False + self.projects_services = {} + # Instantiate facades for proprietary services try: self.gke = GKEFacade(self.gce) @@ -47,7 +52,6 @@ def __init__(self, async def get_projects(self): try: - # All projects to which the user / Service Account has access to if self.all_projects: return await self._get_projects_recursively( @@ -140,6 +144,36 @@ async def _get_projects_recursively(self, parent_type, parent_id): finally: return projects + async def get_services(self, project_id, attempt=1): + if project_id not in self.projects_services: + # not locked, make query + if not self.projects_services_lock: + self.projects_services_lock = True + try: + serviceusage_client = self._build_arbitrary_client('serviceusage', 'v1', force_new=True) + services = serviceusage_client.services() + request = services.list(parent=f'projects/{project_id}') + services_response = await GCPFacadeUtils.get_all('services', request, services) + self.projects_services[project_id] = services_response + self.projects_services_lock = False + return self.projects_services[project_id] + except Exception as e: + # hit quota, wait and retry + if 'API_SHARED_QUOTA_EXHAUSTED' in str(e) and attempt <= 10: + await asyncio.sleep(5) + return await self.get_services(project_id, attempt+1) + # unknown error + else: + print_warning(f"Could not fetch the state of services for project \"{project_id}\": {e}") + self.projects_services_lock = False + return {} + # locked, wait and retry + else: + await asyncio.sleep(5) + return await self.get_services(project_id, attempt+1) + else: + return self.projects_services[project_id] + async def is_api_enabled(self, project_id, service): """ Given a project ID and service name, this method tries to determine if the service's API is enabled @@ -148,19 +182,8 @@ async def is_api_enabled(self, project_id, service): # All projects have IAM policies regardless of whether the IAM API is enabled. if service == 'IAM': return True - - serviceusage_client = self._build_arbitrary_client('serviceusage', 'v1', force_new=True) - services = serviceusage_client.services() - try: - request = services.list(parent=f'projects/{project_id}') - services_response = await GCPFacadeUtils.get_all('services', request, services) - except Exception as e: - print_warning(f"Could not fetch the state of services for project \"{project_id}\", " - f"including {format_service_name(service.lower())} in the execution: {e}") - return True - # These are hardcoded endpoint correspondences as there's no easy way to do this. - if service == 'KMS': + elif service == 'KMS': endpoint = 'cloudkms' elif service == 'CloudStorage': endpoint = 'storage-component' @@ -180,10 +203,11 @@ async def is_api_enabled(self, project_id, service): endpoint = 'dns' else: print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " - f"for project \"{project_id}\", including it in the execution") + f"for project \"{project_id}\" (unknown endpoint), including it in the execution") return True - for s in services_response: + services = await self.get_services(project_id) + for s in services: if endpoint in s.get('name'): if s.get('state') == 'ENABLED': return True @@ -191,7 +215,6 @@ async def is_api_enabled(self, project_id, service): print_info(f'{format_service_name(service.lower())} API not enabled for ' f'project \"{project_id}\", skipping') return False - print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " - f"for project \"{project_id}\", including it in the execution") + f"for project \"{project_id}\" (state not found), including it in the execution") return True From c6e9206689e516ce7cb62a526ec6cb0c24d60775 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 5 Apr 2022 13:05:37 +0200 Subject: [PATCH 780/979] Make sleep progressive --- ScoutSuite/providers/gcp/facade/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 087dbd9e0..340656913 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -169,7 +169,7 @@ async def get_services(self, project_id, attempt=1): return {} # locked, wait and retry else: - await asyncio.sleep(5) + await asyncio.sleep(10*attempt) return await self.get_services(project_id, attempt+1) else: return self.projects_services[project_id] From 6fc6767320c01187b737ab8d8fac80ed7a10d183 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 5 Apr 2022 13:19:38 +0200 Subject: [PATCH 781/979] Additional throttling exceptions --- ScoutSuite/providers/aws/utils.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index f95d783e6..364df50a5 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -35,7 +35,20 @@ def is_throttled(exception): and exception.response and "Error" in exception.response and exception.response["Error"]["Code"] - in ["Throttling", "RequestLimitExceeded", "ThrottlingException", "TooManyRequestsException"] + in ['Throttling', + 'ThrottlingException', + 'ThrottledException', + 'RequestThrottledException', + 'TooManyRequestsException', + 'ProvisionedThroughputExceededException', + 'TransactionInProgressException', + 'RequestLimitExceeded', + 'BandwidthLimitExceeded', + 'LimitExceededException', + 'RequestThrottled', + 'SlowDown', + 'PriorRequestNotComplete', + 'EC2ThrottledException'] ) except Exception as e: print_exception(f'Unable to validate exception {exception} for AWS throttling: {e}') From 7b16a290d98c9e2ddd040b0ac8e6d4dbc9b40417 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 5 Apr 2022 13:30:36 +0200 Subject: [PATCH 782/979] Better AWS throttling detection --- ScoutSuite/providers/aws/utils.py | 47 ++++++++++++++++++------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/ScoutSuite/providers/aws/utils.py b/ScoutSuite/providers/aws/utils.py index 364df50a5..39451a173 100755 --- a/ScoutSuite/providers/aws/utils.py +++ b/ScoutSuite/providers/aws/utils.py @@ -1,4 +1,5 @@ import re + from ScoutSuite.core.console import print_exception ec2_classic = "EC2-Classic" @@ -29,27 +30,32 @@ def is_throttled(exception): :param exception: Exception raised :return: True if it's a throttling exception else False """ + # taken from botocore.retries.standard.ThrottledRetryableChecker + throttled_errors = [ + 'Throttling', + 'ThrottlingException', + 'ThrottledException', + 'RequestThrottledException', + 'TooManyRequestsException', + 'ProvisionedThroughputExceededException', + 'TransactionInProgressException', + 'RequestLimitExceeded', + 'BandwidthLimitExceeded', + 'LimitExceededException', + 'RequestThrottled', + 'SlowDown', + 'PriorRequestNotComplete', + 'EC2ThrottledException', + ] + try: - return ( - hasattr(exception, "response") - and exception.response - and "Error" in exception.response - and exception.response["Error"]["Code"] - in ['Throttling', - 'ThrottlingException', - 'ThrottledException', - 'RequestThrottledException', - 'TooManyRequestsException', - 'ProvisionedThroughputExceededException', - 'TransactionInProgressException', - 'RequestLimitExceeded', - 'BandwidthLimitExceeded', - 'LimitExceededException', - 'RequestThrottled', - 'SlowDown', - 'PriorRequestNotComplete', - 'EC2ThrottledException'] - ) + throttled = (hasattr(exception, "response") + and exception.response + and "Error" in exception.response + and exception.response["Error"]["Code"] in throttled_errors) \ + or \ + any(error in str(exception) for error in throttled_errors) + return throttled except Exception as e: print_exception(f'Unable to validate exception {exception} for AWS throttling: {e}') return False @@ -125,6 +131,7 @@ def snake_keys(d): new_table[new_key] = d[k] return new_table + def format_arn(partition, service, region, account_id, resource_id, resource_type=None): """ Formats a resource ARN based on the parameters From 47790b67e9214bbd6767270378f5dff59b2bdccf Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 6 Apr 2022 16:20:54 +0200 Subject: [PATCH 783/979] Add exceptions --- ScoutSuite/providers/gcp/utils.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index 34f863ba1..be9db0b1a 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -1,5 +1,6 @@ from ScoutSuite.core.console import print_exception + def is_throttled(exception): """ Determines whether the exception is due to API throttling. @@ -7,10 +8,14 @@ def is_throttled(exception): :param exception: Exception raised :return: True if it's a throttling exception else False """ + throttled_errors = [ + 'Quota exceeded', + 'API_SHARED_QUOTA_EXHAUSTED', + 'RATE_LIMIT_EXCEEDED' + ] + print(exception) try: - if 'Quota exceeded' in str(exception): - return True - elif 'API_SHARED_QUOTA_EXHAUSTED' in str(exception): + if any(error in str(exception) for error in throttled_errors): return True else: return False From 6edfdda764393f0357c2577d1c1c6dfe92a63bb9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 6 Apr 2022 16:21:01 +0200 Subject: [PATCH 784/979] Fix quota issues --- ScoutSuite/providers/gcp/facade/base.py | 41 +++++++++++++++---------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 340656913..8ab22d2d8 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -1,7 +1,7 @@ import json import asyncio -from ScoutSuite.core.console import print_exception, print_info, print_warning +from ScoutSuite.core.console import print_exception, print_info, print_warning, print_debug from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.cloudresourcemanager import CloudResourceManagerFacade from ScoutSuite.providers.gcp.facade.cloudsql import CloudSQLFacade @@ -144,24 +144,26 @@ async def _get_projects_recursively(self, parent_type, parent_id): finally: return projects - async def get_services(self, project_id, attempt=1): + async def get_enabled_services(self, project_id, attempt=1, has_lock=False): + timeout = 60*attempt if project_id not in self.projects_services: # not locked, make query - if not self.projects_services_lock: + if has_lock or not self.projects_services_lock: self.projects_services_lock = True try: serviceusage_client = self._build_arbitrary_client('serviceusage', 'v1', force_new=True) services = serviceusage_client.services() - request = services.list(parent=f'projects/{project_id}') + request = services.list(parent=f'projects/{project_id}', pageSize=200, filter="state:ENABLED") services_response = await GCPFacadeUtils.get_all('services', request, services) self.projects_services[project_id] = services_response self.projects_services_lock = False return self.projects_services[project_id] except Exception as e: # hit quota, wait and retry - if 'API_SHARED_QUOTA_EXHAUSTED' in str(e) and attempt <= 10: - await asyncio.sleep(5) - return await self.get_services(project_id, attempt+1) + if ('API_SHARED_QUOTA_EXHAUSTED' in str(e) or 'RATE_LIMIT_EXCEEDED' in str(e)) and attempt <= 10: + print_warning(f"Service Usage quotas exceeded for project \"{project_id}\":, retrying in {timeout}s") + await asyncio.sleep(timeout) + return await self.get_enabled_services(project_id, attempt + 1, has_lock=True) # unknown error else: print_warning(f"Could not fetch the state of services for project \"{project_id}\": {e}") @@ -169,8 +171,14 @@ async def get_services(self, project_id, attempt=1): return {} # locked, wait and retry else: - await asyncio.sleep(10*attempt) - return await self.get_services(project_id, attempt+1) + if attempt <= 100: # need to set a limit to ensure we don't hit recursion limits + print_debug(f"Lock already acquired for get_services() on project \"{project_id}\", retrying in {timeout}s") + await asyncio.sleep(timeout) + return await self.get_enabled_services(project_id, attempt + 1) + else: + print_warning(f"Could not fetch the state of services for project \"{project_id}\", " + f"exiting before hitting maximum recursion") + return {} else: return self.projects_services[project_id] @@ -206,15 +214,14 @@ async def is_api_enabled(self, project_id, service): f"for project \"{project_id}\" (unknown endpoint), including it in the execution") return True - services = await self.get_services(project_id) - for s in services: + for s in await self.get_enabled_services(project_id): if endpoint in s.get('name'): - if s.get('state') == 'ENABLED': - return True - else: - print_info(f'{format_service_name(service.lower())} API not enabled for ' - f'project \"{project_id}\", skipping') - return False + return True + else: + print_info(f'{format_service_name(service.lower())} API not enabled for ' + f'project \"{project_id}\", skipping') + return False + # s not in services print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " f"for project \"{project_id}\" (state not found), including it in the execution") return True From c907cfe5b6098b34479ccafc3a33c001a41d8209 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 7 Apr 2022 10:27:09 +0200 Subject: [PATCH 785/979] Better handling of recursion --- ScoutSuite/providers/gcp/facade/base.py | 40 +++++++++++++++---------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 8ab22d2d8..1bf8e8b11 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -161,7 +161,7 @@ async def get_enabled_services(self, project_id, attempt=1, has_lock=False): except Exception as e: # hit quota, wait and retry if ('API_SHARED_QUOTA_EXHAUSTED' in str(e) or 'RATE_LIMIT_EXCEEDED' in str(e)) and attempt <= 10: - print_warning(f"Service Usage quotas exceeded for project \"{project_id}\":, retrying in {timeout}s") + print_warning(f"Service Usage quotas exceeded for project \"{project_id}\", retrying in {timeout}s") await asyncio.sleep(timeout) return await self.get_enabled_services(project_id, attempt + 1, has_lock=True) # unknown error @@ -171,9 +171,13 @@ async def get_enabled_services(self, project_id, attempt=1, has_lock=False): return {} # locked, wait and retry else: - if attempt <= 100: # need to set a limit to ensure we don't hit recursion limits - print_debug(f"Lock already acquired for get_services() on project \"{project_id}\", retrying in {timeout}s") - await asyncio.sleep(timeout) + if attempt <= 10: # need to set a limit to ensure we don't hit recursion limits + if attempt != 1: + print_debug(f"Lock already acquired for get_services() on project \"{project_id}\", retrying in {timeout}s") + await asyncio.sleep(timeout) + # set a lower threshold for the first attempt so that execution runs faster when there aren't any issues + else: + await asyncio.sleep(10) return await self.get_enabled_services(project_id, attempt + 1) else: print_warning(f"Could not fetch the state of services for project \"{project_id}\", " @@ -214,14 +218,20 @@ async def is_api_enabled(self, project_id, service): f"for project \"{project_id}\" (unknown endpoint), including it in the execution") return True - for s in await self.get_enabled_services(project_id): - if endpoint in s.get('name'): - return True - else: - print_info(f'{format_service_name(service.lower())} API not enabled for ' - f'project \"{project_id}\", skipping') - return False - # s not in services - print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " - f"for project \"{project_id}\" (state not found), including it in the execution") - return True + try: + enabled_services = await self.get_enabled_services(project_id) + for s in enabled_services: + if endpoint in s.get('name'): + return True + else: + print_info(f'{format_service_name(service.lower())} API not enabled for ' + f'project \"{project_id}\", skipping') + return False + # s not in services + print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " + f"for project \"{project_id}\" (state not found), including it in the execution") + return True + except Exception as e: + print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " + f"for project \"{project_id}\": \"{e}\", including it in the execution") + return True From bbe5b19057e878bd76129fb6dc5f1255fd0882b7 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 7 Apr 2022 10:49:05 +0200 Subject: [PATCH 786/979] Better error handling --- ScoutSuite/providers/aws/facade/dynamodb.py | 23 +++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/dynamodb.py b/ScoutSuite/providers/aws/facade/dynamodb.py index f4166d5a8..459cad81e 100644 --- a/ScoutSuite/providers/aws/facade/dynamodb.py +++ b/ScoutSuite/providers/aws/facade/dynamodb.py @@ -1,4 +1,4 @@ -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.aws.facade.base import AWSBaseFacade from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently, map_concurrently @@ -22,8 +22,10 @@ async def _get_table(self, table_name: str, region: str): try: table = await run_concurrently(lambda: client.describe_table(TableName=table_name)['Table']) except Exception as e: - print_exception('Failed to get DynamoDB table: {}'.format(e)) - raise + if 'ResourceNotFoundException' in str(e): + print_warning('Failed to get DynamoDB table: {}'.format(e)) + else: + print_exception('Failed to get DynamoDB table: {}'.format(e)) else: await get_and_set_concurrently( [self._get_and_set_backup, self._get_and_set_continuous_backups, self._get_and_set_tags], @@ -39,7 +41,10 @@ async def _get_and_set_backup(self, table: {}, region: str): summaries = await run_concurrently(lambda: client.list_backups(TableName=table['TableName'])) table['BackupSummaries'] = summaries.get('BackupSummaries') except Exception as e: - print_exception('Failed to list DynamoDB table backups: {}'.format(e)) + if 'ResourceNotFoundException' in str(e): + print_warning('Failed to list DynamoDB table backups: {}'.format(e)) + else: + print_exception('Failed to list DynamoDB table backups: {}'.format(e)) async def _get_and_set_continuous_backups(self, table: {}, region: str): client = AWSFacadeUtils.get_client('dynamodb', self.session, region) @@ -49,7 +54,10 @@ async def _get_and_set_continuous_backups(self, table: {}, region: str): lambda: client.describe_continuous_backups(TableName=table['TableName'])) table['ContinuousBackups'] = description.get('ContinuousBackupsDescription') except Exception as e: - print_exception('Failed to describe DynamoDB table continuous backups: {}'.format(e)) + if 'ResourceNotFoundException' in str(e): + print_warning('Failed to describe DynamoDB table continuous backups: {}'.format(e)) + else: + print_exception('Failed to describe DynamoDB table continuous backups: {}'.format(e)) async def _get_and_set_tags(self, table: {}, region: str): client = AWSFacadeUtils.get_client('dynamodb', self.session, region) @@ -59,5 +67,8 @@ async def _get_and_set_tags(self, table: {}, region: str): lambda: client.list_tags_of_resource(ResourceArn=table['TableArn'])) table['tags'] = tags.get('Tags') except Exception as e: - print_exception('Failed to describe DynamoDB table tags: {}'.format(e)) + if 'ResourceNotFoundException' in str(e): + print_warning('Failed to describe DynamoDB table tags: {}'.format(e)) + else: + print_exception('Failed to describe DynamoDB table tags: {}'.format(e)) From aec4899d0a21e263a9486da78b7da9bb19dbee9f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 7 Apr 2022 10:56:49 +0200 Subject: [PATCH 787/979] Better evaluation --- ScoutSuite/providers/gcp/facade/base.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 1bf8e8b11..a80da19c0 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -222,15 +222,12 @@ async def is_api_enabled(self, project_id, service): enabled_services = await self.get_enabled_services(project_id) for s in enabled_services: if endpoint in s.get('name'): + print_debug(f'{format_service_name(service.lower())} API enabled for ' + f'project \"{project_id}\", including') return True - else: - print_info(f'{format_service_name(service.lower())} API not enabled for ' - f'project \"{project_id}\", skipping') - return False - # s not in services - print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " - f"for project \"{project_id}\" (state not found), including it in the execution") - return True + print_info(f'{format_service_name(service.lower())} API not enabled for ' + f'project \"{project_id}\", skipping') + return False except Exception as e: print_warning(f"Could not validate the state of the {format_service_name(service.lower())} API " f"for project \"{project_id}\": \"{e}\", including it in the execution") From d72b26e20899c16991b696d91047de3e4b089253 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 7 Apr 2022 11:48:32 +0200 Subject: [PATCH 788/979] Better error logging --- ScoutSuite/providers/gcp/facade/gce.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index ed220176d..524f04be5 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -1,4 +1,4 @@ -from ScoutSuite.core.console import print_exception +from ScoutSuite.core.console import print_exception, print_warning from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.providers.utils import run_concurrently @@ -100,7 +100,10 @@ async def get_subnetwork(self, project_id, region, subnetwork_id): subnetwork=subnetwork_id).execute() ) except Exception as e: - print_exception(f'Failed to retrieve subnetwork: {e}') + if 'was not found' in str(e): + print_warning(f'Failed to retrieve subnetwork: {e}') + else: + print_exception(f'Failed to retrieve subnetwork: {e}') return None async def get_subnetworks(self, project_id, region): From f8ad45da2919c34afba7f727954e766d8648eaf0 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 10:16:38 +0200 Subject: [PATCH 789/979] Fix rule --- .../findings/cloudsql-allows-root-login-from-any-host.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json index bce12b294..3bd45d8b2 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-allows-root-login-from-any-host.json @@ -21,6 +21,11 @@ "match", "MYSQL.*" ], + [ + "cloudsql.projects.id.instances.id.", + "withKey", + "users" + ], [ "cloudsql.projects.id.instances.id.users", "withKey", From 97870f9383f8c3cadc7cacb5f26169f67b5e2154 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 10:16:47 +0200 Subject: [PATCH 790/979] Improve parsing --- .../providers/gcp/resources/cloudsql/database_instances.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 43546f6ee..bc048d971 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -33,7 +33,7 @@ def _parse_instance(self, raw_instance): instance_dict['id'] = get_non_provider_id(raw_instance['name']) instance_dict['name'] = raw_instance['name'] instance_dict['project_id'] = raw_instance['project'] - instance_dict['automatic_backup_enabled'] = raw_instance['settings']['backupConfiguration']['enabled'] + instance_dict['automatic_backup_enabled'] = raw_instance['settings'].get('backupConfiguration', {}).get('enabled') instance_dict['database_version'] = raw_instance['databaseVersion'] instance_dict['log_enabled'] = self._is_log_enabled(raw_instance) instance_dict['ssl_required'] = self._is_ssl_required(raw_instance) @@ -91,7 +91,7 @@ def _parse_instance(self, raw_instance): return instance_dict['id'], instance_dict def _is_log_enabled(self, raw_instance): - return raw_instance['settings']['backupConfiguration'].get('binaryLogEnabled') + return raw_instance['settings'].get('backupConfiguration', {}).get('binaryLogEnabled') def _is_ssl_required(self, raw_instance): return raw_instance['settings']['ipConfiguration'].get('requireSsl', False) From 66ed44af62dcf88808db7ed73bcc9696924fca57 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 10:22:12 +0200 Subject: [PATCH 791/979] Improve parsing --- .../gcp/resources/cloudsql/database_instances.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index bc048d971..3875502eb 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -37,7 +37,7 @@ def _parse_instance(self, raw_instance): instance_dict['database_version'] = raw_instance['databaseVersion'] instance_dict['log_enabled'] = self._is_log_enabled(raw_instance) instance_dict['ssl_required'] = self._is_ssl_required(raw_instance) - instance_dict['authorized_networks'] = raw_instance['settings']['ipConfiguration']['authorizedNetworks'] + instance_dict['authorized_networks'] = raw_instance['settings'].get('ipConfiguration', {}).get('authorizedNetworks') if raw_instance['settings'].get('databaseFlags', None): instance_dict['local_infile_off'] = self._mysql_local_infile_flag_off(raw_instance) @@ -94,7 +94,7 @@ def _is_log_enabled(self, raw_instance): return raw_instance['settings'].get('backupConfiguration', {}).get('binaryLogEnabled') def _is_ssl_required(self, raw_instance): - return raw_instance['settings']['ipConfiguration'].get('requireSsl', False) + return raw_instance['settings'].get('ipConfiguration', {}).get('requireSsl', False) def _set_last_backup_timestamps(self, instances): for instance_id, _ in instances: @@ -110,7 +110,7 @@ def _get_last_backup_timestamp(self, backups): def _mysql_local_infile_flag_off(self, raw_instance): if 'MYSQL' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == 'local_infile' and flag['value'] == 'on': return False return True @@ -122,7 +122,7 @@ def _check_database_type(self, raw_instance): def _postgres_flags_on(self, raw_instance, flag_name: str): if 'POSTGRES' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == flag_name and flag['value'] != 'off': return True return False @@ -131,7 +131,7 @@ def _postgres_flags_on(self, raw_instance, flag_name: str): def _postgres_log_min_error_statement_flags(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == 'log_min_error_statement' and flag['value'] is not None: return True return False @@ -140,7 +140,7 @@ def _postgres_log_min_error_statement_flags(self, raw_instance): def _postgres_log_temp_files_flags_0(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == 'log_temp_files' and flag['value'] == 0: return True return False @@ -149,7 +149,7 @@ def _postgres_log_temp_files_flags_0(self, raw_instance): def _postgres_log_min_duration_statement_flags_1(self, raw_instance): if 'POSTGRES' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == 'log_min_duration_statement' and flag['value'] == -1: return True return False @@ -158,7 +158,7 @@ def _postgres_log_min_duration_statement_flags_1(self, raw_instance): def _sqlservers_cross_db_ownership_chaining_flag_off(self, raw_instance, flag_name: str): if 'SQLSERVER' in raw_instance['databaseVersion']: - for flag in raw_instance['settings']['databaseFlags']: + for flag in raw_instance['settings'].get('databaseFlags', []): if flag['name'] == flag_name and flag['value'] == 'off': return True return False From aebcac3a80a2051c3017180d21499da98f5eb838 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 10:22:21 +0200 Subject: [PATCH 792/979] Handle on-prem instances --- ScoutSuite/providers/gcp/facade/cloudsql.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/cloudsql.py b/ScoutSuite/providers/gcp/facade/cloudsql.py index 8b66e214a..2ca7c08f8 100755 --- a/ScoutSuite/providers/gcp/facade/cloudsql.py +++ b/ScoutSuite/providers/gcp/facade/cloudsql.py @@ -35,6 +35,8 @@ async def get_users(self, project_id: str, instance_name: str): ) return response.get('items', []) except Exception as e: + if 'The requested operation is not valid for an on-premises instance.' in str(e): + return [] if 'Invalid request since instance is not running' not in str(e): print_exception(f'Failed to retrieve database instance users: {e}') return [] From 31b20306f683f62cfc95da838499fbdb9cddaed8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 10:26:35 +0200 Subject: [PATCH 793/979] Improve parsing --- .../providers/gcp/resources/cloudsql/database_instances.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py index 3875502eb..18ab21135 100755 --- a/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py +++ b/ScoutSuite/providers/gcp/resources/cloudsql/database_instances.py @@ -37,7 +37,7 @@ def _parse_instance(self, raw_instance): instance_dict['database_version'] = raw_instance['databaseVersion'] instance_dict['log_enabled'] = self._is_log_enabled(raw_instance) instance_dict['ssl_required'] = self._is_ssl_required(raw_instance) - instance_dict['authorized_networks'] = raw_instance['settings'].get('ipConfiguration', {}).get('authorizedNetworks') + instance_dict['authorized_networks'] = raw_instance['settings'].get('ipConfiguration', {}).get('authorizedNetworks', []) if raw_instance['settings'].get('databaseFlags', None): instance_dict['local_infile_off'] = self._mysql_local_infile_flag_off(raw_instance) From 027630e56dee2315f103aff2907aeca911bc62de Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 8 Apr 2022 11:09:22 +0200 Subject: [PATCH 794/979] Better error logging --- ScoutSuite/providers/gcp/facade/gce.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index 524f04be5..94d94d87b 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -113,7 +113,10 @@ async def get_subnetworks(self, project_id, region): subnetworks_group = gce_client.subnetworks() return await GCPFacadeUtils.get_all('items', request, subnetworks_group) except Exception as e: - print_exception(f'Failed to retrieve subnetworks: {e}') + if 'was not found' in str(e): + print_warning(f'Failed to retrieve subnetworks: {e}') + else: + print_exception(f'Failed to retrieve subnetworks: {e}') return [] async def get_zones(self, project_id): From 769eba45a94ea4855a5cde5e7c7e7cab5c778e5d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 22 Apr 2022 18:30:46 +0200 Subject: [PATCH 795/979] Update ranges --- ScoutSuite/data/aws/ip-ranges/aws.json | 4694 ++++++++++++++++++++---- 1 file changed, 4054 insertions(+), 640 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index 334aa023e..b60d8c55b 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,6 +1,6 @@ { - "syncToken": "1638337994", - "createDate": "2021-12-01-05-53-14", + "syncToken": "1650565401", + "createDate": "2022-04-21-18-23-21", "prefixes": [ { "ip_prefix": "3.5.140.0/22", @@ -14,6 +14,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "13.34.65.64/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "13.34.66.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", @@ -182,6 +194,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.64.32/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.181.232.0/21", "region": "us-east-1", @@ -224,6 +242,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "142.4.160.136/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "150.222.230.102/31", "region": "eu-central-1", @@ -254,6 +278,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.64.96/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "13.248.56.0/22", "region": "ap-east-1", @@ -362,12 +392,6 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "52.93.192.92/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.144.227.192/26", "region": "ap-northeast-2", @@ -380,6 +404,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.222.88.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "64.252.81.0/24", "region": "sa-east-1", @@ -506,6 +536,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.196.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.220.216.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-2" + }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "43.224.76.152/30", "region": "us-east-1", @@ -560,6 +608,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.197.34.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.205.0.0/16", "region": "us-gov-west-1", @@ -573,10 +627,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.2/32", - "region": "eu-central-1", + "ip_prefix": "16.12.6.0/23", + "region": "ap-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-east-1" }, { "ip_prefix": "52.46.190.68/30", @@ -704,6 +758,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.219.204.0/22", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "99.78.152.0/22", "region": "af-south-1", @@ -740,12 +800,6 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-6" }, - { - "ip_prefix": "13.34.53.192/27", - "region": "ap-southeast-2", - "service": "AMAZON", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "13.34.60.128/27", "region": "us-east-1", @@ -854,6 +908,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.248.72.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.196/31", "region": "us-east-2", @@ -866,6 +926,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "43.224.76.76/30", "region": "us-east-1", @@ -956,12 +1028,6 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "15.230.131.144/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "18.200.0.0/16", "region": "eu-west-1", @@ -1016,12 +1082,6 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "150.222.243.19/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.15.32/27", "region": "ap-northeast-1", @@ -1058,6 +1118,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.212.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "43.224.76.32/30", "region": "us-west-2", @@ -1244,6 +1310,12 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "15.220.207.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "15.230.39.206/31", "region": "us-east-2", @@ -1256,6 +1328,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.102.0.0/16", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.46.190.144/30", "region": "eu-west-2", @@ -1322,12 +1400,6 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "150.222.240.245/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.23.0/27", "region": "us-east-2", @@ -1694,6 +1766,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.19.64/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.22.160/27", "region": "us-east-2", @@ -1718,12 +1796,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.218.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.192.0.0/15", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.114.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.46.191.68/31", "region": "us-east-1", @@ -1808,6 +1898,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.67.224/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.100.0/24", "region": "eu-north-1", @@ -1826,6 +1922,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.160.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.46.190.204/31", "region": "us-west-2", @@ -1856,6 +1958,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.71.30/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.120.178/32", "region": "us-west-1", @@ -1886,6 +1994,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "69.107.7.136/29", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "107.20.0.0/14", "region": "us-east-1", @@ -1916,6 +2030,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.7.0/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.13.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.36.0/22", "region": "ap-southeast-1", @@ -1940,6 +2066,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.115.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.93.178.161/32", "region": "us-west-1", @@ -1994,6 +2126,12 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.5.46/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.39.192/27", "region": "eu-central-2", @@ -2018,6 +2156,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.251.0.27/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "43.224.79.194/31", "region": "us-east-1", @@ -2036,12 +2180,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.193.99/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.12.0/24", "region": "us-west-1", @@ -2126,12 +2264,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, - { - "ip_prefix": "150.222.0.19/32", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "150.222.28.108/31", "region": "sa-east-1", @@ -2168,12 +2300,6 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, - { - "ip_prefix": "15.230.131.32/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "43.224.76.188/30", "region": "us-east-1", @@ -2336,6 +2462,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "150.222.230.130/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.29.128/27", "region": "us-east-1", @@ -2384,12 +2516,6 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, - { - "ip_prefix": "150.222.243.9/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "161.188.148.0/23", "region": "us-west-2", @@ -2408,6 +2534,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.11.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.20.64/27", "region": "me-south-1", @@ -2420,6 +2552,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.67.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.113.0/24", "region": "eu-west-1", @@ -2528,6 +2666,24 @@ "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ip_prefix": "13.34.65.0/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "13.34.68.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "43.224.77.28/30", "region": "us-east-1", @@ -2690,6 +2846,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "43.224.76.184/30", "region": "us-east-1", @@ -2828,6 +2990,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "13.248.110.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "15.197.32.0/23", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.39.40/31", "region": "us-east-2", @@ -2894,18 +3068,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "150.222.243.177/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, - { - "ip_prefix": "150.222.244.37/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.234/31", "region": "us-east-1", @@ -3068,12 +3230,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, - { - "ip_prefix": "15.230.131.10/31", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "15.230.135.0/24", "region": "us-east-2", @@ -3116,6 +3272,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.27/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.8.0/24", "region": "ap-northeast-1", @@ -3218,6 +3380,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "43.249.47.0/24", "region": "ap-east-1", @@ -3267,16 +3441,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "13.34.49.224/27", - "region": "eu-west-1", + "ip_prefix": "13.34.5.14/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-west-1" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "15.230.131.166/31", - "region": "eu-central-1", + "ip_prefix": "13.34.49.224/27", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-1" }, { "ip_prefix": "52.46.191.24/31", @@ -3375,10 +3549,10 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "52.93.192.96/32", - "region": "us-east-1", + "ip_prefix": "52.94.152.182/32", + "region": "ap-southeast-2", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-southeast-2" }, { "ip_prefix": "54.252.0.0/16", @@ -3434,6 +3608,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "43.224.79.208/31", "region": "us-west-2", @@ -3699,13 +3885,13 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "15.230.131.15/32", - "region": "eu-central-1", + "ip_prefix": "15.230.189.128/25", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-2" }, { - "ip_prefix": "15.230.189.128/25", + "ip_prefix": "16.12.15.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" @@ -3818,18 +4004,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, - { - "ip_prefix": "150.222.243.43/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, - { - "ip_prefix": "150.222.244.35/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.28.160/27", "region": "us-west-2", @@ -3854,6 +4028,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "35.176.0.0/15", "region": "eu-west-2", @@ -3866,12 +4046,6 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, - { - "ip_prefix": "52.93.192.91/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.193.195/32", "region": "ca-central-1", @@ -3908,6 +4082,18 @@ "service": "AMAZON", "network_border_group": "us-east-1-phl-1" }, + { + "ip_prefix": "3.4.7.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.5.80/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.43.160/27", "region": "us-east-2", @@ -3938,6 +4124,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.230.19.248/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.79.64/26", "region": "ca-central-1", @@ -3945,10 +4137,10 @@ "network_border_group": "ca-central-1" }, { - "ip_prefix": "15.230.131.3/32", - "region": "eu-central-1", + "ip_prefix": "16.12.10.0/23", + "region": "eu-north-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-north-1" }, { "ip_prefix": "52.219.148.0/23", @@ -3992,12 +4184,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ip_prefix": "13.34.53.160/27", - "region": "ap-southeast-2", - "service": "AMAZON", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "13.34.57.0/27", "region": "us-west-2", @@ -4046,12 +4232,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.193.89/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.255.32/28", "region": "ap-southeast-1", @@ -4124,12 +4304,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "15.230.131.64/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "18.216.0.0/14", "region": "us-east-2", @@ -4232,12 +4406,6 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, - { - "ip_prefix": "15.230.131.112/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "15.230.184.0/24", "region": "us-east-1", @@ -4454,6 +4622,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.144.230.204/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.219.195.0/24", "region": "ap-northeast-1", @@ -4700,6 +4874,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "13.34.12.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.46.192/27", "region": "ap-northeast-1", @@ -4784,6 +4964,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.13.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.34.21.96/27", "region": "us-west-1", @@ -4792,9 +4978,9 @@ }, { "ip_prefix": "15.168.0.0/16", - "region": "eu-south-1", + "region": "ap-northeast-3", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "ap-northeast-3" }, { "ip_prefix": "15.230.14.252/31", @@ -4982,6 +5168,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.21.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.24.64/27", "region": "ap-south-2", @@ -5006,6 +5198,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "16.12.16.0/23", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.230.0.0/16", "region": "sa-east-1", @@ -5108,12 +5306,6 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, - { - "ip_prefix": "52.93.192.90/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.152.63/32", "region": "us-east-2", @@ -5174,6 +5366,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.63.0/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.230.39.158/31", "region": "us-east-2", @@ -5252,6 +5450,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.7.32/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.133.26/31", "region": "ap-southeast-1", @@ -5300,6 +5504,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "13.34.10.128/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.197.0/24", "region": "sa-east-1", @@ -5384,6 +5594,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "15.220.232.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -5469,10 +5685,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.12/31", - "region": "eu-central-1", + "ip_prefix": "15.251.0.28/32", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "il-central-1" }, { "ip_prefix": "18.184.0.0/15", @@ -5534,6 +5750,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.13.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.12/31", "region": "us-east-2", @@ -5588,12 +5810,6 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, - { - "ip_prefix": "52.93.193.88/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.152.11/32", "region": "us-east-1", @@ -5613,10 +5829,10 @@ "network_border_group": "eu-north-1" }, { - "ip_prefix": "150.222.243.53/32", - "region": "eu-south-1", + "ip_prefix": "150.222.232.116/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "223.71.71.128/25", @@ -5654,12 +5870,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "15.230.131.14/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "35.71.96.0/24", "region": "ap-southeast-3", @@ -5804,6 +6014,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.5.110/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.224.0.0/14", "region": "GLOBAL", @@ -5816,6 +6032,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.32.184/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.93.50.176/31", "region": "us-east-1", @@ -5954,12 +6176,24 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.63.32/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.230.39.18/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.204.2/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.196.0.0/15", "region": "cn-north-1", @@ -6002,12 +6236,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.193.98/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "104.255.59.134/32", "region": "ap-southeast-4", @@ -6026,6 +6254,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.22.96/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.31.192/27", "region": "us-east-1", @@ -6068,6 +6302,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "43.224.77.176/30", "region": "eu-west-2", @@ -6176,6 +6416,18 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.66.128/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "13.34.68.32/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.50.0.0/16", "region": "eu-north-1", @@ -6272,6 +6524,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.63.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.65.160/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.158.0.0/16", "region": "GLOBAL", @@ -6284,6 +6548,18 @@ "service": "AMAZON", "network_border_group": "us-east-1-chi-1" }, + { + "ip_prefix": "15.220.202.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "15.230.19.12/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.133.16/32", "region": "ap-southeast-1", @@ -6332,6 +6608,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "142.4.160.128/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "150.222.3.236/31", "region": "ap-southeast-1", @@ -6380,12 +6662,6 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, - { - "ip_prefix": "52.93.192.89/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.240.150/31", "region": "us-west-2", @@ -6416,11 +6692,17 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.83.120.0/22", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "142.4.160.64/29", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "3.24.0.0/14", @@ -6434,12 +6716,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.68.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.197.18.0/23", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.230.219.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.46.190.202/31", "region": "us-west-2", @@ -6524,6 +6818,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "43.224.79.38/31", "region": "us-west-2", @@ -6536,6 +6836,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.177/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "64.252.103.0/24", "region": "ap-southeast-1", @@ -6566,12 +6872,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.240.135/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "3.116.0.0/14", "region": "ap-northeast-1", @@ -6614,12 +6914,30 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.230.208.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.144.0.0/15", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "18.238.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "18.244.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.46.188.36/30", "region": "us-east-1", @@ -6662,6 +6980,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.144.0/23", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.95.157.0/24", "region": "ap-northeast-3", @@ -6776,6 +7100,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "142.4.160.120/29", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "150.222.3.200/31", "region": "ap-southeast-1", @@ -6956,12 +7286,6 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, - { - "ip_prefix": "52.93.193.91/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.230.0/24", "region": "us-west-2", @@ -7088,6 +7412,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.217.250/31", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.34.31.160/27", "region": "sa-east-1", @@ -7100,6 +7430,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.64.64/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.177.89.0/24", "region": "eu-west-1", @@ -7113,10 +7449,10 @@ "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "15.230.131.160/31", - "region": "eu-central-1", + "ip_prefix": "15.230.14.17/32", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "18.156.0.0/14", @@ -7148,6 +7484,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.82.170.0/24", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.126.244/32", "region": "ap-south-1", @@ -7304,6 +7646,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-pilot-3" }, + { + "ip_prefix": "13.34.16.128/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "13.34.60.160/27", "region": "us-east-1", @@ -7316,6 +7664,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.220.208.128/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1b" + }, { "ip_prefix": "15.230.39.122/31", "region": "us-east-2", @@ -7328,6 +7682,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.210.0/23", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "16.12.2.0/24", "region": "sa-east-1", @@ -7425,10 +7785,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.1/32", - "region": "eu-central-1", + "ip_prefix": "15.230.215.0/24", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" }, { "ip_prefix": "35.80.0.0/12", @@ -7502,6 +7868,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.66.160/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.118/31", "region": "us-east-2", @@ -7622,6 +7994,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.64.192/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "15.220.200.0/23", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-las-1b" + }, { "ip_prefix": "15.230.39.46/31", "region": "us-east-2", @@ -7724,6 +8108,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.16.96/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.50.0/27", "region": "GLOBAL", @@ -7742,12 +8132,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "15.230.131.5/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "52.46.189.200/30", "region": "us-east-1", @@ -7760,12 +8144,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.193.92/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.144.224.64/26", "region": "ap-southeast-2", @@ -7808,6 +8186,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.64.0/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.230.75.192/26", "region": "ap-northeast-3", @@ -7820,6 +8204,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.46.191.128/31", "region": "us-east-1", @@ -7922,6 +8312,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", @@ -8000,6 +8396,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.221.32.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.126/31", "region": "us-east-2", @@ -8102,6 +8504,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.220.228.0/22", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "15.230.64.192/26", "region": "eu-central-1", @@ -8162,6 +8570,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.67.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.39.140/31", "region": "us-east-2", @@ -8234,6 +8648,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "52.144.230.206/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "52.219.210.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "54.199.0.0/16", "region": "ap-northeast-1", @@ -8252,6 +8678,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.16.160/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.230.39.50/31", "region": "us-east-2", @@ -8270,12 +8702,6 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, - { - "ip_prefix": "15.230.149.2/31", - "region": "ap-southeast-2", - "service": "AMAZON", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "18.142.0.0/15", "region": "ap-southeast-1", @@ -8360,12 +8786,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.65.128/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.39.32/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.214.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "34.224.0.0/12", "region": "us-east-1", @@ -8450,6 +8894,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.182.128/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.148.0/23", "region": "eu-west-2", @@ -8672,12 +9122,30 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.63.224/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "13.34.66.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.153.0/24", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.46.189.40/30", "region": "us-east-1", @@ -8882,6 +9350,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.19.96/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.35.32/27", "region": "me-central-1", @@ -8924,6 +9398,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.93.71.29/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.139/32", "region": "eu-central-1", @@ -8972,6 +9452,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "104.255.59.123/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.244/31", "region": "ap-southeast-1", @@ -9050,6 +9536,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "104.255.59.126/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.5.45/32", "region": "eu-central-1", @@ -9062,6 +9554,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.63.96/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "43.224.76.84/30", "region": "us-west-2", @@ -9128,6 +9626,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.5.111/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.44.64/27", "region": "ap-southeast-1", @@ -9170,12 +9674,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "52.93.192.94/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.240.152/31", "region": "us-west-2", @@ -9225,10 +9723,10 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.131.0/32", - "region": "eu-central-1", + "ip_prefix": "13.34.66.192/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "15.251.0.3/32", @@ -9296,12 +9794,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "150.222.240.207/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.33.96/27", "region": "eu-central-1", @@ -9404,6 +9896,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.164.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.93.126.137/32", "region": "ap-southeast-2", @@ -9446,6 +9944,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "43.224.79.158/31", "region": "us-east-1", @@ -9500,18 +10004,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "15.230.131.96/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "15.230.174.0/24", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.251.0.20/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.46.189.168/30", "region": "us-east-1", @@ -9614,6 +10124,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.71.31/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.153.169/32", "region": "eu-west-2", @@ -9692,6 +10208,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "15.220.227.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-2" + }, { "ip_prefix": "15.230.4.162/31", "region": "ap-southeast-1", @@ -9716,6 +10238,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.126.131/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.93.240.204/31", "region": "us-west-2", @@ -9752,12 +10280,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, - { - "ip_prefix": "150.222.243.47/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "15.177.73.0/24", "region": "ap-south-1", @@ -9824,12 +10346,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.242.99/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "150.222.252.244/31", "region": "us-west-1", @@ -9849,16 +10365,16 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "15.230.39.0/31", - "region": "us-east-2", + "ip_prefix": "13.34.5.113/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "eu-central-1" }, { - "ip_prefix": "15.230.131.7/32", - "region": "eu-central-1", + "ip_prefix": "15.230.39.0/31", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "us-east-2" }, { "ip_prefix": "15.230.134.0/24", @@ -9872,6 +10388,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.249.44.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.46.189.8/30", "region": "us-west-2", @@ -9902,6 +10424,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "52.94.152.180/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.94.248.32/28", "region": "ap-southeast-1", @@ -10004,12 +10532,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.0.16/32", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "13.34.43.0/27", "region": "ap-south-1", @@ -10220,6 +10742,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.5.49/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.42.96/27", "region": "us-east-1", @@ -10580,6 +11108,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.14.160/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.34.96/27", "region": "ap-south-2", @@ -10646,6 +11180,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "104.255.59.124/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.139.124/30", "region": "eu-central-1", @@ -10748,12 +11288,6 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, - { - "ip_prefix": "15.230.131.164/31", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "43.224.79.32/31", "region": "us-east-1", @@ -10850,6 +11384,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.167.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "18.168.0.0/14", "region": "eu-west-2", @@ -10899,13 +11439,13 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.243.15/32", - "region": "eu-south-1", + "ip_prefix": "13.34.31.32/27", + "region": "us-east-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-east-1" }, { - "ip_prefix": "13.34.31.32/27", + "ip_prefix": "13.34.63.160/27", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" @@ -10928,6 +11468,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.64.64/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.231.0.0/16", "region": "sa-east-1", @@ -11054,6 +11600,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "18.172.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.189.0.0/16", "region": "us-east-2", @@ -11114,6 +11666,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "69.107.7.128/29", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "99.77.184.0/24", "region": "us-gov-west-1", @@ -11138,6 +11696,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.12.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.230.170.0/23", "region": "eu-central-2", @@ -11222,6 +11786,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.201.0.0/16", "region": "eu-west-1", @@ -11415,10 +11985,10 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "150.222.243.17/32", - "region": "eu-south-1", + "ip_prefix": "13.34.65.192/27", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "il-central-1" }, { "ip_prefix": "43.224.76.140/30", @@ -11612,12 +12182,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ip_prefix": "15.230.131.4/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "18.220.0.0/14", "region": "us-east-2", @@ -11678,6 +12242,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.65.96/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.152.0.0/16", "region": "ap-northeast-3", @@ -11688,7 +12258,7 @@ "ip_prefix": "15.220.226.0/24", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "15.230.76.192/26", @@ -11816,6 +12386,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.239.1.240/28", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "68.79.0.0/18", "region": "cn-northwest-1", @@ -11894,12 +12470,6 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, - { - "ip_prefix": "52.93.193.95/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.152.62/32", "region": "us-east-2", @@ -11948,6 +12518,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.230.208/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.152.0.0/16", "region": "us-east-1", @@ -11990,12 +12566,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.71.37/32", - "region": "eu-west-1", - "service": "AMAZON", - "network_border_group": "eu-west-1" - }, { "ip_prefix": "52.93.126.234/32", "region": "sa-east-1", @@ -12110,6 +12680,18 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "15.230.217.0/24", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "16.12.8.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "16.170.0.0/15", "region": "eu-north-1", @@ -12182,6 +12764,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.5.48/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.48.128/27", "region": "eu-west-1", @@ -12194,6 +12782,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.204.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.66.128/25", "region": "us-east-1", @@ -12218,6 +12812,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.71.28/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.123.11/32", "region": "us-west-1", @@ -12248,6 +12848,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.230.51/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.234.130/31", "region": "us-west-1", @@ -12290,6 +12896,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "18.154.0.0/15", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "52.46.188.248/30", "region": "us-east-1", @@ -12416,6 +13028,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "43.195.0.0/16", "region": "cn-north-1", @@ -12578,6 +13196,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.5.15/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.16.0/21", "region": "ap-northeast-3", @@ -12668,6 +13292,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.5.47/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.216/31", "region": "us-east-2", @@ -12686,6 +13316,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.68.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.8.0.0/16", "region": "us-west-1", @@ -12794,6 +13430,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.251.0.25/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "43.224.77.132/30", "region": "us-east-1", @@ -12956,6 +13598,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.220.233.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "15.230.39.114/31", "region": "us-east-2", @@ -13098,7 +13746,7 @@ "ip_prefix": "15.181.64.0/20", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "15.230.67.192/26", @@ -13112,6 +13760,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.251.0.29/32", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.93.153.175/32", "region": "eu-west-2", @@ -13124,6 +13778,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.219.202.0/23", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "54.239.4.0/22", "region": "eu-central-1", @@ -13142,18 +13802,36 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "104.255.59.127/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "150.222.3.183/32", "region": "ap-southeast-1", "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.5.78/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.39.222/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.16.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "43.224.76.80/30", "region": "us-east-1", @@ -13190,6 +13868,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.222.89.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "150.222.129.242/31", "region": "eu-central-1", @@ -13208,12 +13892,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.64.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.230.204.3/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "50.18.0.0/16", "region": "us-west-1", @@ -13250,12 +13946,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "52.93.192.88/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "150.222.3.202/31", "region": "ap-southeast-1", @@ -13280,6 +13970,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.16.224/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.64.224/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.16.18/31", "region": "us-west-1", @@ -13292,6 +13994,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.204.0/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.188.216/30", "region": "us-west-2", @@ -13376,6 +14084,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "43.224.77.188/30", "region": "eu-west-2", @@ -13406,6 +14120,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.183/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.255.96/28", "region": "us-west-1", @@ -13442,12 +14162,6 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, - { - "ip_prefix": "150.222.240.249/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.60.0/27", "region": "us-east-1", @@ -13604,11 +14318,17 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.68.64/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.181.248.0/24", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "15.230.39.22/31", @@ -13628,6 +14348,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.251.0.21/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.29.0.0/16", "region": "eu-central-1", @@ -13742,6 +14474,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "16.12.9.0/24", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.180.0.0/15", "region": "ap-northeast-1", @@ -14162,6 +14900,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "36.103.232.128/26", "region": "GLOBAL", @@ -14234,12 +14978,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.240.161/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "3.3.5.0/24", "region": "us-east-1", @@ -14252,6 +14990,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.14.20/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.34.57/32", "region": "us-west-1", @@ -14282,6 +15026,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "71.137.8.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.77.139.0/24", "region": "ap-northeast-1", @@ -14330,6 +15080,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.63.64/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.193.4.0/24", "region": "eu-central-1", @@ -14348,6 +15104,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "43.224.76.36/30", "region": "us-west-2", @@ -14366,12 +15128,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.192.93/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.240.158/31", "region": "us-west-2", @@ -14402,6 +15158,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.118/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -14414,6 +15176,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "13.34.5.81/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.5.160/27", "region": "eu-west-1", @@ -14426,6 +15194,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.67.192/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.72.0/24", "region": "eu-north-1", @@ -14468,6 +15242,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.32/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.93.127.125/32", "region": "us-east-1", @@ -14612,12 +15392,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "150.222.240.251/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.19.224/27", "region": "eu-west-1", @@ -14630,6 +15404,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.67.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.181.192.0/19", "region": "us-east-1", @@ -14660,12 +15440,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.193.93/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.240.162/31", "region": "us-west-2", @@ -14756,6 +15530,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.204.1/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", @@ -14810,24 +15590,6 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "150.222.240.237/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, - { - "ip_prefix": "150.222.240.247/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, - { - "ip_prefix": "150.222.243.35/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "216.182.232.0/22", "region": "us-east-1", @@ -15080,12 +15842,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.193.90/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.248.192/28", "region": "eu-west-2", @@ -15158,12 +15914,6 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, - { - "ip_prefix": "150.222.243.11/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "3.5.144.0/23", "region": "ap-northeast-2", @@ -15176,6 +15926,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.230.131.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.230.182.0/24", "region": "eu-west-1", @@ -15315,10 +16071,10 @@ "network_border_group": "GLOBAL" }, { - "ip_prefix": "150.222.243.37/32", - "region": "eu-south-1", + "ip_prefix": "150.222.230.126/31", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "eu-central-1" }, { "ip_prefix": "199.127.232.0/22", @@ -15338,6 +16094,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.65.224/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.177.78.0/24", "region": "eu-west-2", @@ -15356,6 +16118,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.230.19.18/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.39.76/31", "region": "us-east-2", @@ -15464,6 +16232,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.10.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.46.128/27", "region": "ap-northeast-1", @@ -15488,6 +16262,18 @@ "service": "AMAZON", "network_border_group": "us-east-1-nyc-1" }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", @@ -15698,6 +16484,18 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.21.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.67.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.93.1.0/24", "region": "us-east-1", @@ -15896,18 +16694,6 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, - { - "ip_prefix": "150.222.242.231/32", - "region": "af-south-1", - "service": "AMAZON", - "network_border_group": "af-south-1" - }, - { - "ip_prefix": "150.222.243.13/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.9.32/27", "region": "eu-west-1", @@ -15920,6 +16706,12 @@ "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ip_prefix": "15.251.0.23/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "43.224.79.164/31", "region": "us-west-2", @@ -16070,6 +16862,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.67.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.210.0.0/15", "region": "ap-southeast-2", @@ -16220,6 +17018,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.152.178/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.240.236.65/32", "region": "eu-south-1", @@ -16244,6 +17048,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "150.222.230.128/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.234.124/31", "region": "us-west-1", @@ -16358,6 +17168,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.12.12.0/23", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.46.191.150/31", "region": "us-east-1", @@ -16400,12 +17216,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, - { - "ip_prefix": "150.222.243.41/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.226/31", "region": "us-east-1", @@ -16424,6 +17234,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.190.16.0/20", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.4.158/31", "region": "ap-southeast-1", @@ -16442,6 +17258,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "35.152.0.0/16", "region": "eu-south-1", @@ -16520,12 +17348,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "150.222.243.33/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.53.128/27", "region": "ap-southeast-1", @@ -16544,6 +17366,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.66.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.123.0/24", "region": "eu-central-1", @@ -16604,12 +17432,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.240.131/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "207.171.160.0/20", "region": "us-east-1", @@ -16670,6 +17492,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.68.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.220.220.0/23", "region": "us-east-1", @@ -16748,6 +17576,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.0.8/31", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.39.164/31", "region": "us-east-2", @@ -16839,10 +17673,10 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.242.233/32", - "region": "af-south-1", + "ip_prefix": "13.34.5.79/32", + "region": "eu-central-1", "service": "AMAZON", - "network_border_group": "af-south-1" + "network_border_group": "eu-central-1" }, { "ip_prefix": "13.34.54.192/27", @@ -16916,6 +17750,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "54.222.92.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.239.192.0/19", "region": "GLOBAL", @@ -16964,6 +17804,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "16.12.14.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "16.50.0.0/15", "region": "ap-southeast-4", @@ -16994,6 +17840,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "52.94.152.176/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.144.211.200/31", "region": "eu-west-2", @@ -17030,18 +17882,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.242.229/32", - "region": "af-south-1", - "service": "AMAZON", - "network_border_group": "af-south-1" - }, - { - "ip_prefix": "150.222.243.45/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "157.175.0.0/16", "region": "me-south-1", @@ -17054,12 +17894,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.22.128/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.36.32/27", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "13.34.66.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.125.0/24", "region": "ap-southeast-1", @@ -17084,12 +17936,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.224.79.2/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.224.79.182/31", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.126.130/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.93.127.164/32", "region": "us-east-1", @@ -17102,6 +17966,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "52.94.152.179/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.95.16.0/21", "region": "us-east-2", @@ -17114,18 +17984,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "150.222.243.51/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.33.128/27", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.220.248.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "15.230.39.116/31", "region": "us-east-2", @@ -17384,6 +18254,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.136.64.0/18", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "13.34.38.32/27", "region": "eu-south-2", @@ -17408,6 +18284,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.220.236.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "15.230.39.128/31", "region": "us-east-2", @@ -17480,6 +18362,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.5.17/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.26.128/27", "region": "eu-north-1", @@ -17499,10 +18387,16 @@ "network_border_group": "eu-west-3" }, { - "ip_prefix": "15.230.131.162/31", - "region": "eu-central-1", + "ip_prefix": "15.251.0.22/32", + "region": "sa-east-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" }, { "ip_prefix": "43.224.79.108/31", @@ -17558,6 +18452,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.250.32/28", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.144.228.64/26", "region": "ap-southeast-2", @@ -17774,6 +18674,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-msp-1" }, + { + "ip_prefix": "15.220.205.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.39.80/31", "region": "us-east-2", @@ -17822,12 +18728,6 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, - { - "ip_prefix": "52.93.192.98/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.93.193.194/32", "region": "ca-central-1", @@ -17840,12 +18740,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "150.222.0.18/32", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "3.5.244.0/22", "region": "eu-west-2", @@ -17876,6 +18770,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.206.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.253.0.0/16", "region": "us-gov-east-1", @@ -17918,12 +18818,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.192.95/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.94.249.112/28", "region": "us-gov-east-1", @@ -17978,12 +18872,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "52.93.192.99/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.112.0/20", "region": "eu-west-1", @@ -18213,10 +19101,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.48/28", - "region": "eu-central-1", + "ip_prefix": "15.230.166.0/24", + "region": "eu-west-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "eu-west-1" }, { "ip_prefix": "43.224.79.120/31", @@ -18264,7 +19152,7 @@ "ip_prefix": "142.4.160.72/29", "region": "us-east-1", "service": "AMAZON", - "network_border_group": "us-east-1-mci-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "150.222.3.188/32", @@ -18272,12 +19160,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "150.222.243.59/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "185.48.120.0/22", "region": "eu-west-1", @@ -18380,6 +19262,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.206.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "15.221.52.0/24", "region": "af-south-1", @@ -18450,7 +19338,7 @@ "ip_prefix": "161.188.152.0/23", "region": "us-west-2", "service": "AMAZON", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "176.32.124.128/25", @@ -18488,12 +19376,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "15.230.131.16/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "52.46.191.34/31", "region": "us-west-2", @@ -18536,18 +19418,18 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, - { - "ip_prefix": "150.222.217.252/32", - "region": "ap-south-1", - "service": "AMAZON", - "network_border_group": "ap-south-1" - }, { "ip_prefix": "150.222.234.46/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.12.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.35.128/27", "region": "me-central-1", @@ -18680,6 +19562,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.220.234.0/23", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "15.230.74.0/26", "region": "ap-east-1", @@ -18974,12 +19862,6 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, - { - "ip_prefix": "15.230.131.8/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "43.198.0.0/15", "region": "ap-east-1", @@ -19022,6 +19904,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "71.137.4.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.104.0/21", "region": "af-south-1", @@ -19052,12 +19940,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.64.0/27", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.230.28.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "43.224.77.32/30", "region": "us-west-2", @@ -19112,6 +20012,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.5.16/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.26.160/27", "region": "eu-north-1", @@ -19136,6 +20042,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.230.207.0/24", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "16.12.4.0/23", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "34.240.0.0/13", "region": "eu-west-1", @@ -19244,6 +20162,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.146.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.95.30.0/23", "region": "ap-northeast-1", @@ -19364,6 +20288,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.251.0.24/32", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "43.224.76.156/30", "region": "us-east-1", @@ -19546,9 +20476,9 @@ }, { "ip_prefix": "15.230.177.2/31", - "region": "ap-south-1", + "region": "me-central-1", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "me-central-1" }, { "ip_prefix": "43.224.79.102/31", @@ -19688,12 +20618,6 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "15.230.131.6/32", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "43.224.76.72/30", "region": "us-east-1", @@ -19724,6 +20648,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.94.152.181/32", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.239.0.192/28", "region": "ap-northeast-2", @@ -19748,6 +20678,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.64.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.221.1.0/24", "region": "us-west-2", @@ -19796,12 +20732,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.243.39/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "13.34.33.192/27", "region": "eu-north-1", @@ -19928,6 +20858,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-phx-1" }, + { + "ip_prefix": "150.222.0.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.11.96/31", "region": "eu-west-1", @@ -19988,6 +20924,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "43.224.76.68/30", "region": "eu-west-2", @@ -20078,6 +21020,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.62.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.230.69.192/26", "region": "me-south-1", @@ -20144,6 +21092,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.16.64/27", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.22.224/27", "region": "us-east-2", @@ -20252,6 +21206,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.67.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.177.74.0/24", "region": "eu-west-3", @@ -20276,6 +21236,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "43.224.77.36/30", "region": "us-east-1", @@ -20343,10 +21309,16 @@ "network_border_group": "af-south-1" }, { - "ip_prefix": "150.222.243.57/32", - "region": "eu-south-1", + "ip_prefix": "150.222.232.120/31", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.65.32/27", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" }, { "ip_prefix": "13.40.0.0/14", @@ -20444,6 +21416,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.221.128.0/22", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.230.73.64/26", "region": "sa-east-1", @@ -20510,6 +21488,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.15.132/31", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "150.222.221.0/24", "region": "us-west-1", @@ -20535,10 +21519,10 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "15.230.131.9/32", - "region": "eu-central-1", + "ip_prefix": "15.251.0.26/32", + "region": "il-central-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "il-central-1" }, { "ip_prefix": "18.100.0.0/15", @@ -20846,12 +21830,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.193.96/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.95.181.0/24", "region": "ap-northeast-3", @@ -20913,10 +21891,10 @@ "network_border_group": "us-east-1" }, { - "ip_prefix": "150.222.242.97/32", - "region": "eu-south-1", + "ip_prefix": "13.34.13.128/27", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "eu-south-1" + "network_border_group": "ap-south-1" }, { "ip_prefix": "13.34.36.64/27", @@ -20930,6 +21908,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "13.34.66.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.116.0/24", "region": "us-east-1", @@ -20978,6 +21962,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "52.219.208.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "54.240.220.0/22", "region": "eu-west-1", @@ -21128,6 +22118,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.2.160/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.36.128/27", "region": "eu-west-3", @@ -21140,6 +22136,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.248.48.0/21", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "43.224.76.48/30", "region": "us-west-2", @@ -21182,12 +22184,6 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "150.222.242.227/32", - "region": "af-south-1", - "service": "AMAZON", - "network_border_group": "af-south-1" - }, { "ip_prefix": "13.34.49.192/27", "region": "eu-west-1", @@ -21200,6 +22196,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.205.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.224.77.156/30", "region": "eu-west-2", @@ -21254,12 +22256,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "104.255.59.125/32", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "13.34.39.224/27", "region": "eu-central-2", "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "13.34.63.192/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.230.39.6/31", "region": "us-east-2", @@ -21296,12 +22310,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "52.93.192.97/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "52.144.208.64/26", "region": "eu-west-1", @@ -21554,6 +22562,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.2.128/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.62.128/27", "region": "ap-northeast-1", @@ -21590,6 +22604,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "43.224.76.116/30", "region": "us-east-1", @@ -21614,6 +22634,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.222.96.0/22", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "65.8.0.0/16", "region": "GLOBAL", @@ -21632,6 +22658,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.11.160/27", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.48.64/27", "region": "eu-west-2", @@ -21740,6 +22772,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "51.16.0.0/15", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.46.191.166/31", "region": "eu-west-2", @@ -21758,6 +22796,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "52.144.230.210/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.79.0.0/16", "region": "ap-southeast-2", @@ -21932,6 +22976,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.64.128/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.230.84.0/24", "region": "eu-west-1", @@ -22010,18 +23060,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "150.222.243.55/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "15.197.20.0/22", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "43.224.79.220/31", "region": "eu-west-2", @@ -22047,16 +23097,16 @@ "network_border_group": "us-gov-west-1" }, { - "ip_prefix": "52.93.178.235/32", - "region": "us-west-1", + "ip_prefix": "52.93.32.183/32", + "region": "ap-southeast-2", "service": "AMAZON", - "network_border_group": "us-west-1" + "network_border_group": "ap-southeast-2" }, { - "ip_prefix": "52.93.193.94/32", - "region": "us-east-1", + "ip_prefix": "52.93.178.235/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "us-west-1" }, { "ip_prefix": "99.87.8.0/21", @@ -22148,6 +23198,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.14.128/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.53.96/27", "region": "eu-south-1", @@ -22166,6 +23222,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.19.252/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.230.199.0/28", "region": "us-east-2", @@ -22250,6 +23312,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-den-1" }, + { + "ip_prefix": "15.190.0.0/22", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.193.10.0/24", "region": "af-south-1", @@ -22263,10 +23331,10 @@ "network_border_group": "sa-east-1" }, { - "ip_prefix": "15.230.131.80/28", - "region": "eu-central-1", + "ip_prefix": "15.230.133.30/31", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "eu-central-1" + "network_border_group": "ap-southeast-1" }, { "ip_prefix": "52.46.191.110/31", @@ -22298,6 +23366,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "99.151.152.0/21", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "150.222.97.0/24", "region": "us-west-1", @@ -22520,6 +23594,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "13.34.5.112/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.59.32/27", "region": "me-central-1", @@ -22544,6 +23624,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.230.177.4/32", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "52.82.192.0/18", "region": "cn-northwest-1", @@ -22610,24 +23696,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, - { - "ip_prefix": "150.222.217.253/32", - "region": "ap-south-1", - "service": "AMAZON", - "network_border_group": "ap-south-1" - }, { "ip_prefix": "150.222.229.0/24", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, - { - "ip_prefix": "150.222.240.137/32", - "region": "eu-south-1", - "service": "AMAZON", - "network_border_group": "eu-south-1" - }, { "ip_prefix": "176.32.125.224/31", "region": "us-east-1", @@ -22658,12 +23732,6 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, - { - "ip_prefix": "15.230.131.128/28", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "43.224.76.160/30", "region": "us-east-1", @@ -22730,12 +23798,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "150.222.0.17/32", - "region": "sa-east-1", - "service": "AMAZON", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "150.222.3.220/31", "region": "ap-southeast-1", @@ -22802,12 +23864,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "52.93.193.97/32", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ip_prefix": "54.222.58.32/28", "region": "cn-north-1", @@ -22982,6 +24038,18 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "16.12.6.0/23", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.219.204.0/22", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "76.223.102.0/24", "region": "GLOBAL", @@ -22994,6 +24062,12 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "76.223.96.0/24", "region": "GLOBAL", @@ -23102,6 +24176,12 @@ "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.168.0/24", "region": "ap-southeast-4", @@ -23120,6 +24200,30 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "16.12.15.0/24", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "16.12.10.0/23", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.219.148.0/23", "region": "ap-northeast-2", @@ -23162,6 +24266,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "16.12.16.0/23", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.218.0.0/17", "region": "eu-west-1", @@ -23324,12 +24434,24 @@ "service": "S3", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.219.210.0/24", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.219.96.0/20", "region": "us-east-2", "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.95.148.0/23", "region": "eu-west-2", @@ -23456,6 +24578,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ip_prefix": "52.95.186.0/24", "region": "ap-south-2", @@ -23486,6 +24614,12 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "16.12.8.0/24", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "76.223.101.0/24", "region": "GLOBAL", @@ -23534,6 +24668,12 @@ "service": "S3", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "52.219.202.0/23", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.5.146.0/23", "region": "ap-southeast-1", @@ -23546,12 +24686,24 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.95.144.0/24", "region": "eu-west-2", "service": "S3", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "16.12.9.0/24", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "52.95.184.0/23", "region": "ap-south-2", @@ -23576,6 +24728,12 @@ "service": "S3", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.137.8.0/22", + "region": "cn-north-1", + "service": "S3", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -23612,6 +24770,18 @@ "service": "S3", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.92.0.0/17", "region": "eu-west-1", @@ -23630,6 +24800,12 @@ "service": "S3", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.12.12.0/23", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ip_prefix": "76.223.103.0/24", "region": "GLOBAL", @@ -23642,6 +24818,12 @@ "service": "S3", "network_border_group": "us-west-2" }, + { + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.219.156.0/22", "region": "ap-south-1", @@ -23660,6 +24842,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "16.12.14.0/24", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.219.56.0/22", "region": "ap-northeast-2", @@ -23762,6 +24950,12 @@ "service": "S3", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.12.4.0/23", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.95.145.0/24", "region": "ca-central-1", @@ -23804,6 +24998,12 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "52.219.208.0/23", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.82.164.0/22", "region": "cn-northwest-1", @@ -23816,6 +25016,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "54.222.96.0/22", + "region": "cn-north-1", + "service": "S3", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "3.5.232.0/22", "region": "sa-east-1", @@ -23876,12 +25082,30 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "DYNAMODB", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "52.94.26.0/23", "region": "eu-west-1", "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.72.0/24", + "region": "il-central-1", + "service": "DYNAMODB", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "DYNAMODB", + "network_border_group": "me-south-1" + }, { "ip_prefix": "52.119.252.0/22", "region": "us-west-2", @@ -23906,12 +25130,24 @@ "service": "DYNAMODB", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.114.0/24", + "region": "ap-northeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.94.12.0/24", "region": "us-west-1", "service": "DYNAMODB", "network_border_group": "us-west-1" }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.119.249.0/24", "region": "me-south-1", @@ -23924,12 +25160,30 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "DYNAMODB", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "13.248.68.0/24", "region": "eu-central-2", "service": "DYNAMODB", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "DYNAMODB", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "DYNAMODB", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.119.248.0/24", "region": "ap-east-1", @@ -23954,6 +25208,36 @@ "service": "DYNAMODB", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "DYNAMODB", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "DYNAMODB", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "DYNAMODB", + "network_border_group": "eu-south-2" + }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "DYNAMODB", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "52.94.5.0/24", "region": "eu-west-1", @@ -23966,12 +25250,30 @@ "service": "DYNAMODB", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "DYNAMODB", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.94.10.0/24", "region": "us-west-2", "service": "DYNAMODB", "network_border_group": "us-west-2" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "DYNAMODB", + "network_border_group": "af-south-1" + }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.94.22.0/24", "region": "us-gov-east-1", @@ -23990,12 +25292,30 @@ "service": "DYNAMODB", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "DYNAMODB", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "35.71.68.0/22", + "region": "us-east-1", + "service": "DYNAMODB", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.94.14.0/24", "region": "ca-central-1", "service": "DYNAMODB", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.94.9.0/24", "region": "us-gov-west-1", @@ -24008,6 +25328,12 @@ "service": "DYNAMODB", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "DYNAMODB", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.18.0/24", "region": "eu-south-1", @@ -24020,6 +25346,12 @@ "service": "DYNAMODB", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "DYNAMODB", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "52.94.23.0/24", "region": "eu-north-1", @@ -24050,6 +25382,12 @@ "service": "DYNAMODB", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "DYNAMODB", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "54.222.57.0/24", "region": "cn-north-1", @@ -24062,6 +25400,12 @@ "service": "DYNAMODB", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "DYNAMODB", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "52.82.187.0/24", "region": "cn-northwest-1", @@ -24080,6 +25424,24 @@ "service": "DYNAMODB", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "DYNAMODB", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "DYNAMODB", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "DYNAMODB", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.248.66.0/24", "region": "me-central-1", @@ -24104,12 +25466,24 @@ "service": "DYNAMODB", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "DYNAMODB", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "52.94.20.0/24", "region": "ap-south-1", "service": "DYNAMODB", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "DYNAMODB", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.94.0.0/22", "region": "us-east-1", @@ -24146,6 +25520,12 @@ "service": "EC2", "network_border_group": "us-east-1-iah-1" }, + { + "ip_prefix": "142.4.160.136/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-msp-1" + }, { "ip_prefix": "3.2.0.0/24", "region": "us-east-1", @@ -24164,6 +25544,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.222.88.0/24", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "64.252.81.0/24", "region": "sa-east-1", @@ -24194,6 +25580,24 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.196.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, + { + "ip_prefix": "15.220.216.0/22", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-2" + }, + { + "ip_prefix": "35.71.115.0/24", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "15.205.0.0/16", "region": "us-gov-west-1", @@ -24272,6 +25676,18 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "18.34.248.0/22", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "35.71.99.0/24", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ip_prefix": "54.148.0.0/15", "region": "us-west-2", @@ -24362,6 +25778,18 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.220.207.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, + { + "ip_prefix": "18.102.0.0/16", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "52.83.0.0/16", "region": "cn-northwest-1", @@ -24476,12 +25904,24 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.247.0.0/16", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "18.192.0.0/15", "region": "eu-central-1", "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.114.0/24", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "54.229.0.0/16", "region": "eu-west-1", @@ -24614,6 +26054,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "18.34.32.0/20", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.144.0.0/14", "region": "us-east-1", @@ -24644,6 +26090,12 @@ "service": "EC2", "network_border_group": "us-east-1-nyc-1" }, + { + "ip_prefix": "35.71.118.0/24", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "64.252.72.0/24", "region": "us-west-2", @@ -24764,6 +26216,18 @@ "service": "EC2", "network_border_group": "us-west-2-sea-1" }, + { + "ip_prefix": "18.34.0.0/19", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "35.71.119.0/24", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "54.226.0.0/15", "region": "us-east-1", @@ -24824,6 +26288,18 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.104.0/24", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "35.71.117.0/24", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "54.221.0.0/16", "region": "us-east-1", @@ -24902,6 +26378,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "18.34.72.0/21", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "35.176.0.0/15", "region": "eu-west-2", @@ -24926,6 +26408,12 @@ "service": "EC2", "network_border_group": "us-east-1-phl-1" }, + { + "ip_prefix": "3.4.7.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "99.77.155.0/24", "region": "eu-west-1", @@ -25106,6 +26594,12 @@ "service": "EC2", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "15.168.0.0/16", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "99.77.55.24/32", "region": "eu-south-2", @@ -25202,6 +26696,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.232.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "23.20.0.0/14", "region": "us-east-1", @@ -25364,6 +26864,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "35.71.72.0/22", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.227.0/24", "region": "eu-north-1", @@ -25424,6 +26930,18 @@ "service": "EC2", "network_border_group": "us-east-1-chi-1" }, + { + "ip_prefix": "15.220.202.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-pdx-1" + }, + { + "ip_prefix": "142.4.160.128/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "3.124.0.0/14", "region": "eu-central-1", @@ -25452,7 +26970,7 @@ "ip_prefix": "142.4.160.64/29", "region": "us-west-2", "service": "EC2", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "3.24.0.0/14", @@ -25466,6 +26984,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.113.0/24", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "64.252.103.0/24", "region": "ap-southeast-1", @@ -25496,6 +27020,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.94.144.0/23", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "52.0.0.0/15", "region": "us-east-1", @@ -25520,6 +27050,12 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "142.4.160.120/29", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "208.110.48.0/20", "region": "us-east-1", @@ -25592,6 +27128,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "52.82.170.0/24", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "64.252.113.0/24", "region": "ap-northeast-1", @@ -25658,6 +27200,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.220.208.128/26", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1b" + }, { "ip_prefix": "54.64.0.0/15", "region": "ap-northeast-1", @@ -25670,6 +27218,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.120.0/24", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "35.80.0.0/12", "region": "us-west-2", @@ -25700,6 +27254,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "15.220.200.0/23", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-las-1b" + }, { "ip_prefix": "43.204.0.0/15", "region": "ap-south-1", @@ -25736,6 +27296,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "35.71.98.0/24", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "99.77.131.0/24", "region": "us-east-2", @@ -25748,6 +27314,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.112.0/24", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "35.153.0.0/16", "region": "us-east-1", @@ -25772,6 +27344,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.220.228.0/22", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-ccu-2" + }, { "ip_prefix": "52.12.0.0/15", "region": "us-west-2", @@ -25850,6 +27428,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "18.34.64.0/21", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "34.224.0.0/12", "region": "us-east-1", @@ -25934,6 +27518,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "35.71.102.0/24", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "99.80.0.0/15", "region": "eu-west-1", @@ -26024,6 +27614,12 @@ "service": "EC2", "network_border_group": "us-east-1-bos-1" }, + { + "ip_prefix": "35.71.103.0/24", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "64.252.73.0/24", "region": "us-west-2", @@ -26042,6 +27638,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "35.71.110.0/24", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "52.95.255.80/28", "region": "us-east-1", @@ -26066,6 +27668,12 @@ "service": "EC2", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "15.220.227.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-2" + }, { "ip_prefix": "18.208.0.0/13", "region": "us-east-1", @@ -26390,6 +27998,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "18.34.244.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.201.0.0/16", "region": "eu-west-1", @@ -26490,7 +28104,7 @@ "ip_prefix": "15.220.226.0/24", "region": "us-west-2", "service": "EC2", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "52.95.228.0/24", @@ -26612,6 +28226,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.204.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.177.70.0/23", "region": "sa-east-1", @@ -26648,6 +28268,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "35.71.100.0/24", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "54.193.0.0/16", "region": "us-west-1", @@ -26702,6 +28328,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "35.71.68.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.8.0.0/16", "region": "us-west-1", @@ -26786,6 +28418,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.233.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-atl-1" + }, { "ip_prefix": "18.179.0.0/16", "region": "ap-northeast-1", @@ -26826,7 +28464,7 @@ "ip_prefix": "15.181.64.0/20", "region": "us-west-2", "service": "EC2", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "99.77.140.0/24", @@ -26834,6 +28472,18 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "16.16.0.0/16", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "54.222.89.0/24", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", @@ -26870,6 +28520,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "35.71.109.0/24", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.95.255.96/28", "region": "us-west-1", @@ -26928,7 +28584,13 @@ "ip_prefix": "15.181.248.0/24", "region": "us-west-2", "service": "EC2", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" + }, + { + "ip_prefix": "18.34.252.0/22", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" }, { "ip_prefix": "52.29.0.0/16", @@ -27044,6 +28706,12 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "35.71.111.0/24", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.94.248.144/28", "region": "ap-south-1", @@ -27086,6 +28754,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "35.71.116.0/24", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "71.132.0.0/18", "region": "cn-north-1", @@ -27302,6 +28976,18 @@ "service": "EC2", "network_border_group": "us-east-1-nyc-1" }, + { + "ip_prefix": "18.34.48.0/20", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "18.34.232.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.140.0.0/15", "region": "ap-southeast-1", @@ -27512,6 +29198,18 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "18.34.240.0/22", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "35.71.97.0/24", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "35.152.0.0/16", "region": "eu-south-1", @@ -27626,6 +29324,12 @@ "service": "EC2", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "15.220.248.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-phl-1" + }, { "ip_prefix": "52.95.225.0/24", "region": "ap-northeast-3", @@ -27698,12 +29402,24 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "71.136.64.0/18", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "15.220.236.0/22", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mci-1" + }, { "ip_prefix": "35.154.0.0/16", "region": "ap-south-1", @@ -27722,6 +29438,18 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.107.0/24", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "52.94.250.32/28", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "64.252.115.0/24", "region": "eu-west-1", @@ -27740,6 +29468,12 @@ "service": "EC2", "network_border_group": "us-east-1-msp-1" }, + { + "ip_prefix": "15.220.205.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "52.88.0.0/15", "region": "us-west-2", @@ -27828,7 +29562,7 @@ "ip_prefix": "142.4.160.72/29", "region": "us-east-1", "service": "EC2", - "network_border_group": "us-east-1-mci-1" + "network_border_group": "us-east-1" }, { "ip_prefix": "185.48.120.0/22", @@ -27854,11 +29588,17 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.206.0/24", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-sea-1" + }, { "ip_prefix": "161.188.152.0/23", "region": "us-west-2", "service": "EC2", - "network_border_group": "us-west-2-las-1" + "network_border_group": "us-west-2-las-1b" }, { "ip_prefix": "184.73.0.0/16", @@ -27902,6 +29642,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.234.0/23", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-mia-1" + }, { "ip_prefix": "18.176.0.0/15", "region": "ap-northeast-1", @@ -27968,12 +29714,24 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "71.137.4.0/24", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "99.150.104.0/21", "region": "af-south-1", "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "35.71.101.0/24", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.95.248.0/24", "region": "eu-central-1", @@ -28022,6 +29780,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "52.94.146.0/24", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.32.0.0/14", "region": "us-west-2", @@ -28160,6 +29924,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.71.108.0/24", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.46.184.0/22", "region": "eu-central-1", @@ -28220,6 +29990,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "35.71.121.0/24", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "52.65.0.0/16", "region": "ap-southeast-2", @@ -28514,6 +30290,12 @@ "service": "EC2", "network_border_group": "us-west-2-phx-1" }, + { + "ip_prefix": "35.71.106.0/24", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.181.243.0/24", "region": "us-east-1", @@ -28532,6 +30314,12 @@ "service": "EC2", "network_border_group": "me-central-1" }, + { + "ip_prefix": "51.16.0.0/15", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "54.79.0.0/16", "region": "ap-southeast-2", @@ -28592,6 +30380,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "35.71.105.0/24", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.28.0.0/16", "region": "eu-central-1", @@ -28646,6 +30440,12 @@ "service": "EC2", "network_border_group": "af-south-1" }, + { + "ip_prefix": "99.151.152.0/21", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "18.166.0.0/15", "region": "ap-east-1", @@ -28814,6 +30614,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.160.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "205.251.252.0/23", "region": "GLOBAL", @@ -28916,6 +30722,18 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.238.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ip_prefix": "18.244.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "205.251.208.0/20", "region": "GLOBAL", @@ -28958,6 +30776,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.164.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "64.252.128.0/18", "region": "GLOBAL", @@ -28994,6 +30818,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.172.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "120.52.39.128/27", "region": "GLOBAL", @@ -29012,6 +30842,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.154.0.0/15", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.240.128.0/18", "region": "GLOBAL", @@ -29246,6 +31082,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.197.34.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.124.0/24", "region": "us-east-1", @@ -29270,6 +31112,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.197.32.0/23", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.197.0.0/23", "region": "GLOBAL", @@ -30188,6 +32036,12 @@ "service": "CODEBUILD", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.144.128/25", + "region": "cn-north-1", + "service": "API_GATEWAY", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.15.0/26", "region": "cn-north-1", @@ -30200,6 +32054,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.176.0/23", + "region": "cn-north-1", + "service": "API_GATEWAY", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.58.88/29", "region": "cn-north-1", @@ -30410,6 +32270,12 @@ "service": "CODEBUILD", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "69.235.170.0/23", + "region": "cn-northwest-1", + "service": "API_GATEWAY", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "18.252.126.0/25", "region": "us-gov-east-1", @@ -30752,6 +32618,12 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.246.70.0/23", + "region": "af-south-1", + "service": "API_GATEWAY", + "network_border_group": "af-south-1" + }, { "ip_prefix": "16.162.162.96/29", "region": "ap-east-1", @@ -30764,6 +32636,18 @@ "service": "API_GATEWAY", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "16.163.196.0/22", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, + { + "ip_prefix": "16.163.206.0/23", + "region": "ap-east-1", + "service": "API_GATEWAY", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "16.163.63.64/26", "region": "ap-east-1", @@ -31292,6 +33176,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "35.77.112.0/22", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "35.77.124.0/23", + "region": "ap-northeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "52.199.127.192/26", "region": "ap-northeast-1", @@ -31622,12 +33518,48 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.38.229.0/25", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.38.248.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.38.90.8/29", "region": "ap-northeast-2", "service": "CODEBUILD", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.39.113.0/24", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.39.114.0/23", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.39.116.0/26", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "3.39.82.128/25", + "region": "ap-northeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "52.78.247.128/26", "region": "ap-northeast-2", @@ -31802,6 +33734,18 @@ "service": "API_GATEWAY", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.152.174.0/23", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.176.0/22", + "region": "ap-northeast-3", + "service": "API_GATEWAY", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "15.152.24.0/27", "region": "ap-northeast-3", @@ -32030,6 +33974,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.111.110.0/23", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.111.251.0/24", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.111.90.0/23", + "region": "ap-south-1", + "service": "API_GATEWAY", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "3.6.70.128/26", "region": "ap-south-1", @@ -32222,6 +34184,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.214.224.0/23", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.214.228.0/22", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.215.92.0/24", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.215.93.0/25", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.215.93.128/26", + "region": "ap-southeast-1", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "13.228.69.0/24", "region": "ap-southeast-1", @@ -32678,6 +34670,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.26.246.0/23", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "3.26.248.0/22", + "region": "ap-southeast-2", + "service": "API_GATEWAY", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "3.26.58.224/27", "region": "ap-southeast-2", @@ -32762,6 +34766,30 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "108.136.154.16/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.154.32/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.154.48/28", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.136.221.0/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.222.16.32/27", "region": "ca-central-1", @@ -32960,6 +34988,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.99.194.0/23", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "3.99.196.0/22", + "region": "ca-central-1", + "service": "API_GATEWAY", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "35.182.14.208/29", "region": "ca-central-1", @@ -33338,6 +35378,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.71.104.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.71.120.0/22", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.72.168.0/24", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "3.72.33.128/25", + "region": "eu-central-1", + "service": "API_GATEWAY", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "35.157.127.248/29", "region": "eu-central-1", @@ -33572,12 +35636,24 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.16.2.0/23", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "16.170.199.0/26", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.171.48.0/22", + "region": "eu-north-1", + "service": "API_GATEWAY", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "15.160.55.112/29", "region": "eu-south-1", @@ -33698,6 +35774,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "18.102.2.0/23", + "region": "eu-south-1", + "service": "API_GATEWAY", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "35.152.74.128/29", "region": "eu-south-1", @@ -34136,6 +36218,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.40.202.0/23", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "13.40.204.0/22", + "region": "eu-west-2", + "service": "API_GATEWAY", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.130.91.144/30", "region": "eu-west-2", @@ -34532,6 +36626,18 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.38.132.0/22", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "13.38.140.0/23", + "region": "eu-west-3", + "service": "API_GATEWAY", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.188.102.0/27", "region": "eu-west-3", @@ -34856,6 +36962,24 @@ "service": "API_GATEWAY", "network_border_group": "me-south-1" }, + { + "ip_prefix": "157.175.255.0/24", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.241.2.0/23", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "157.241.25.0/24", + "region": "me-south-1", + "service": "API_GATEWAY", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.228.1.128/26", "region": "sa-east-1", @@ -34982,6 +37106,18 @@ "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.229.36.0/23", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.229.40.0/23", + "region": "sa-east-1", + "service": "API_GATEWAY", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "177.71.207.128/26", "region": "sa-east-1", @@ -36194,6 +38330,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "44.202.79.128/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.23.61.0/24", "region": "us-east-1", @@ -36410,6 +38552,18 @@ "service": "API_GATEWAY", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.145.220.0/22", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.145.230.0/24", + "region": "us-east-2", + "service": "API_GATEWAY", + "network_border_group": "us-east-2" + }, { "ip_prefix": "3.145.31.0/26", "region": "us-east-2", @@ -36782,6 +38936,36 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.101.200.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.201.128/25", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.202.0/23", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.208.0/24", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.101.209.0/26", + "region": "us-west-1", + "service": "API_GATEWAY", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.101.52.208/30", "region": "us-west-1", @@ -37196,6 +39380,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "35.89.72.0/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "44.227.178.0/24", "region": "us-west-2", @@ -37462,6 +39652,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1f68:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2a05:d070:e000::/40", "region": "me-south-1", @@ -37480,6 +39676,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d034:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da1b::/36", "region": "ap-south-2", @@ -37540,6 +39742,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-4" }, + { + "ipv6_prefix": "2a05:d034:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07c:a000::/40", "region": "eu-south-1", @@ -37570,6 +39778,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:daf1:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f15::/36", "region": "us-gov-east-1", @@ -37708,6 +39922,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1f68:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff0:e000::/40", "region": "sa-east-1", @@ -37744,6 +39964,12 @@ "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ipv6_prefix": "2a05:d030:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:daf0:2000::/40", "region": "ap-northeast-2", @@ -37774,6 +40000,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2600:1ff1:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:9000:a800::/40", "region": "GLOBAL", @@ -37828,6 +40060,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d034:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2406:da70:f000::/40", "region": "ap-southeast-4", @@ -37846,6 +40084,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2620:107:4002::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daf8:4000::/40", "region": "ap-northeast-1", @@ -37900,12 +40144,6 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, - { - "ipv6_prefix": "2600:9000:5300::/40", - "region": "GLOBAL", - "service": "AMAZON", - "network_border_group": "GLOBAL" - }, { "ipv6_prefix": "2600:9000:a700::/40", "region": "GLOBAL", @@ -37954,6 +40192,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d071:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d07e:a000::/40", "region": "eu-south-1", @@ -38002,6 +40246,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2600:1ff1:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:9000:ae00::/40", "region": "GLOBAL", @@ -38026,12 +40276,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ipv6_prefix": "2600:1f14::/35", - "region": "us-west-2", - "service": "AMAZON", - "network_border_group": "us-west-2" - }, { "ipv6_prefix": "2620:107:4000:7000::/56", "region": "us-east-1", @@ -38092,6 +40336,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d07f:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da60:f000::/40", "region": "ap-southeast-4", @@ -38122,6 +40372,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff1:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:80e1::/48", "region": "eu-central-1", @@ -38224,6 +40480,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d079:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da68:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:dafe:4000::/40", "region": "ap-northeast-1", @@ -38236,12 +40504,24 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da68:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1ffd:8492::/48", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2406:da70:9000::/40", "region": "ap-southeast-3", @@ -38254,6 +40534,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-wl1-mia-wlz-1" }, + { + "ipv6_prefix": "2a05:d078:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da19::/36", "region": "ap-southeast-3", @@ -38284,6 +40570,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d071:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2a05:d078:8000::/40", "region": "eu-west-1", @@ -38596,6 +40888,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ffb:60c0::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2400:6500:0:7800::/56", "region": "ap-southeast-3", @@ -38626,6 +40924,24 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf1:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ipv6_prefix": "2406:dafc:ffa0::/46", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2600:9000:5380::/41", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d079:9000::/40", "region": "eu-central-2", @@ -38668,12 +40984,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, - { - "ipv6_prefix": "2a05:d014::/36", - "region": "eu-central-1", - "service": "AMAZON", - "network_border_group": "eu-central-1" - }, { "ipv6_prefix": "2a05:d07f:9000::/40", "region": "eu-central-2", @@ -38698,12 +41008,6 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, - { - "ipv6_prefix": "2600:1fa0:8000::/40", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ipv6_prefix": "2600:1ffe:8000::/40", "region": "us-east-1", @@ -38728,6 +41032,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1f14::/34", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:9000:1000::/36", "region": "GLOBAL", @@ -38752,6 +41062,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d071:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2406:daff:1000::/40", "region": "af-south-1", @@ -38770,6 +41086,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d071:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:daff:9000::/40", "region": "ap-southeast-3", @@ -38782,6 +41104,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d014::/35", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ff0:8000::/39", "region": "us-east-1", @@ -38824,6 +41152,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:da68:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2a05:d050:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", @@ -38842,12 +41182,24 @@ "service": "AMAZON", "network_border_group": "us-west-2-wl1-den-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -38878,6 +41230,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d000:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf1:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:85e8::/48", "region": "ap-southeast-2", @@ -38932,6 +41296,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2406:da68:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2a05:d07c:2000::/40", "region": "eu-west-3", @@ -38950,6 +41320,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1ff1:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2400:7fc0:500::/40", "region": "GLOBAL", @@ -38974,6 +41350,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1f10:4000::/36", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da60:a000::/40", "region": "ap-south-1", @@ -39004,6 +41386,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf1:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:9000:4000::/36", "region": "GLOBAL", @@ -39016,6 +41404,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:daf1:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f00:4000::/40", "region": "us-west-2", @@ -39124,6 +41518,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "240f:80a0:8000::/40", "region": "cn-north-1", @@ -39136,6 +41536,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a01:578:0:7700::/56", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:6700:ff00::/64", "region": "ap-northeast-1", @@ -39160,6 +41566,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf1:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1ffc:8000::/40", "region": "us-east-1", @@ -39208,6 +41620,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d034:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2404:c2c0:500::/40", "region": "GLOBAL", @@ -39220,6 +41638,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1f68:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2600:1ffd:816c::/48", "region": "ap-northeast-1", @@ -39244,6 +41668,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:9000:5308::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2600:9000:f534::/46", "region": "GLOBAL", @@ -39256,6 +41686,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1ff8:4000::/40", "region": "us-west-2", @@ -39274,6 +41710,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:da68:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:daff:8000::/40", "region": "ap-southeast-1", @@ -39316,6 +41758,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1f68:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d030:8000::/40", "region": "eu-west-1", @@ -39358,6 +41806,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:daf1:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:da00:b000::/40", "region": "ap-south-2", @@ -39424,6 +41878,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:da68:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2600:1ffb:80a1::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:daf8:1000::/40", "region": "af-south-1", @@ -39442,6 +41908,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d034:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2a05:d07e:8000::/40", "region": "eu-west-1", @@ -39598,12 +42070,24 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1f68:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ff8:1000::/40", "region": "ca-central-1", "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:9000:5300::/45", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d050:c000::/40", "region": "eu-west-2", @@ -39658,12 +42142,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2a05:d071:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2400:7fc0:2400::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1ffa:c000::/40", "region": "us-west-1", @@ -39694,6 +42190,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-5" }, + { + "ipv6_prefix": "2a05:d015::/36", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1ff8:8000::/40", "region": "us-east-1", @@ -39760,6 +42262,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1ff1:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1ff1:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d07e:e000::/40", "region": "me-south-1", @@ -39772,18 +42286,36 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:da68:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:da70:c000::/40", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ff1:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2620:107:4000:2::97/128", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:da68:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1f17:8000::/36", "region": "us-east-1", @@ -39832,6 +42364,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-wl1-sea-wlz-1" }, + { + "ipv6_prefix": "2a05:d071:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:dafc:a000::/40", "region": "ap-south-1", @@ -39976,6 +42514,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1f68:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2606:f40:4000::/48", "region": "eu-west-1", @@ -39988,6 +42532,12 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2a05:d07c:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da70:7000::/40", "region": "me-central-1", @@ -40120,6 +42670,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2620:107:4004::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d070:1000::/40", "region": "eu-south-2", @@ -40150,6 +42706,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d071:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:e000::/40", "region": "me-south-1", @@ -40192,6 +42754,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d071:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2400:6500:100:7200::/56", "region": "cn-northwest-1", @@ -40210,6 +42778,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:daf1:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1ffa:e000::/40", "region": "sa-east-1", @@ -40228,12 +42802,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:dafc:ff80::/46", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ffb:60c1::/48", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -40252,12 +42838,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ipv6_prefix": "2600:1ff1:8000::/40", - "region": "us-east-1", - "service": "AMAZON", - "network_border_group": "us-east-1" - }, { "ipv6_prefix": "2a01:578:0:7900::/56", "region": "eu-central-2", @@ -40294,6 +42874,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:9000:5320::/43", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d03a:2000::/40", "region": "eu-west-3", @@ -40336,12 +42922,24 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2a05:d034:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1f70:e000::/40", "region": "sa-east-1", "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:9000:5310::/44", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2a05:d019::/36", "region": "eu-central-2", @@ -40408,12 +43006,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d07f:1000::/40", "region": "eu-south-2", "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ipv6_prefix": "2600:1ffb:40c0::/46", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -40480,12 +43090,24 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1fa0:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:dafe:b000::/40", "region": "ap-south-2", "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2406:daf1:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f01:4844::/47", "region": "us-east-2", @@ -40510,6 +43132,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f68:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ff9:4000::/40", "region": "us-west-2", @@ -40564,12 +43192,30 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2406:dafc:ff60::/46", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:da00:9000::/40", "region": "ap-southeast-3", "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:9000:5340::/42", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2606:f40:1001::/48", "region": "us-west-2", @@ -40588,6 +43234,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d034:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:4000::/40", "region": "eu-central-1", @@ -40606,12 +43258,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ffb:80a0::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2620:107:4000:7200::/56", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da68:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ff0:5000::/40", "region": "us-gov-east-1", @@ -40660,6 +43324,18 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d034:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2406:da68:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafe:7000::/40", "region": "me-central-1", @@ -40678,6 +43354,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2620:107:4005::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d000:6000::/40", "region": "eu-north-1", @@ -40690,12 +43372,24 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:da68:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1f01:4814::/47", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f01:481a::/47", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:da60:4000::/40", "region": "ap-northeast-1", @@ -40708,6 +43402,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2620:107:4003::/48", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2a05:d07c:e000::/40", "region": "me-south-1", @@ -40732,6 +43432,12 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ipv6_prefix": "2a05:d07e:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -40840,6 +43546,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:da68:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1ffe:2000::/40", "region": "us-gov-west-1", @@ -40888,12 +43600,24 @@ "service": "S3", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2600:1f68:1000::/40", + "region": "ca-central-1", + "service": "S3", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2a05:d070:e000::/40", "region": "me-south-1", "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2a05:d034:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "240f:80f8:4000::/40", "region": "cn-northwest-1", @@ -40912,6 +43636,12 @@ "service": "S3", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d034:1000::/40", + "region": "eu-south-2", + "service": "S3", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2600:1fa0:4000::/40", "region": "us-west-2", @@ -40972,6 +43702,12 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1f68:4000::/40", + "region": "us-west-2", + "service": "S3", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ff0:e000::/40", "region": "sa-east-1", @@ -41008,6 +43744,12 @@ "service": "S3", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d034:2000::/40", + "region": "eu-west-3", + "service": "S3", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2406:daf8:4000::/40", "region": "ap-northeast-1", @@ -41068,6 +43810,12 @@ "service": "S3", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d050:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2600:1ff9:6000::/40", "region": "us-east-2", @@ -41098,6 +43846,36 @@ "service": "S3", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2a05:d079:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:da68:9000::/40", + "region": "ap-southeast-3", + "service": "S3", + "network_border_group": "ap-southeast-3" + }, + { + "ipv6_prefix": "2406:da68:2000::/40", + "region": "ap-northeast-2", + "service": "S3", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2a05:d034:8000::/40", + "region": "eu-west-1", + "service": "S3", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2a05:d078:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1ffa:4000::/40", "region": "us-west-2", @@ -41218,12 +43996,6 @@ "service": "S3", "network_border_group": "ap-southeast-4" }, - { - "ipv6_prefix": "2600:1fa0:8000::/40", - "region": "us-east-1", - "service": "S3", - "network_border_group": "us-east-1" - }, { "ipv6_prefix": "2600:1f60:6000::/40", "region": "us-east-2", @@ -41248,12 +44020,30 @@ "service": "S3", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:da68:6000::/40", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2a05:d050:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "240f:80fa:4000::/40", "region": "cn-northwest-1", "service": "S3", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "S3", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2a05:d050:a000::/40", "region": "eu-south-1", @@ -41266,6 +44056,12 @@ "service": "S3", "network_border_group": "eu-central-2" }, + { + "ipv6_prefix": "2406:da68:7000::/40", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:daf9:e000::/40", "region": "ap-east-1", @@ -41344,18 +44140,42 @@ "service": "S3", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2a05:d034:4000::/40", + "region": "eu-central-1", + "service": "S3", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daf8:8000::/40", "region": "ap-southeast-1", "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1f68:c000::/40", + "region": "us-west-1", + "service": "S3", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2a05:d034:9000::/40", + "region": "eu-central-2", + "service": "S3", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1ff8:4000::/40", "region": "us-west-2", "service": "S3", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2406:da68:b000::/40", + "region": "ap-south-2", + "service": "S3", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1ff9:2000::/40", "region": "us-gov-west-1", @@ -41368,6 +44188,12 @@ "service": "S3", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1f68:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2404:c2c0:2c00::/40", "region": "cn-northwest-1", @@ -41392,12 +44218,24 @@ "service": "S3", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2406:da68:c000::/40", + "region": "ap-southeast-2", + "service": "S3", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2406:daf8:1000::/40", "region": "af-south-1", "service": "S3", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d034:e000::/40", + "region": "me-south-1", + "service": "S3", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "240f:80f9:8000::/40", "region": "cn-north-1", @@ -41440,6 +44278,12 @@ "service": "S3", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1f68:5000::/40", + "region": "us-gov-east-1", + "service": "S3", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1ff8:1000::/40", "region": "ca-central-1", @@ -41518,6 +44362,18 @@ "service": "S3", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:da68:4000::/40", + "region": "ap-northeast-1", + "service": "S3", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2406:da68:8000::/40", + "region": "ap-southeast-1", + "service": "S3", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1ffa:1000::/40", "region": "ca-central-1", @@ -41572,6 +44428,12 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:2000::/40", + "region": "us-gov-west-1", + "service": "S3", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2406:daf9:b000::/40", "region": "ap-south-2", @@ -41674,6 +44536,12 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d034:6000::/40", + "region": "eu-north-1", + "service": "S3", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d070:9000::/40", "region": "eu-central-2", @@ -41692,6 +44560,12 @@ "service": "S3", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f68:6000::/40", + "region": "us-east-2", + "service": "S3", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fa0:1000::/40", "region": "ca-central-1", @@ -41722,6 +44596,12 @@ "service": "S3", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2600:1fa0:8000::/39", + "region": "us-east-1", + "service": "S3", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1fa0:c000::/40", "region": "us-west-1", @@ -41734,6 +44614,12 @@ "service": "S3", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2600:1f68:e000::/40", + "region": "sa-east-1", + "service": "S3", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ff9:4000::/40", "region": "us-west-2", @@ -41764,12 +44650,24 @@ "service": "S3", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d034:c000::/40", + "region": "eu-west-2", + "service": "S3", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2406:daa0:c000::/40", "region": "ap-southeast-2", "service": "S3", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:da68:e000::/40", + "region": "ap-east-1", + "service": "S3", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ff0:5000::/40", "region": "us-gov-east-1", @@ -41794,6 +44692,24 @@ "service": "S3", "network_border_group": "me-central-1" }, + { + "ipv6_prefix": "2a05:d034:a000::/40", + "region": "eu-south-1", + "service": "S3", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2406:da68:f000::/40", + "region": "ap-southeast-4", + "service": "S3", + "network_border_group": "ap-southeast-4" + }, + { + "ipv6_prefix": "2406:da68:1000::/40", + "region": "af-south-1", + "service": "S3", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:daf8:2000::/40", "region": "ap-northeast-2", @@ -41830,6 +44746,12 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2406:da68:a000::/40", + "region": "ap-south-1", + "service": "S3", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2a05:d078:6000::/40", "region": "eu-north-1", @@ -41890,6 +44812,12 @@ "service": "EC2", "network_border_group": "us-west-2-pilot-2" }, + { + "ipv6_prefix": "2406:daf1:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2600:1f15::/36", "region": "us-gov-east-1", @@ -41980,6 +44908,12 @@ "service": "EC2", "network_border_group": "eu-south-2" }, + { + "ipv6_prefix": "2a05:d030:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:daf0:2000::/40", "region": "ap-northeast-2", @@ -41992,6 +44926,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1ff1:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d01e::/36", "region": "me-south-1", @@ -42022,6 +44962,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2620:107:4002::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f18::/33", "region": "us-east-1", @@ -42064,6 +45010,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d071:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d070:a000::/40", "region": "eu-south-1", @@ -42083,16 +45035,16 @@ "network_border_group": "us-west-2" }, { - "ipv6_prefix": "2a05:d000:9000::/40", - "region": "eu-central-2", + "ipv6_prefix": "2600:1ff1:c000::/40", + "region": "us-west-1", "service": "EC2", - "network_border_group": "eu-central-2" + "network_border_group": "us-west-1" }, { - "ipv6_prefix": "2600:1f14::/35", - "region": "us-west-2", + "ipv6_prefix": "2a05:d000:9000::/40", + "region": "eu-central-2", "service": "EC2", - "network_border_group": "us-west-2" + "network_border_group": "eu-central-2" }, { "ipv6_prefix": "2a05:d030:c000::/40", @@ -42106,6 +45058,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d07f:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da60:f000::/40", "region": "ap-southeast-4", @@ -42124,6 +45082,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1ff1:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:80e1::/48", "region": "eu-central-1", @@ -42178,6 +45142,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2600:1f70:c000::/40", "region": "us-west-1", @@ -42340,6 +45310,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ffb:60c0::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f60:4000::/40", "region": "us-west-2", @@ -42352,6 +45328,12 @@ "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf1:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da17::/36", "region": "me-central-1", @@ -42376,12 +45358,6 @@ "service": "EC2", "network_border_group": "af-south-1" }, - { - "ipv6_prefix": "2a05:d014::/36", - "region": "eu-central-1", - "service": "EC2", - "network_border_group": "eu-central-1" - }, { "ipv6_prefix": "2a05:d07f:9000::/40", "region": "eu-central-2", @@ -42400,6 +45376,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1f14::/34", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d07f:8000::/40", "region": "eu-west-1", @@ -42412,6 +45394,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2a05:d071:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2406:daff:1000::/40", "region": "af-south-1", @@ -42430,6 +45418,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d071:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2406:daff:9000::/40", "region": "ap-southeast-3", @@ -42442,6 +45436,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d014::/35", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ff0:8000::/39", "region": "us-east-1", @@ -42478,12 +45478,24 @@ "service": "EC2", "network_border_group": "us-west-2-wl1-den-wlz-1" }, + { + "ipv6_prefix": "2a05:d070:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:daf1:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -42502,6 +45514,18 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d000:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, + { + "ipv6_prefix": "2406:daf1:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:85e8::/48", "region": "ap-southeast-2", @@ -42532,6 +45556,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1ff1:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2406:daf0:6000::/40", "region": "ap-northeast-3", @@ -42544,6 +45574,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1f10:4000::/36", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da60:a000::/40", "region": "ap-south-1", @@ -42562,12 +45598,24 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf1:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2a05:d012::/36", "region": "eu-west-3", "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2406:daf1:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1f00:4000::/40", "region": "us-west-2", @@ -42616,6 +45664,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2406:daf1:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1fff:e000::/40", "region": "sa-east-1", @@ -42640,6 +45694,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:daf1:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2620:107:300f::/64", "region": "us-west-1", @@ -42724,6 +45784,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2406:daf1:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:da00:b000::/40", "region": "ap-south-2", @@ -42772,6 +45838,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ffb:80a1::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffd:818f::/48", "region": "ca-central-1", @@ -42856,6 +45928,18 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d071:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2406:daf1:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2a05:d07f:2000::/40", "region": "eu-west-3", @@ -42868,6 +45952,12 @@ "service": "EC2", "network_border_group": "us-east-1-pilot-5" }, + { + "ipv6_prefix": "2a05:d015::/36", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2600:1f1f::/36", "region": "us-west-2", @@ -42898,6 +45988,18 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ff1:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1ff1:6000::/40", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2406:da60:e000::/40", "region": "ap-east-1", @@ -42910,6 +46012,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1ff1:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2600:1f17:8000::/36", "region": "us-east-1", @@ -42940,6 +46048,12 @@ "service": "EC2", "network_border_group": "us-west-2-wl1-sea-wlz-1" }, + { + "ipv6_prefix": "2a05:d071:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daff:c000::/40", "region": "ap-southeast-2", @@ -43084,6 +46198,12 @@ "service": "EC2", "network_border_group": "us-west-2-lax-1" }, + { + "ipv6_prefix": "2620:107:4004::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d070:1000::/40", "region": "eu-south-2", @@ -43108,6 +46228,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2a05:d071:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2a05:d07f:e000::/40", "region": "me-south-1", @@ -43126,12 +46252,30 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2a05:d071:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2406:daf1:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2406:daf0:e000::/40", "region": "ap-east-1", "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1ffb:60c1::/48", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f00:8000::/40", "region": "us-east-1", @@ -43150,12 +46294,6 @@ "service": "EC2", "network_border_group": "ap-south-1" }, - { - "ipv6_prefix": "2600:1ff1:8000::/40", - "region": "us-east-1", - "service": "EC2", - "network_border_group": "us-east-1" - }, { "ipv6_prefix": "2a05:d07f:a000::/40", "region": "eu-south-1", @@ -43252,6 +46390,12 @@ "service": "EC2", "network_border_group": "eu-south-2" }, + { + "ipv6_prefix": "2600:1ffb:40c0::/46", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1fff:6000::/40", "region": "us-east-2", @@ -43276,6 +46420,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:daf1:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2a05:d03a:9000::/40", "region": "eu-central-2", @@ -43306,6 +46456,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2a05:d071:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2606:f40:1001::/48", "region": "us-west-2", @@ -43336,6 +46492,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1ffb:80a0::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ff0:5000::/40", "region": "us-gov-east-1", @@ -43366,6 +46528,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2620:107:4005::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d000:6000::/40", "region": "eu-north-1", @@ -43384,6 +46552,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2620:107:4003::/48", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1f16:8000::/36", "region": "us-east-2", @@ -43499,25 +46673,25 @@ "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:5300::/40", + "ipv6_prefix": "2600:9000:f800::/37", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:f800::/37", + "ipv6_prefix": "2600:9000:f400::/40", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:f400::/40", + "ipv6_prefix": "2600:9000:f538::/45", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, { - "ipv6_prefix": "2600:9000:f538::/45", + "ipv6_prefix": "2600:9000:5380::/41", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" @@ -43558,6 +46732,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:5308::/45", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2600:9000:f534::/46", "region": "GLOBAL", @@ -43570,18 +46750,252 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:5320::/43", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:5310::/44", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2600:9000:f580::/41", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:9000:5340::/42", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2600:9000:eee::/48", "region": "GLOBAL", "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:1f01:4874::/47", + "region": "us-west-2", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2600:1f01:4802::/47", + "region": "eu-west-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2600:1f01:4860::/47", + "region": "ap-northeast-2", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2600:9000:a800::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:a700::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4880::/47", + "region": "ap-northeast-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2600:9000:ae00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4810::/47", + "region": "eu-west-3", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2600:9000:a500::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:ac00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:af00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:aa00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:a300::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4850::/47", + "region": "us-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:1f01:48a0::/47", + "region": "us-west-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-west-1" + }, + { + "ipv6_prefix": "2600:9000:a400::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:48c0::/47", + "region": "ca-central-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ca-central-1" + }, + { + "ipv6_prefix": "2600:9000:a900::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4890::/47", + "region": "us-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:9000:a200::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:ad00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4820::/47", + "region": "eu-west-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-west-1" + }, + { + "ipv6_prefix": "2600:1f01:48d2::/47", + "region": "ap-southeast-2", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-2" + }, + { + "ipv6_prefix": "2600:1f01:4800::/47", + "region": "ap-south-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2600:1f01:48e0::/47", + "region": "me-south-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "me-south-1" + }, + { + "ipv6_prefix": "2600:1f01:48b0::/47", + "region": "ap-southeast-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2600:9000:a100::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:1f01:4804::/47", + "region": "us-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:1f01:4840::/47", + "region": "sa-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "sa-east-1" + }, + { + "ipv6_prefix": "2600:1f01:4830::/47", + "region": "eu-central-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2600:1f01:48d0::/47", + "region": "eu-north-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-north-1" + }, + { + "ipv6_prefix": "2600:1f01:4870::/47", + "region": "eu-west-2", + "service": "GLOBALACCELERATOR", + "network_border_group": "eu-west-2" + }, + { + "ipv6_prefix": "2600:1f01:4844::/47", + "region": "us-east-2", + "service": "GLOBALACCELERATOR", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2600:1f01:4814::/47", + "region": "ap-east-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-east-1" + }, + { + "ipv6_prefix": "2600:9000:a600::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, + { + "ipv6_prefix": "2600:9000:ab00::/40", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ipv6_prefix": "2400:7fc0:4000:100::/56", "region": "cn-north-1", @@ -43949,25 +47363,25 @@ "network_border_group": "ca-central-1" }, { - "ipv6_prefix": "2a05:d038:4000:100::/56", + "ipv6_prefix": "2a05:d03a:4000:100::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, { - "ipv6_prefix": "2a05:d038:4000:200::/56", + "ipv6_prefix": "2a05:d03a:4000:200::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, { - "ipv6_prefix": "2a05:d038:4000:300::/56", + "ipv6_prefix": "2a05:d03a:4000:300::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" }, { - "ipv6_prefix": "2a05:d038:4000:400::/56", + "ipv6_prefix": "2a05:d03a:4000:400::/56", "region": "eu-central-1", "service": "AMAZON", "network_border_group": "eu-central-1" @@ -43979,19 +47393,19 @@ "network_border_group": "eu-central-1" }, { - "ipv6_prefix": "2a05:d038:6000:100::/56", + "ipv6_prefix": "2a05:d03a:6000:100::/56", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, { - "ipv6_prefix": "2a05:d038:6000:200::/56", + "ipv6_prefix": "2a05:d03a:6000:200::/56", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" }, { - "ipv6_prefix": "2a05:d038:6000:400::/56", + "ipv6_prefix": "2a05:d03a:6000:400::/56", "region": "eu-north-1", "service": "AMAZON", "network_border_group": "eu-north-1" @@ -44003,19 +47417,19 @@ "network_border_group": "eu-north-1" }, { - "ipv6_prefix": "2a05:d038:a000:100::/56", + "ipv6_prefix": "2a05:d03a:a000:100::/56", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, { - "ipv6_prefix": "2a05:d038:a000:200::/56", + "ipv6_prefix": "2a05:d03a:a000:200::/56", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" }, { - "ipv6_prefix": "2a05:d038:a000:400::/56", + "ipv6_prefix": "2a05:d03a:a000:400::/56", "region": "eu-south-1", "service": "AMAZON", "network_border_group": "eu-south-1" @@ -44039,25 +47453,25 @@ "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2a05:d038:8000:100::/56", + "ipv6_prefix": "2a05:d03a:8000:100::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2a05:d038:8000:200::/56", + "ipv6_prefix": "2a05:d03a:8000:200::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2a05:d038:8000:300::/56", + "ipv6_prefix": "2a05:d03a:8000:300::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2a05:d038:8000:400::/56", + "ipv6_prefix": "2a05:d03a:8000:400::/56", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" @@ -44069,25 +47483,25 @@ "network_border_group": "eu-west-1" }, { - "ipv6_prefix": "2a05:d038:c000:100::/56", + "ipv6_prefix": "2a05:d03a:c000:100::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, { - "ipv6_prefix": "2a05:d038:c000:200::/56", + "ipv6_prefix": "2a05:d03a:c000:200::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, { - "ipv6_prefix": "2a05:d038:c000:300::/56", + "ipv6_prefix": "2a05:d03a:c000:300::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, { - "ipv6_prefix": "2a05:d038:c000:400::/56", + "ipv6_prefix": "2a05:d03a:c000:400::/56", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" @@ -44099,25 +47513,25 @@ "network_border_group": "eu-west-2" }, { - "ipv6_prefix": "2a05:d038:2000:100::/56", + "ipv6_prefix": "2a05:d03a:2000:100::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, { - "ipv6_prefix": "2a05:d038:2000:200::/56", + "ipv6_prefix": "2a05:d03a:2000:200::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, { - "ipv6_prefix": "2a05:d038:2000:300::/56", + "ipv6_prefix": "2a05:d03a:2000:300::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" }, { - "ipv6_prefix": "2a05:d038:2000:400::/56", + "ipv6_prefix": "2a05:d03a:2000:400::/56", "region": "eu-west-3", "service": "AMAZON", "network_border_group": "eu-west-3" @@ -44129,19 +47543,19 @@ "network_border_group": "eu-west-3" }, { - "ipv6_prefix": "2a05:d038:e000:100::/56", + "ipv6_prefix": "2a05:d03a:e000:100::/56", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, { - "ipv6_prefix": "2a05:d038:e000:200::/56", + "ipv6_prefix": "2a05:d03a:e000:200::/56", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" }, { - "ipv6_prefix": "2a05:d038:e000:400::/56", + "ipv6_prefix": "2a05:d03a:e000:400::/56", "region": "me-south-1", "service": "AMAZON", "network_border_group": "me-south-1" From d138f46d270e40f6e31f2fc017654c33bb4a85cd Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 27 Apr 2022 13:01:30 +0200 Subject: [PATCH 796/979] Remove print statement --- ScoutSuite/providers/gcp/utils.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/utils.py b/ScoutSuite/providers/gcp/utils.py index be9db0b1a..232cab533 100644 --- a/ScoutSuite/providers/gcp/utils.py +++ b/ScoutSuite/providers/gcp/utils.py @@ -13,7 +13,6 @@ def is_throttled(exception): 'API_SHARED_QUOTA_EXHAUSTED', 'RATE_LIMIT_EXCEEDED' ] - print(exception) try: if any(error in str(exception) for error in throttled_errors): return True From 18fe8065906618e83821a973a4cc0fcac1a070fa Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 28 Apr 2022 11:22:28 +0200 Subject: [PATCH 797/979] Handle lack of devices --- .../providers/aws/resources/iam/credentialreports.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/iam/credentialreports.py b/ScoutSuite/providers/aws/resources/iam/credentialreports.py index c0f77af84..4cb6245d9 100755 --- a/ScoutSuite/providers/aws/resources/iam/credentialreports.py +++ b/ScoutSuite/providers/aws/resources/iam/credentialreports.py @@ -61,10 +61,13 @@ async def _user_has_hardware_mfa_devices(self, username): return True else: devices = await self.facade.iam.get_user_mfa_devices(username) - for device in devices: - if device['SerialNumber'][0:4] == 'arn:': - return False - return True + if devices: + for device in devices: + if device['SerialNumber'][0:4] == 'arn:': + return False + return True + else: + return False except Exception as e: print_exception(f'Failed to infer hardware MFA configuration for user {username}: {e}') From e1c6c352c1a13e16dd5a605643d7c056ba49042a Mon Sep 17 00:00:00 2001 From: Scott Bailey Date: Wed, 11 May 2022 14:34:48 -0400 Subject: [PATCH 798/979] Adjust AWS "secrets" regular expressions The existing regexes are prone to false positives because they match strings which might be substrings of longer, innocuous strings. "Secret Access Keys" in particular will be detected (in error) when nearly any sufficiently long pathname is encountered. This commit strengthens the check to ensure any potential match is delimited (somehow), disallowing substring matches. False positives still are possible, but the target string now must be EXACTLY the right length, not at least the right length. Signed-off-by: Scott Bailey --- ScoutSuite/providers/aws/resources/ec2/instances.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/resources/ec2/instances.py b/ScoutSuite/providers/aws/resources/ec2/instances.py index 2d149fe3a..2ed6a389b 100755 --- a/ScoutSuite/providers/aws/resources/ec2/instances.py +++ b/ScoutSuite/providers/aws/resources/ec2/instances.py @@ -62,8 +62,8 @@ def _identify_user_data_secrets(user_data): secrets = {} if user_data: - aws_access_key_regex = re.compile('AKIA[0-9A-Z]{16}') - aws_secret_access_key_regex = re.compile('[0-9a-zA-Z/+]{40}') + aws_access_key_regex = re.compile(r'(?:^|[^0-9A-Z])(AKIA[0-9A-Z]{16})(?:[^0-9A-Z]|$)') + aws_secret_access_key_regex = re.compile(r'(?:^|[^0-9a-zA-Z/+])([0-9a-zA-Z/+]{40})(?:[^0-9a-zA-Z/+]|$)') rsa_private_key_regex = re.compile('(-----BEGIN RSA PRIVATE KEY-----(?s).+?-----END .+?-----)') keywords = ['password', 'secret', 'aws_access_key_id', 'aws_secret_access_key', 'aws_session_token'] From 8d451771b1d0af4312a25c224afaac31df8c4fa9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:15:58 +0200 Subject: [PATCH 799/979] Upgrade dependency --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 014a29e6e..c642a379c 100755 --- a/requirements.txt +++ b/requirements.txt @@ -24,7 +24,7 @@ google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 google-cloud-kms==1.3.0 ## API Client Libraries -google-api-python-client>=1.7.8 +google-api-python-client>=2.47.0 oauth2client>=4.1.3 ## Necessary since API Client Libraries are not thread-safe httplib2shim>=0.0.3 From 323fb65a2867a5fd1aa92c2d882fa57ef1f3cad1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:55:40 +0200 Subject: [PATCH 800/979] Add services --- ScoutSuite/utils.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index bd406fd07..4267ccd75 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -57,6 +57,8 @@ 'stackdrivermonitoring': 'Stackdriver Monitoring', 'computeengine': 'Compute Engine', 'kubernetesengine': 'Kubernetes Engine', + 'functions': 'Cloud Functions', + 'bigquery': 'BigQuery', # Aliyun 'actiontrail': 'ActionTrail', # OCI From d757816b28b5ae9bc57eacd08c8dea948deb0c10 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:56:50 +0200 Subject: [PATCH 801/979] Add services --- ScoutSuite/providers/gcp/facade/base.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 3b984d822..c03fd4979 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -13,6 +13,7 @@ from ScoutSuite.providers.gcp.facade.stackdriverlogging import StackdriverLoggingFacade from ScoutSuite.providers.gcp.facade.stackdrivermonitoring import StackdriverMonitoringFacade from ScoutSuite.providers.gcp.facade.gke import GKEFacade +from ScoutSuite.providers.gcp.facade.functions import FunctionsFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.utils import format_service_name @@ -33,6 +34,7 @@ def __init__(self, self.cloudstorage = CloudStorageFacade() self.memorystoreredis = MemoryStoreRedisFacade() self.gce = GCEFacade() + self.functions = FunctionsFacade() self.iam = IAMFacade() self.kms = KMSFacade() self.dns = DNSFacade() @@ -164,6 +166,10 @@ async def is_api_enabled(self, project_id, service): endpoint = 'sql-component' elif service == 'ComputeEngine': endpoint = 'compute' + elif service == 'Functions': + endpoint = 'cloudfunctions' + elif service == 'BigQuery': + endpoint = 'bigquery' elif service == 'KubernetesEngine': endpoint = 'container' elif service == 'StackdriverLogging': @@ -173,7 +179,7 @@ async def is_api_enabled(self, project_id, service): elif service == 'MemoryStore': endpoint = 'redis' elif service =='DNS': - endpoint='dns' + endpoint = 'dns' else: print_debug('Could not validate the state of the {} API for project \"{}\", ' 'including it in the execution'.format(format_service_name(service.lower()), project_id)) From 8714bf420cfa5d8d3e78dce1ffdc789d41a10302 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:57:52 +0200 Subject: [PATCH 802/979] Add services --- ScoutSuite/providers/gcp/facade/base.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index c03fd4979..135ac9343 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -14,6 +14,7 @@ from ScoutSuite.providers.gcp.facade.stackdrivermonitoring import StackdriverMonitoringFacade from ScoutSuite.providers.gcp.facade.gke import GKEFacade from ScoutSuite.providers.gcp.facade.functions import FunctionsFacade +from ScoutSuite.providers.gcp.facade.bigquery import BigQueryFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.utils import format_service_name @@ -35,6 +36,7 @@ def __init__(self, self.memorystoreredis = MemoryStoreRedisFacade() self.gce = GCEFacade() self.functions = FunctionsFacade() + self.bigquery = BigQueryFacade() self.iam = IAMFacade() self.kms = KMSFacade() self.dns = DNSFacade() From 9414c243454b74573d09f45f0c29b858f93e0147 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:58:16 +0200 Subject: [PATCH 803/979] Add services --- ScoutSuite/providers/gcp/services.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/services.py b/ScoutSuite/providers/gcp/services.py index 9027b5abb..f4fb34a3c 100755 --- a/ScoutSuite/providers/gcp/services.py +++ b/ScoutSuite/providers/gcp/services.py @@ -7,7 +7,8 @@ from ScoutSuite.providers.gcp.resources.iam.base import IAM from ScoutSuite.providers.gcp.resources.kms.base import KMS from ScoutSuite.providers.gcp.resources.dns.base import DNS - +from ScoutSuite.providers.gcp.resources.functions.base import Functions +from ScoutSuite.providers.gcp.resources.bigquery.base import BigQuery from ScoutSuite.providers.gcp.resources.stackdriverlogging.base import StackdriverLogging from ScoutSuite.providers.gcp.resources.stackdrivermonitoring.base import StackdriverMonitoring from ScoutSuite.providers.gcp.resources.gke.base import KubernetesEngine @@ -27,6 +28,8 @@ def __init__(self, credentials=None, default_project_id=None, self.cloudmemorystore = MemoryStore(facade) self.cloudstorage = CloudStorage(facade) self.computeengine = ComputeEngine(facade) + self.functions = Functions(facade) + self.bigquery = BigQuery(facade) self.iam = IAM(facade) self.kms = KMS(facade) self.stackdriverlogging = StackdriverLogging(facade) From 41e5e0559d974d564b1e37fdf5b6eded72117aa4 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 10:58:38 +0200 Subject: [PATCH 804/979] Basic Functions support --- ScoutSuite/providers/gcp/facade/functions.py | 36 +++++++++++++++++++ .../providers/gcp/resources/functions/base.py | 10 ++++++ .../gcp/resources/functions/functions_v1.py | 19 ++++++++++ .../gcp/resources/functions/functions_v2.py | 19 ++++++++++ 4 files changed, 84 insertions(+) create mode 100644 ScoutSuite/providers/gcp/facade/functions.py create mode 100644 ScoutSuite/providers/gcp/resources/functions/base.py create mode 100644 ScoutSuite/providers/gcp/resources/functions/functions_v1.py create mode 100644 ScoutSuite/providers/gcp/resources/functions/functions_v2.py diff --git a/ScoutSuite/providers/gcp/facade/functions.py b/ScoutSuite/providers/gcp/facade/functions.py new file mode 100644 index 000000000..899f49a2f --- /dev/null +++ b/ScoutSuite/providers/gcp/facade/functions.py @@ -0,0 +1,36 @@ +from google.cloud import kms +from google.api_core.gapic_v1.client_info import ClientInfo + +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade +from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent + + +class FunctionsFacade(GCPBaseFacade): + def __init__(self): + # The version needs to be set per-function + super().__init__('cloudfunctions', None) # API Client + + + async def get_functions_v1(self, project_id: str): + results = await self.get_functions_version(project_id, "v1") + return results + + async def get_functions_v2(self, project_id: str): + results = await self.get_functions_version(project_id, "v2alpha") + return results + + async def get_functions_version(self, project_id: str, api_version: str): + try: + functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) + parent = f'projects/{project_id}/locations/-' + functions = functions_client.projects().locations().functions() + request = functions.list(parent=parent) + results = await GCPFacadeUtils.get_all('functions', request, functions) + return results + + except Exception as e: + print_exception(f'Failed to retrieve Cloud Functions functions ({api_version}): {e}') + return [] diff --git a/ScoutSuite/providers/gcp/resources/functions/base.py b/ScoutSuite/providers/gcp/resources/functions/base.py new file mode 100644 index 000000000..0b7cc7c4d --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/functions/base.py @@ -0,0 +1,10 @@ +from ScoutSuite.providers.gcp.resources.functions.functions_v1 import FunctionsV1 +from ScoutSuite.providers.gcp.resources.functions.functions_v2 import FunctionsV2 +from ScoutSuite.providers.gcp.resources.projects import Projects + + +class Functions(Projects): + _children = [ + (FunctionsV1, 'functions_v1'), + (FunctionsV2, 'functions_v2') + ] diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py new file mode 100644 index 000000000..78c2992c0 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class FunctionsV1(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_functions = await self.facade.functions.get_functions_v1(self.project_id) + for raw_function in raw_functions: + function_id, function = self._parse_function(raw_function) + self[function_id] = function + + def _parse_function(self, raw_function): + print() + print(raw_function) + return None, None diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py new file mode 100644 index 000000000..59f6991df --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class FunctionsV2(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_functions = await self.facade.functions.get_functions_v2(self.project_id) + for raw_function in raw_functions: + function_id, function = self._parse_function(raw_function) + self[function_id] = function + + def _parse_function(self, raw_function): + print() + print(raw_function) + return None, None From b82a450a869c2bf8bf3630df8e36b55bcbedf024 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 14:28:23 +0200 Subject: [PATCH 805/979] Implement basic BigQuery support --- ScoutSuite/providers/gcp/facade/bigquery.py | 29 +++++++++++++++++++ .../providers/gcp/resources/bigquery/base.py | 8 +++++ .../gcp/resources/bigquery/datasets.py | 19 ++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 ScoutSuite/providers/gcp/facade/bigquery.py create mode 100644 ScoutSuite/providers/gcp/resources/bigquery/base.py create mode 100644 ScoutSuite/providers/gcp/resources/bigquery/datasets.py diff --git a/ScoutSuite/providers/gcp/facade/bigquery.py b/ScoutSuite/providers/gcp/facade/bigquery.py new file mode 100644 index 000000000..358115401 --- /dev/null +++ b/ScoutSuite/providers/gcp/facade/bigquery.py @@ -0,0 +1,29 @@ +from google.cloud import kms +from google.api_core.gapic_v1.client_info import ClientInfo + +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade +from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.utils import get_user_agent + + +class BigQueryFacade(GCPBaseFacade): + def __init__(self): + + super().__init__('bigquery', 'v2') # API Client + + + async def get_datasets(self, project_id: str): + try: + bigquery_client = self._get_client() + + datasets = bigquery_client.datasets() + request = datasets.list(projectId=project_id) + results = await GCPFacadeUtils.get_all('datasets', request, datasets) + print(results) + return results + + except Exception as e: + print_exception(f'Failed to retrieve BigQuery datasets): {e}') + return [] diff --git a/ScoutSuite/providers/gcp/resources/bigquery/base.py b/ScoutSuite/providers/gcp/resources/bigquery/base.py new file mode 100644 index 000000000..837233bf4 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/bigquery/base.py @@ -0,0 +1,8 @@ +from ScoutSuite.providers.gcp.resources.bigquery.datasets import Datasets +from ScoutSuite.providers.gcp.resources.projects import Projects + + +class BigQuery(Projects): + _children = [ + (Datasets, 'datasets') + ] diff --git a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py new file mode 100644 index 000000000..d9c699ac8 --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class Datasets(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_datasets = await self.facade.bigquery.get_datasets(self.project_id) + for raw_dataset in raw_datasets: + dataset_id, dataset = self._parse_dataset(raw_dataset) + self[dataset_id] = dataset + + def _parse_dataset(self, raw_dataset): + print() + print(raw_dataset) + return None, None From e8703ca63a4ae8ecf8e6f51d686a2a88b505d0e6 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 13 May 2022 14:38:06 +0200 Subject: [PATCH 806/979] Improve service enabled check --- ScoutSuite/providers/gcp/facade/base.py | 6 ++++-- ScoutSuite/providers/gcp/facade/bigquery.py | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index 135ac9343..52ae77c16 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -160,6 +160,7 @@ async def is_api_enabled(self, project_id, service): return True # These are hardcoded endpoint correspondences as there's no easy way to do this. + incorrect_endpoints = [] if service == 'KMS': endpoint = 'cloudkms' elif service == 'CloudStorage': @@ -172,6 +173,7 @@ async def is_api_enabled(self, project_id, service): endpoint = 'cloudfunctions' elif service == 'BigQuery': endpoint = 'bigquery' + incorrect_endpoints.append('annotation-bigquery-public-data.cloudpartnerservices.goog') elif service == 'KubernetesEngine': endpoint = 'container' elif service == 'StackdriverLogging': @@ -180,7 +182,7 @@ async def is_api_enabled(self, project_id, service): endpoint = 'monitoring' elif service == 'MemoryStore': endpoint = 'redis' - elif service =='DNS': + elif service == 'DNS': endpoint = 'dns' else: print_debug('Could not validate the state of the {} API for project \"{}\", ' @@ -188,7 +190,7 @@ async def is_api_enabled(self, project_id, service): return True for s in services_response: - if endpoint in s.get('name'): + if endpoint in s.get('name') and s.get('config').get('name') not in incorrect_endpoints: if s.get('state') == 'ENABLED': return True else: diff --git a/ScoutSuite/providers/gcp/facade/bigquery.py b/ScoutSuite/providers/gcp/facade/bigquery.py index 358115401..1a473caf9 100644 --- a/ScoutSuite/providers/gcp/facade/bigquery.py +++ b/ScoutSuite/providers/gcp/facade/bigquery.py @@ -21,7 +21,6 @@ async def get_datasets(self, project_id: str): datasets = bigquery_client.datasets() request = datasets.list(projectId=project_id) results = await GCPFacadeUtils.get_all('datasets', request, datasets) - print(results) return results except Exception as e: From ef7875fce41e6d03a1177c58e477ee9ef3675f3b Mon Sep 17 00:00:00 2001 From: Charlie Tran Date: Fri, 13 May 2022 21:54:42 -0500 Subject: [PATCH 807/979] Update SQS encryption finding to for managed SSE In November 2021, AWS added managed server-side encryption for SQS: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-sqs-server-side-encryption-keys-sse/ This should be acceptable to satisfy the "Queue with Encryption Disabled" rule. --- .../partials/aws/services.sqs.regions.id.queues.html | 11 +++++++++-- ScoutSuite/providers/aws/resources/sqs/queues.py | 3 ++- .../sqs-queue-server-side-encryption-disabled.json | 5 +++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html b/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html index 5390681b1..83f3f03fe 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html +++ b/ScoutSuite/output/data/html/partials/aws/services.sqs.regions.id.queues.html @@ -8,9 +8,16 @@

    {{name}}

    Information

    Region: {{region}}
    ARN: {{arn}}
    -
    KMS master key id: +
    KMS master key id: + {{#if kms_master_key_id}} {{kms_master_key_id}} {{else}} None {{/if}} -
    +     +
    +
    SQS-managed encryption keys: + + {{#ifEqual sqs_managed_sse_enabled "true"}} Enabled {{else}} Disabled {{/ifEqual}} + +
    Created on: {{CreatedTimestamp}}
    diff --git a/ScoutSuite/providers/aws/resources/sqs/queues.py b/ScoutSuite/providers/aws/resources/sqs/queues.py index cee4fe757..392f41f13 100755 --- a/ScoutSuite/providers/aws/resources/sqs/queues.py +++ b/ScoutSuite/providers/aws/resources/sqs/queues.py @@ -11,7 +11,7 @@ def __init__(self, facade: AWSFacade, region: str): async def fetch_all(self): queues = await self.facade.sqs.get_queues(self.region, - ['CreatedTimestamp', 'Policy', 'QueueArn', 'KmsMasterKeyId']) + ['CreatedTimestamp', 'Policy', 'QueueArn', 'KmsMasterKeyId', 'SqsManagedSseEnabled']) for queue_url, queue_attributes in queues: id, queue = self._parse_queue(queue_url, queue_attributes) self[id] = queue @@ -22,6 +22,7 @@ def _parse_queue(self, queue_url, queue_attributes): queue['arn'] = queue_attributes.pop('QueueArn') queue['name'] = queue['arn'].split(':')[-1] queue['kms_master_key_id'] = queue_attributes.pop('KmsMasterKeyId', None) + queue['sqs_managed_sse_enabled'] = queue_attributes.pop('SqsManagedSseEnabled', None) queue['CreatedTimestamp'] = queue_attributes.pop('CreatedTimestamp', None) if 'Policy' in queue_attributes: diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json index 53b4703b6..47492f24b 100644 --- a/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json @@ -14,6 +14,11 @@ "sqs.regions.id.queues.id.kms_master_key_id", "null", "" + ], + [ + "sqs.regions.id.queues.id.sqs_managed_sse_enabled", + "false", + "" ] ], "id_suffix": "server-side-encryption-disabled" From 66e830e46436ebdc3497540ef709dbe180893e69 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 10:31:30 +0200 Subject: [PATCH 808/979] better implementation --- ScoutSuite/providers/gcp/facade/bigquery.py | 23 +++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/bigquery.py b/ScoutSuite/providers/gcp/facade/bigquery.py index 1a473caf9..8887c3a4b 100644 --- a/ScoutSuite/providers/gcp/facade/bigquery.py +++ b/ScoutSuite/providers/gcp/facade/bigquery.py @@ -4,7 +4,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils -from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.providers.utils import map_concurrently, run_concurrently from ScoutSuite.utils import get_user_agent @@ -17,12 +17,27 @@ def __init__(self): async def get_datasets(self, project_id: str): try: bigquery_client = self._get_client() - datasets = bigquery_client.datasets() + + # get list of datasets request = datasets.list(projectId=project_id) results = await GCPFacadeUtils.get_all('datasets', request, datasets) - return results + # extract ids + dataset_ids = [dataset.get('id').split(':')[-1] for dataset in results] + except Exception as e: + print_exception(f'Failed to retrieve BigQuery datasets: {e}') + return [] + else: + return await map_concurrently(self._get_dataset, dataset_ids, project_id=project_id) + async def _get_dataset(self, dataset_id: str, project_id: str): + try: + bigquery_client = self._get_client() + datasets = bigquery_client.datasets() + request = datasets.get(projectId=project_id, datasetId=dataset_id) + return await run_concurrently( + lambda: request.execute() + ) except Exception as e: - print_exception(f'Failed to retrieve BigQuery datasets): {e}') + print_exception(f'Failed to retrieve BigQuery datasets {dataset_id}: {e}') return [] From 65f7941f30f869e520e2c8cb6638d4266dbcc6f8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 11:16:03 +0200 Subject: [PATCH 809/979] Improve implementation --- ScoutSuite/providers/gcp/facade/bigquery.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/bigquery.py b/ScoutSuite/providers/gcp/facade/bigquery.py index 8887c3a4b..9328d3c23 100644 --- a/ScoutSuite/providers/gcp/facade/bigquery.py +++ b/ScoutSuite/providers/gcp/facade/bigquery.py @@ -1,11 +1,7 @@ -from google.cloud import kms -from google.api_core.gapic_v1.client_info import ClientInfo - from ScoutSuite.core.console import print_exception from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils from ScoutSuite.providers.utils import map_concurrently, run_concurrently -from ScoutSuite.utils import get_user_agent class BigQueryFacade(GCPBaseFacade): @@ -13,7 +9,6 @@ def __init__(self): super().__init__('bigquery', 'v2') # API Client - async def get_datasets(self, project_id: str): try: bigquery_client = self._get_client() @@ -25,7 +20,7 @@ async def get_datasets(self, project_id: str): # extract ids dataset_ids = [dataset.get('id').split(':')[-1] for dataset in results] except Exception as e: - print_exception(f'Failed to retrieve BigQuery datasets: {e}') + print_exception(f'Failed to list BigQuery datasets: {e}') return [] else: return await map_concurrently(self._get_dataset, dataset_ids, project_id=project_id) @@ -40,4 +35,4 @@ async def _get_dataset(self, dataset_id: str, project_id: str): ) except Exception as e: print_exception(f'Failed to retrieve BigQuery datasets {dataset_id}: {e}') - return [] + return {} From 660cff6c72402aa2b705fca133632984a2c73c29 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 11:16:59 +0200 Subject: [PATCH 810/979] Improve implementation --- ScoutSuite/providers/gcp/facade/functions.py | 48 +++++++++++++------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/functions.py b/ScoutSuite/providers/gcp/facade/functions.py index 899f49a2f..1aa739f6f 100644 --- a/ScoutSuite/providers/gcp/facade/functions.py +++ b/ScoutSuite/providers/gcp/facade/functions.py @@ -1,11 +1,7 @@ -from google.cloud import kms -from google.api_core.gapic_v1.client_info import ClientInfo - from ScoutSuite.core.console import print_exception from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils -from ScoutSuite.providers.utils import run_concurrently -from ScoutSuite.utils import get_user_agent +from ScoutSuite.providers.utils import map_concurrently, run_concurrently class FunctionsFacade(GCPBaseFacade): @@ -13,24 +9,42 @@ def __init__(self): # The version needs to be set per-function super().__init__('cloudfunctions', None) # API Client - async def get_functions_v1(self, project_id: str): - results = await self.get_functions_version(project_id, "v1") - return results + return await self._get_functions_version("v1", project_id) async def get_functions_v2(self, project_id: str): - results = await self.get_functions_version(project_id, "v2alpha") + return await self._get_functions_version("v2alpha", project_id) + + async def _get_functions_version(self, api_version: str, project_id: str): + try: + # get list of functions + list_results = await self._list_functions_version(project_id, api_version) + # get list of function names + functions = [function.get('name') for function in list_results] + except Exception as e: + print_exception(f'Failed to list Cloud Functions functions ({api_version}): {e}') + return [] + else: + return await map_concurrently(self._get_function_version, functions, api_version=api_version, + project_id=project_id) + + async def _list_functions_version(self, project_id: str, api_version: str): + functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) + parent = f'projects/{project_id}/locations/-' + functions = functions_client.projects().locations().functions() + request = functions.list(parent=parent) + results = await GCPFacadeUtils.get_all('functions', request, functions) return results - async def get_functions_version(self, project_id: str, api_version: str): + async def _get_function_version(self, name: str, api_version: str, project_id: str): try: functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) - parent = f'projects/{project_id}/locations/-' - functions = functions_client.projects().locations().functions() - request = functions.list(parent=parent) - results = await GCPFacadeUtils.get_all('functions', request, functions) - return results + functions = functions_client.projects().locations().functions() + request = functions.get(name=name) + return await run_concurrently( + lambda: request.execute() + ) except Exception as e: - print_exception(f'Failed to retrieve Cloud Functions functions ({api_version}): {e}') - return [] + print_exception(f'Failed to get Cloud Functions functions ({api_version}): {e}') + return {} From 337b38381cd078487af002a6a187c474c84abfb9 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:01:34 +0200 Subject: [PATCH 811/979] Add IAM informatino --- ScoutSuite/providers/gcp/facade/functions.py | 31 ++++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/functions.py b/ScoutSuite/providers/gcp/facade/functions.py index 1aa739f6f..58a26f9bb 100644 --- a/ScoutSuite/providers/gcp/facade/functions.py +++ b/ScoutSuite/providers/gcp/facade/functions.py @@ -1,7 +1,7 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.gcp.facade.basefacade import GCPBaseFacade from ScoutSuite.providers.gcp.facade.utils import GCPFacadeUtils -from ScoutSuite.providers.utils import map_concurrently, run_concurrently +from ScoutSuite.providers.utils import map_concurrently, run_concurrently, get_and_set_concurrently class FunctionsFacade(GCPBaseFacade): @@ -20,13 +20,16 @@ async def _get_functions_version(self, api_version: str, project_id: str): # get list of functions list_results = await self._list_functions_version(project_id, api_version) # get list of function names - functions = [function.get('name') for function in list_results] + functions_list = [function.get('name') for function in list_results] except Exception as e: print_exception(f'Failed to list Cloud Functions functions ({api_version}): {e}') return [] else: - return await map_concurrently(self._get_function_version, functions, api_version=api_version, - project_id=project_id) + functions = await map_concurrently(self._get_function_version, functions_list, api_version=api_version) + await get_and_set_concurrently([self._get_and_set_function_iam_policy], + functions, + api_version=api_version) + return functions async def _list_functions_version(self, project_id: str, api_version: str): functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) @@ -36,15 +39,25 @@ async def _list_functions_version(self, project_id: str, api_version: str): results = await GCPFacadeUtils.get_all('functions', request, functions) return results - async def _get_function_version(self, name: str, api_version: str, project_id: str): + async def _get_function_version(self, name: str, api_version: str): try: functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) - functions = functions_client.projects().locations().functions() request = functions.get(name=name) - return await run_concurrently( - lambda: request.execute() - ) + return await run_concurrently(lambda: request.execute()) except Exception as e: print_exception(f'Failed to get Cloud Functions functions ({api_version}): {e}') return {} + + async def _get_and_set_function_iam_policy(self, function, api_version: str): + try: + functions_client = self._build_arbitrary_client(self._client_name, api_version, force_new=True) + functions = functions_client.projects().locations().functions() + request = functions.getIamPolicy(resource=function.get('name')) + policy = await run_concurrently(lambda: request.execute()) + # setattr(function, 'bindings', policy.get('bindings', [])) + function['bindings'] = policy.get('bindings', []) + except Exception as e: + print_exception(f'Failed to get bindings for Cloud Functions function {function.get("name")} ' + f'({api_version}): {e}') + function['bindings'] = [] From db369143963aae8a79b3a2fcb1ecb23195abd303 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:19:09 +0200 Subject: [PATCH 812/979] Format service names --- ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index f373fcb23..79b79ebc7 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -1253,8 +1253,12 @@ function makeTitle(title) { return 'Compute Engine' } else if (title === 'kubernetesengine') { return 'Kubernetes Engine' + } else if (title === 'functions') { + return 'Cloud Functions' } else if (title === 'cloudmemorystore') { return 'Cloud Memorystore' + } else if (title === 'bigquery') { + return 'BigQuery' } else if (title === 'aad') { return 'Azure Active Directory' } else if (title === 'rbac') { From c89f521aa6abf650699845aad61ee563510f276f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:52:47 +0200 Subject: [PATCH 813/979] Working parsing and rendering --- ...ervices.bigquery.projects.id.datasets.html | 43 +++++++++++++++++++ .../gcp/resources/bigquery/datasets.py | 24 +++++++++-- 2 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html diff --git a/ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html b/ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html new file mode 100644 index 000000000..58abaae51 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.bigquery.projects.id.datasets.html @@ -0,0 +1,43 @@ + + + + + + + + diff --git a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py index d9c699ac8..c5c93d2f4 100644 --- a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py +++ b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py @@ -14,6 +14,24 @@ async def fetch_all(self): self[dataset_id] = dataset def _parse_dataset(self, raw_dataset): - print() - print(raw_dataset) - return None, None + dataset_dict = {} + dataset_dict['id'] = raw_dataset.get('id') + dataset_dict['name'] = raw_dataset.get('datasetReference').get('datasetId') + dataset_dict['location'] = raw_dataset.get('location') + dataset_dict['creation_time'] = int(raw_dataset.get('creationTime')) + dataset_dict['last_modified_time'] = int(raw_dataset.get('lastModifiedTime')) + dataset_dict['default_encryption_configuration'] = raw_dataset.get('defaultEncryptionConfiguration', {}).get( + 'kmsKeyName') + + # format bindings in a way that's easier to query + dataset_dict['bindings'] = {} + for entry in raw_dataset.get('access'): + role = entry.get('role') + if role not in dataset_dict['bindings'].keys(): + dataset_dict['bindings'][role] = [] + for k, v in entry.items(): + if k != 'role': + dataset_dict['bindings'][role].append({"type": k, + "member": v}) + + return dataset_dict['id'], dataset_dict From f52eb00216403104bc9c976b5ff7e32815d47717 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:53:08 +0200 Subject: [PATCH 814/979] Add resources --- ScoutSuite/providers/gcp/metadata.json | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json index 561bf0038..697cd3b15 100755 --- a/ScoutSuite/providers/gcp/metadata.json +++ b/ScoutSuite/providers/gcp/metadata.json @@ -65,6 +65,18 @@ "path": "services.kubernetesengine.projects.id.clusters" } } + }, + "functions": { + "resources": { + "functions_v1": { + "cols": 2, + "path": "services.functions.projects.id.functions_v1" + }, + "functions_v2": { + "cols": 2, + "path": "services.functions.projects.id.functions_v2" + } + } } }, "network": { @@ -86,7 +98,6 @@ } } }, - "database": { "cloudsql": { "resources": { @@ -103,6 +114,14 @@ "path": "services.cloudmemorystore.projects.id.redis_instances" } } + }, + "bigquery": { + "resources": { + "datasets": { + "cols": 2, + "path": "services.bigquery.projects.id.datasets" + } + } } }, "management": { From 5cd31d56a6a966dbe8888275880a9a882bbc09e7 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:55:38 +0200 Subject: [PATCH 815/979] Get non provider IDs --- ScoutSuite/providers/gcp/resources/bigquery/datasets.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py index c5c93d2f4..b4829a956 100644 --- a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py +++ b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.utils import get_non_provider_id class Datasets(Resources): @@ -15,7 +16,7 @@ async def fetch_all(self): def _parse_dataset(self, raw_dataset): dataset_dict = {} - dataset_dict['id'] = raw_dataset.get('id') + dataset_dict['id'] = get_non_provider_id(raw_dataset.get('id')) dataset_dict['name'] = raw_dataset.get('datasetReference').get('datasetId') dataset_dict['location'] = raw_dataset.get('location') dataset_dict['creation_time'] = int(raw_dataset.get('creationTime')) From 02f7b6eb1accc3634c4ac875b981fe08c332e5a3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 12:56:01 +0200 Subject: [PATCH 816/979] Reformat --- ScoutSuite/providers/gcp/resources/bigquery/datasets.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py index b4829a956..3a422b475 100644 --- a/ScoutSuite/providers/gcp/resources/bigquery/datasets.py +++ b/ScoutSuite/providers/gcp/resources/bigquery/datasets.py @@ -21,8 +21,8 @@ def _parse_dataset(self, raw_dataset): dataset_dict['location'] = raw_dataset.get('location') dataset_dict['creation_time'] = int(raw_dataset.get('creationTime')) dataset_dict['last_modified_time'] = int(raw_dataset.get('lastModifiedTime')) - dataset_dict['default_encryption_configuration'] = raw_dataset.get('defaultEncryptionConfiguration', {}).get( - 'kmsKeyName') + dataset_dict['default_encryption_configuration'] = \ + raw_dataset.get('defaultEncryptionConfiguration', {}).get('kmsKeyName') # format bindings in a way that's easier to query dataset_dict['bindings'] = {} From cdeb55797b6be3d8584b952e7cb03a4c3d1a28be Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 13:18:22 +0200 Subject: [PATCH 817/979] Add base partials --- ...es.functions.projects.id.functions_v1.html | 40 +++++++++++++++++++ ...es.functions.projects.id.functions_v2.html | 28 +++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html create mode 100644 ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html new file mode 100644 index 000000000..d000a3231 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html @@ -0,0 +1,40 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html new file mode 100644 index 000000000..53d9d1a50 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html @@ -0,0 +1,28 @@ + + + + + + + + From c8a613201cdbae77148bdfe2fb390e36f80fb497 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 13:55:15 +0200 Subject: [PATCH 818/979] Better parsing and rendering --- ...es.functions.projects.id.functions_v1.html | 61 +++++++++++++++---- .../gcp/resources/functions/functions_v1.py | 29 ++++++++- 2 files changed, 74 insertions(+), 16 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html index d000a3231..384e50717 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html @@ -6,24 +6,59 @@

    {{name}}

    Information

    Name: {{value_or_none name}}
    -
    Https Trigger: {{value_or_none https_trigger}}
    Status: {{value_or_none status}}
    -
    Entry Point: {{value_or_none entry_point}}
    -
    Timeout: {{value_or_none timeout}}
    -
    Available Memory Mb: {{value_or_none available_memory_mb}}
    -
    Service Account Email: {{value_or_none service_account_email}}
    Update Time: {{value_or_none update_time}}
    -
    Version Id: {{value_or_none version_id}}
    -
    Labels: {{value_or_none labels}}
    -
    Source Upload Url: {{value_or_none source_upload_url}}
    -
    Environment Variables: {{value_or_none environment_variables}}
    +
    Version: {{value_or_none version_id}}
    Runtime: {{value_or_none runtime}}
    +
    Memory: {{value_or_none available_memory_mb}} MB
    Max Instances: {{value_or_none max_instances}}
    -
    Ingress Settings: {{value_or_none ingress_settings}}
    -
    Build Id: {{value_or_none build_id}}
    -
    Build Name: {{value_or_none build_name}}
    Docker Registry: {{value_or_none docker_registry}}
    -
    Bindings: {{value_or_none bindings}}
    +
    Environment Variables + {{#if environment_variables}} +
      + {{#each environment_variables}} +
    • {{@key}}: {{this}}
      • + {{/each}} +
    + {{else}} + None + {{/if}} +
    +
    +
    +

    Trigger

    +
    URL: {{value_or_none url}}
    +
    Security Level: {{value_or_none security_level}}
    +
    Ingress Settings: {{value_or_none ingress_settings}}
    +
    +
    +

    Bindings:

    +
    +
      + {{#each roles}} +
    • {{this}}
      • + {{else}} +
    • None
      • + {{/each}} +
    +
    +
    +
    +

    Service Account Users:

    +
    +
      + {{#each bindings}} +
    • Role {{role}}
      • +
        + {{#each members}} +
      • {{this}}
        • + {{/each}} +
      + {{else}} +
    • None
      • + {{/each}} +
    +
    diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 78c2992c0..67086cf4a 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.utils import get_non_provider_id class FunctionsV1(Resources): @@ -14,6 +15,28 @@ async def fetch_all(self): self[function_id] = function def _parse_function(self, raw_function): - print() - print(raw_function) - return None, None + function_dict = {} + + function_dict['id'] = get_non_provider_id(raw_function['name']) + function_dict['name'] = raw_function['name'].split('/')[-1] + function_dict['status'] = raw_function['status'] + function_dict['update_time'] = raw_function['updateTime'] + function_dict['version_id'] = raw_function['versionId'] + + function_dict['runtime'] = raw_function['runtime'] + function_dict['memory'] = raw_function['availableMemoryMb'] + function_dict['timeout'] = raw_function['timeout'] + function_dict['max_instances'] = raw_function['maxInstances'] + function_dict['docker_registry'] = raw_function['dockerRegistry'] + + function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') + function_dict['security_level'] = raw_function.get('httpsTrigger', {}).get('securityLevel') + function_dict['ingress_settings'] = raw_function['ingressSettings'] + + function_dict['bindings'] = raw_function['bindings'] + + function_dict['environment_variables'] = raw_function['environmentVariables'] + + function_dict['labels'] = raw_function['labels'] + + return function_dict['id'], function_dict From c1193e13675da2db3d1dad73848b23fc407efa20 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 17 May 2022 14:12:07 +0200 Subject: [PATCH 819/979] Better parsing and rendering --- ...es.functions.projects.id.functions_v1.html | 16 +------ ...es.functions.projects.id.functions_v2.html | 44 ++++++++++++++++--- .../gcp/resources/functions/functions_v2.py | 28 ++++++++++-- 3 files changed, 66 insertions(+), 22 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html index 384e50717..3fbcfa7a3 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html @@ -10,7 +10,7 @@

    Information

    Update Time: {{value_or_none update_time}}
    Version: {{value_or_none version_id}}
    Runtime: {{value_or_none runtime}}
    -
    Memory: {{value_or_none available_memory_mb}} MB
    +
    Memory: {{value_or_none memory}}MB
    Max Instances: {{value_or_none max_instances}}
    Docker Registry: {{value_or_none docker_registry}}
    Environment Variables @@ -32,19 +32,7 @@

    Trigger

    Ingress Settings: {{value_or_none ingress_settings}}
    -

    Bindings:

    -
    -
      - {{#each roles}} -
    • {{this}}
      • - {{else}} -
    • None
      • - {{/each}} -
    -
    -
    -
    -

    Service Account Users:

    +

    Bindings:

      {{#each bindings}} diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html index 53d9d1a50..942ee26f5 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html @@ -6,12 +6,46 @@

      {{name}}

      Information

      Name: {{value_or_none name}}
      -
      Build Config: {{value_or_none build_config}}
      -
      Service Config: {{value_or_none service_config}}
      -
      State: {{value_or_none state}}
      +
      Status: {{value_or_none status}}
      Update Time: {{value_or_none update_time}}
      -
      Labels: {{value_or_none labels}}
      -
      Bindings: {{value_or_none bindings}}
      +
      Version: {{value_or_none version_id}}
      +
      Runtime: {{value_or_none runtime}}
      +
      Memory: {{value_or_none memory}}
      +
      Max Instances: {{value_or_none max_instances}}
      +
      Service Account: {{value_or_none service_account}}
      +
      Environment Variables + {{#if environment_variables}} +
        + {{#each environment_variables}} +
      • {{@key}}: {{this}}
        • + {{/each}} +
      + {{else}} + None + {{/if}} +
      +
      +
      +

      Trigger

      +
      URL: {{value_or_none url}}
      +
      Ingress Settings: {{value_or_none ingress_settings}}
      +
      +
      +

      Bindings:

      +
      +
        + {{#each bindings}} +
      • Role {{role}}
        • +
          + {{#each members}} +
        • {{this}}
          • + {{/each}} +
        + {{else}} +
      • None
        • + {{/each}} +
      +
      diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py index 59f6991df..be5867a9c 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.utils import get_non_provider_id class FunctionsV2(Resources): @@ -14,6 +15,27 @@ async def fetch_all(self): self[function_id] = function def _parse_function(self, raw_function): - print() - print(raw_function) - return None, None + function_dict = {} + + function_dict['id'] = get_non_provider_id(raw_function['name']) + function_dict['name'] = raw_function['name'].split('/')[-1] + function_dict['status'] = raw_function['state'] + function_dict['update_time'] = raw_function['updateTime'] + function_dict['version_id'] = raw_function.get('serviceConfig', {}).get('revision') + + function_dict['runtime'] = raw_function.get('buildConfig', {}).get('runtime') + function_dict['memory'] = raw_function.get('serviceConfig', {}).get('availableMemory') + function_dict['timeout'] = raw_function.get('serviceConfig', {}).get('timeoutSeconds') + function_dict['max_instances'] = raw_function.get('serviceConfig', {}).get('maxInstanceCount') + + function_dict['url'] = raw_function.get('serviceConfig', {}).get('uri') + function_dict['ingress_settings'] = raw_function.get('serviceConfig', {}).get('ingressSettings') + + function_dict['service_account'] = raw_function.get('serviceConfig', {}).get('serviceAccountEmail') + function_dict['bindings'] = raw_function['bindings'] + + function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables') + + function_dict['labels'] = raw_function['labels'] + + return function_dict['id'], function_dict From 55ee5ea0feb6dfdafd28d11e931853c9bbf98a46 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 09:28:47 +0200 Subject: [PATCH 820/979] Add finding --- .../findings/bigquery-dataset-member.json | 21 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 16 ++++++++++++++ 2 files changed, 37 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json diff --git a/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json b/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json new file mode 100755 index 000000000..dd7736e38 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json @@ -0,0 +1,21 @@ +{ + "description": "Dataset Accessible by \"_ARG_0_\"", + "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the dataset's content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a bucket is not allowed.", + "remediation": "Delete any permissions assigned to the allUsers and allAuthenticatedUsers members.", + "dashboard_name": "Datasets", + "display_path": "bigquery.projects.id.datasets.id", + "path": "bigquery.projects.id.datasets.id", + "conditions": [ + "or", + [ + "bigquery.projects.id.datasets.id.bindings", + "containString", + "_ARG_0_" + ] + ], + "key": "bigquery-dataset-_ARG_0_", + "arg_names": [ + "Member" + ], + "id_suffix": "permissions" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 0d09dac10..490c33088 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -1,6 +1,22 @@ { "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", "rules": { + "bigquery-dataset-member.json": [ + { + "args": [ + "allUsers" + ], + "enabled": true, + "level": "danger" + }, + { + "args": [ + "allAuthenticatedUsers" + ], + "enabled": true, + "level": "danger" + } + ], "cloudsql-allows-root-login-from-any-host.json": [ { "enabled": true, From f921014e329970a102532b26a3c4a1bdb427fdb5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 09:33:26 +0200 Subject: [PATCH 821/979] Add finding --- .../findings/bigquery-encryption-no-cmk.json | 16 ++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++++ 2 files changed, 22 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/bigquery-encryption-no-cmk.json diff --git a/ScoutSuite/providers/gcp/rules/findings/bigquery-encryption-no-cmk.json b/ScoutSuite/providers/gcp/rules/findings/bigquery-encryption-no-cmk.json new file mode 100755 index 000000000..3f9c54e87 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/bigquery-encryption-no-cmk.json @@ -0,0 +1,16 @@ +{ + "description": "Dataset Not Encrypted with Customer-Managed Keys (CMKs)", + "rationale": "Encrypting datasets with Cloud KMS Customer-Managed Keys (CMKs) will allow for a more granular control over data encryption/decryption process.", + "dashboard_name": "Datasets", + "display_path": "bigquery.projects.id.datasets.id", + "path": "bigquery.projects.id.datasets.id", + "conditions": [ + "or", + [ + "bigquery.projects.id.datasets.id.default_encryption_configuration", + "null", + "" + ] + ], + "id_suffix": "default_encryption_configuration" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 490c33088..b501f180a 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -17,6 +17,12 @@ "level": "danger" } ], + "bigquery-encryption-no-cmk.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudsql-allows-root-login-from-any-host.json": [ { "enabled": true, From f4f42a77238cbada49d908d80b8b5eb0e3f9534f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 09:50:36 +0200 Subject: [PATCH 822/979] Add finding --- .../findings/functions-v1-allowing-http.json | 18 ++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++++ 2 files changed, 24 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json new file mode 100644 index 000000000..0642c6598 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json @@ -0,0 +1,18 @@ +{ + "description": "Functions Allowing HTTP Traffic (Gen 1)", + "rationale": "Use of a secure protocol (HTTPS) is best practice for encrypted communication. A function allowing HTTP traffic can be vulnerable to eavesdropping and man-in-the-middle attacks.", + "references": [ + "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" + ], + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.security_level", + "notEqual", + "SECURE_ALWAYS" + ] + ], + "id_suffix": "security_level" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index b501f180a..ed07a5958 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -318,6 +318,12 @@ "level": "warning" } ], + "functions-v1-allowing-http.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-gmail-accounts-used.json": [ { "enabled": true, From b8600c07b449a1fc8a21711abcee8e9054ad3234 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 10:49:49 +0200 Subject: [PATCH 823/979] Show potential secrets --- .../gcp/services.functions.projects.id.functions_v1.html | 9 +++++++++ .../gcp/services.functions.projects.id.functions_v2.html | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html index 3fbcfa7a3..b26793d65 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v1.html @@ -24,6 +24,15 @@

      Information

      None {{/if}}
    + {{#if environment_variables_secrets}} +
    Environment Variables Secrets (Potential) +
      + {{#each environment_variables_secrets}} +
    • {{this}}
      • + {{/each}} +
    +
    + {{/if}}

    Trigger

    diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html index 942ee26f5..db099dc2b 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html @@ -24,6 +24,15 @@

    Information

    None {{/if}}
    + {{#if environment_variables_secrets}} +
    Environment Variables Secrets (Potential) +
      + {{#each environment_variables_secrets}} +
    • {{this}}
      • + {{/each}} +
    +
    + {{/if}}

    Trigger

    From 35a63a280605cd4a7f650abef4c9e7a93dbbcb51 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 10:50:13 +0200 Subject: [PATCH 824/979] Check for secrets --- .../providers/gcp/resources/functions/base.py | 1 - .../gcp/resources/functions/functions_v1.py | 2 ++ .../gcp/resources/functions/functions_v2.py | 2 ++ .../gcp/resources/functions/utils.py | 9 +++++++ ScoutSuite/providers/utils.py | 24 +++++++++++++++++-- 5 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 ScoutSuite/providers/gcp/resources/functions/utils.py diff --git a/ScoutSuite/providers/gcp/resources/functions/base.py b/ScoutSuite/providers/gcp/resources/functions/base.py index 0b7cc7c4d..a54612e26 100644 --- a/ScoutSuite/providers/gcp/resources/functions/base.py +++ b/ScoutSuite/providers/gcp/resources/functions/base.py @@ -2,7 +2,6 @@ from ScoutSuite.providers.gcp.resources.functions.functions_v2 import FunctionsV2 from ScoutSuite.providers.gcp.resources.projects import Projects - class Functions(Projects): _children = [ (FunctionsV1, 'functions_v1'), diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 67086cf4a..5ef31f101 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.gcp.resources.functions.utils import get_environment_secrets class FunctionsV1(Resources): @@ -36,6 +37,7 @@ def _parse_function(self, raw_function): function_dict['bindings'] = raw_function['bindings'] function_dict['environment_variables'] = raw_function['environmentVariables'] + function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels'] diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py index be5867a9c..6a73a4d36 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py @@ -1,6 +1,7 @@ from ScoutSuite.providers.base.resources.base import Resources from ScoutSuite.providers.gcp.facade.base import GCPFacade from ScoutSuite.providers.utils import get_non_provider_id +from ScoutSuite.providers.gcp.resources.functions.utils import get_environment_secrets class FunctionsV2(Resources): @@ -35,6 +36,7 @@ def _parse_function(self, raw_function): function_dict['bindings'] = raw_function['bindings'] function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables') + function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels'] diff --git a/ScoutSuite/providers/gcp/resources/functions/utils.py b/ScoutSuite/providers/gcp/resources/functions/utils.py new file mode 100644 index 000000000..759ba7eaa --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/functions/utils.py @@ -0,0 +1,9 @@ +from ScoutSuite.providers.utils import is_secret + +def get_environment_secrets(environment_variables): + secrets = [] + for k, v in environment_variables.items(): + secrets.append(is_secret(k)) + secrets.append(is_secret(v)) + # return None values + return [secret for secret in secrets if secret] diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index b3ea42890..56e9fe130 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -1,6 +1,7 @@ import asyncio -from hashlib import sha1 import inspect +from hashlib import sha1 +import re from ScoutSuite.core.console import print_info from ScoutSuite.providers.aws.utils import is_throttled as aws_is_throttled @@ -29,7 +30,8 @@ async def run_concurrently(function, backoff_seconds=15): if is_throttled(e): source_file = inspect.getsourcefile(function) source_file_line = inspect.getsourcelines(function)[1] - print_info(f'Hitting API rate limiting ({"/".join(source_file.split("/")[-2:])} L{source_file_line}), will retry in {backoff_seconds}s') + print_info( + f'Hitting API rate limiting ({"/".join(source_file.split("/")[-2:])} L{source_file_line}), will retry in {backoff_seconds}s') await asyncio.sleep(backoff_seconds) return await run_concurrently(function, backoff_seconds + 15) else: @@ -123,3 +125,21 @@ def is_throttled(e): return False else: return aws_is_throttled(e) or gcp_is_throttled(e) + + +secret_patterns = \ + { + "Generic Secret": re.compile(".*password.*") + } + + +def is_secret(string): + """ + Given a string, tries to identify if it includes a secret. + :param string: String to evaluate + :return: None if no secret identified, otherwise the type of secret + """ + for secret_type, secret_regex in secret_patterns.items(): + if secret_regex.match(string): + return secret_type + return None From 7fd0af7e51033002ca7a707545a238ac5eb3c3b0 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 10:58:29 +0200 Subject: [PATCH 825/979] Add rules --- ...unctions-v1-environment-variables-secrets.json | 15 +++++++++++++++ ...unctions-v2-environment-variables-secrets.json | 15 +++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 12 ++++++++++++ 3 files changed, 42 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json new file mode 100644 index 000000000..1950df77d --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json @@ -0,0 +1,15 @@ +{ + "description": "Potential Secrets in Function Environment Variables (Gen 1)", + "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.environment_variables_secrets", + "notEmpty", + "" + ] + ], + "id_suffix": "environment_variables_secrets" +} diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json b/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json new file mode 100644 index 000000000..7851a1f34 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json @@ -0,0 +1,15 @@ +{ + "description": "Potential Secrets in Function Environment Variables (Gen 2)", + "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v2.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v2.id.environment_variables_secrets", + "notEmpty", + "" + ] + ], + "id_suffix": "environment_variables_secrets" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index ed07a5958..3ffc7959c 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -324,6 +324,18 @@ "level": "warning" } ], + "functions-v1-environment-variables-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "functions-v2-environment-variables-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-gmail-accounts-used.json": [ { "enabled": true, From e2c2e17b41946d6cc037435d9ad430308e407a2d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 14:36:42 +0200 Subject: [PATCH 826/979] Complete secrets identification implementation --- ...es.functions.projects.id.functions_v2.html | 2 +- .../gcp/resources/functions/utils.py | 1 + ScoutSuite/providers/utils.py | 193 +++++++++++++++++- 3 files changed, 188 insertions(+), 8 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html index db099dc2b..436b9b0e0 100644 --- a/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.functions.projects.id.functions_v2.html @@ -25,7 +25,7 @@

    Information

    {{/if}}
    {{#if environment_variables_secrets}} -
    Environment Variables Secrets (Potential) +
    Environment Variables Secrets (Potential)
      {{#each environment_variables_secrets}}
    • {{this}}
      • diff --git a/ScoutSuite/providers/gcp/resources/functions/utils.py b/ScoutSuite/providers/gcp/resources/functions/utils.py index 759ba7eaa..4355fb506 100644 --- a/ScoutSuite/providers/gcp/resources/functions/utils.py +++ b/ScoutSuite/providers/gcp/resources/functions/utils.py @@ -1,5 +1,6 @@ from ScoutSuite.providers.utils import is_secret + def get_environment_secrets(environment_variables): secrets = [] for k, v in environment_variables.items(): diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index 56e9fe130..3ab8f73b5 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -1,7 +1,7 @@ import asyncio import inspect -from hashlib import sha1 import re +from hashlib import sha1 from ScoutSuite.core.console import print_info from ScoutSuite.providers.aws.utils import is_throttled as aws_is_throttled @@ -127,10 +127,189 @@ def is_throttled(e): return aws_is_throttled(e) or gcp_is_throttled(e) -secret_patterns = \ - { - "Generic Secret": re.compile(".*password.*") - } +secret_patterns = { + "AWS key": + re.compile("(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"), + "Adobe Client ID (Oauth Web)": + re.compile("(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]"), + "Adobe Client Secret": + re.compile("(p8e-)(?i)[a-z0-9]{32}"), + "Alibaba AccessKey ID": + re.compile("(LTAI)(?i)[a-z0-9]{20}"), + "Alibaba Secret Key": + re.compile("(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]"), + "Asana Client ID": + re.compile("(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]"), + "Asana Client Secret": + re.compile("(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]"), + "Atlassian API token": + re.compile("(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]"), + "Beamer API token": + re.compile("(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]"), + "Bitbucket client ID": + re.compile("(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]"), + "Bitbucket client secret": + re.compile("(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]"), + "Clojars API token": + re.compile("(CLOJARS_)(?i)[a-z0-9]{60}"), + "Contentful delivery API token": + re.compile("(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]"), + "Databricks API token": + re.compile("dapi[a-h0-9]{32}"), + "Discord API key": + re.compile("(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]"), + "Discord client ID": + re.compile("(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]"), + "Discord client secret": + re.compile("(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]"), + "Doppler API token": + re.compile("['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]"), + "Dropbox API secret/key": + re.compile("(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]"), + "Dropbox long lived API token": + re.compile( + "(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]"), + "Dropbox short lived API token": + re.compile( + "(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]"), + "Duffel API token": + re.compile("['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]"), + "Dynatrace API token": + re.compile("['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]"), + "EasyPost API token": + re.compile("['\"]EZAK(?i)[a-z0-9]{54}['\"]"), + "EasyPost test API token": + re.compile("['\"]EZTK(?i)[a-z0-9]{54}['\"]"), + "Fastly API token": + re.compile("(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]"), + "Finicity API token": + re.compile("(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]"), + "Finicity client secret": + re.compile("(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]"), + "Flutterwave encrypted key": + re.compile("FLWSECK_TEST[a-h0-9]{12}"), + "Flutterwave public key": + re.compile("FLWPUBK_TEST-(?i)[a-h0-9]{32}-X"), + "Flutterwave secret key": + re.compile("FLWSECK_TEST-(?i)[a-h0-9]{32}-X"), + "Frame.io API token": + re.compile("fio-u-(?i)[a-z0-9\-_=]{64}"), + "Generic API Key": + re.compile( + "((key|api[^Version]|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]"), + "Generic Password": + re.compile("password"), + "Generic Secret": + re.compile("secret"), + "GitHub App Token": + re.compile("(ghu|ghs)_[0-9a-zA-Z]{36}"), + "GitHub OAuth Access Token": + re.compile("gho_[0-9a-zA-Z]{36}"), + "GitHub Personal Access Token": + re.compile("ghp_[0-9a-zA-Z]{36}"), + "GitHub Refresh Token": + re.compile("ghr_[0-9a-zA-Z]{76}"), + "GitLab Personal Access Token": + re.compile("glpat-[0-9a-zA-Z\-\_]{20}"), + "GoCardless API token": + re.compile("['\"]live_(?i)[a-z0-9\-_=]{40}['\"]"), + "Google (GCP) Service-account": + re.compile("\"type\": \"service_account\""), + "Grafana API token": + re.compile("['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]"), + "HashiCorp Terraform user/org API token": + re.compile("['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]"), + "Heroku API Key": + re.compile( + "(heroku[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})['\"]"), + "Intercom API token": + re.compile("(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]"), + "Intercom client secret/ID": + re.compile( + "(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]"), + "Ionic API token": + re.compile("(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]"), + "Linear API token": + re.compile("lin_api_(?i)[a-z0-9]{40}"), + "Linear client secret/ID": + re.compile("(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]"), + "LinkedIn Client ID": + re.compile("(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]"), + "LinkedIn Client secret": + re.compile("(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]"), + "Lob API Key": + re.compile("(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]"), + "Lob Publishable API Key": + re.compile( + "(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]"), + "Mailchimp API key": + re.compile("(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]"), + "Mailgun private API token": + re.compile("(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]"), + "Mailgun public validation key": + re.compile("(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]"), + "Mailgun webhook signing key": + re.compile( + "(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]"), + "MessageBird API token": + re.compile("(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]"), + "New Relic ingest browser API token": + re.compile("['\"](NRJS-[a-f0-9]{19})['\"]"), + "New Relic user API ID": + re.compile("(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]"), + "New Relic user API Key": + re.compile("['\"](NRAK-[A-Z0-9]{27})['\"]"), + "PGP private key": + re.compile("-----BEGIN PGP PRIVATE KEY BLOCK-----"), + "PKCS8 private key": + re.compile("-----BEGIN PRIVATE KEY-----"), + "PlanetScale API token": + re.compile("pscale_tkn_(?i)[a-z0-9\-_\.]{43}"), + "PlanetScale password": + re.compile("pscale_pw_(?i)[a-z0-9\-_\.]{43}"), + "Postman API token": + re.compile("PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}"), + "Pulumi API token": + re.compile("pul-[a-f0-9]{40}"), + "PyPI upload token": + re.compile("pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}"), + "RSA private key": + re.compile("-----BEGIN RSA PRIVATE KEY-----"), + "Rubygem API token": + re.compile("rubygems_[a-f0-9]{48}"), + "SSH (DSA) private key": + re.compile("-----BEGIN DSA PRIVATE KEY-----"), + "SSH (EC) private key": + re.compile("-----BEGIN EC PRIVATE KEY-----"), + "SSH private key": + re.compile("-----BEGIN OPENSSH PRIVATE KEY-----"), + "SendGrid API token": + re.compile("SG\.(?i)[a-z0-9_\-\.]{66}"), + "Sendinblue API token": + re.compile("xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}"), + "Shippo API token": + re.compile("shippo_(live|test)_[a-f0-9]{40}"), + "Shopify access token": + re.compile("shpat_[a-fA-F0-9]{32}"), + "Shopify custom app access token": + re.compile("shpca_[a-fA-F0-9]{32}"), + "Shopify private app access token": + re.compile("shppa_[a-fA-F0-9]{32}"), + "Shopify shared secret": + re.compile("shpss_[a-fA-F0-9]{32}"), + "Slack token": + re.compile("xox[baprs]-([0-9a-zA-Z]{10,48})?"), + "Stripe": + re.compile("(sk|pk)_(test|live)_[0-9a-z]{10,32}"), + "Twitch API token": + re.compile("(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]"), + "Twitter token": + re.compile("(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]"), + "Typeform API token": + re.compile("(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})"), + "npm access token": + re.compile("['\"](npm_(?i)[a-z0-9]{36})['\"]") +} def is_secret(string): @@ -140,6 +319,6 @@ def is_secret(string): :return: None if no secret identified, otherwise the type of secret """ for secret_type, secret_regex in secret_patterns.items(): - if secret_regex.match(string): - return secret_type + if secret_regex.search(string): + return f"{secret_type}: {string}" return None From 76a1958d668ffa114521d9348649d057ef422ca8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:10:24 +0200 Subject: [PATCH 827/979] Add rule --- .../findings/functions-v2-public-endpoint.json | 15 +++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++++ 2 files changed, 21 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json b/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json new file mode 100644 index 000000000..2d5f3d508 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json @@ -0,0 +1,15 @@ +{ + "description": "Public Function Endpoint (Gen 2)", + "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v2.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v2.id.ingress_settings", + "equal", + "ALLOW_ALL" + ] + ], + "id_suffix": "ingress_settings" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 3ffc7959c..d892e7322 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -336,6 +336,12 @@ "level": "warning" } ], + "functions-v2-public-endpoint.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-gmail-accounts-used.json": [ { "enabled": true, From c090068a96e8b2c4d7f1488f2d332c316cda5647 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:14:32 +0200 Subject: [PATCH 828/979] Add rule --- .../rules/findings/functions-v1-member.json | 22 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 16 ++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json new file mode 100644 index 000000000..f83d1e3c3 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json @@ -0,0 +1,22 @@ +{ + "description": "Functions Accessible by \"_ARG_0_\"", + "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the function's configuration and content. This configuration should be restricted to follow the principle of least privilege", + "references": [ + "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" + ], + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.bindings", + "containString", + "_ARG_0_" + ] + ], + "key": "functions-v1-function-_ARG_0_", + "arg_names": [ + "Member" + ], + "id_suffix": "bindings" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index d892e7322..3ef5a1647 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -318,6 +318,22 @@ "level": "warning" } ], + "functions-v1-member.json": [ + { + "args": [ + "allUsers" + ], + "enabled": true, + "level": "danger" + }, + { + "args": [ + "allAuthenticatedUsers" + ], + "enabled": true, + "level": "danger" + } + ], "functions-v1-allowing-http.json": [ { "enabled": true, From 05efd63e28f3ea35e447ca45f868073e054e805d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:14:38 +0200 Subject: [PATCH 829/979] Update prose --- .../providers/gcp/rules/findings/bigquery-dataset-member.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json b/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json index dd7736e38..0a255d0d1 100755 --- a/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json +++ b/ScoutSuite/providers/gcp/rules/findings/bigquery-dataset-member.json @@ -1,6 +1,6 @@ { - "description": "Dataset Accessible by \"_ARG_0_\"", - "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the dataset's content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a bucket is not allowed.", + "description": "Datasets Accessible by \"_ARG_0_\"", + "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the dataset's content. Such access might not be desired if you are storing any sensitive data. Hence, ensure that anonymous and/or public access to a dataset is not allowed.", "remediation": "Delete any permissions assigned to the allUsers and allAuthenticatedUsers members.", "dashboard_name": "Datasets", "display_path": "bigquery.projects.id.datasets.id", From 40997ea01a33c708c62ba11c38cd64ebf779ea88 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:26:54 +0200 Subject: [PATCH 830/979] Fix class element --- .../html/partials/aws/services.iam.credential_reports.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index 00e9b9968..2a33dc8ed 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -14,10 +14,10 @@

      Credentials Report

      MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
      Hardware MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active_hardware'}}
      Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
      -
      Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
      +
      Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
      Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
      Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
      -
      Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
      +
      Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
      Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
      Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
      Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
      From b014ce4ab600692c7e763307e3195bebe9abd640 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:40:49 +0200 Subject: [PATCH 831/979] Add rule --- .../functions-v1-public-endpoint.json | 26 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 +++++ 2 files changed, 32 insertions(+) create mode 100644 ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json new file mode 100644 index 000000000..ee1b4d765 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json @@ -0,0 +1,26 @@ +{ + "description": "Public Function Endpoint (Gen 1)", + "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", + "dashboard_name": "Functions", + "display_path": "functions.projects.id.functions_v1.id", + "path": "functions.projects.id.functions_v1.id.bindings.id", + "conditions": [ + "and", + [ + "functions.projects.id.functions_v1.id.ingress_settings", + "equal", + "ALLOW_ALL" + ], + [ + "functions.projects.id.functions_v1.id.bindings.id.role", + "equal", + "roles/viewer" + ], + [ + "functions.projects.id.functions_v1.id.bindings.id.members", + "containString", + "allUsers" + ] + ], + "id_suffix": "ingress_settings" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 3ef5a1647..d33c01e5d 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -352,6 +352,12 @@ "level": "warning" } ], + "functions-v1-public-endpoint.json": [ + { + "enabled": true, + "level": "warning" + } + ], "functions-v2-public-endpoint.json": [ { "enabled": true, From af5feb8b958a2f2442d1071abbc104fb5971cb3b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 15:55:44 +0200 Subject: [PATCH 832/979] Add rule --- ...age-bucket-no-public-access-prevention.json | 18 ++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 6 ++++++ 2 files changed, 24 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json new file mode 100755 index 000000000..929028daf --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json @@ -0,0 +1,18 @@ +{ + "description": "Bucket with Private Access Prevention not Enforced", + "rationale": "TODO", + "references": [ + "https://cloud.google.com/storage/docs/public-access-prevention" + ], + "dashboard_name": "Buckets", + "path": "cloudstorage.projects.id.buckets.id", + "conditions": [ + "and", + [ + "cloudstorage.projects.id.buckets.id.public_access_prevention", + "notEqual", + "enforced" + ] + ], + "id_suffix": "public_access_prevention" +} diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index d33c01e5d..1d81fa556 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -153,6 +153,12 @@ "level": "warning" } ], + "cloudstorage-bucket-no-public-access-prevention.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudstorage-uniform-bucket-level-access-disabled.json": [ { "enabled": true, From 4f1c41a124adf4476e742ff926334e751b8e9f6a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 16:00:02 +0200 Subject: [PATCH 833/979] Add field --- .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 1 + ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html index 373168c6a..3147a55a4 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html @@ -12,6 +12,7 @@

      Information

      Storage Class: {{storage_class}}
      Logging: {{convert_bool_to_enabled logging_enabled}}
      Versioning: {{convert_bool_to_enabled versioning_enabled}}
      +
      Public Access Prevention: {{convert_bool_to_enabled public_access_prevention}}
      Uniform Bucket-Level Access: {{convert_bool_to_enabled uniform_bucket_level_access}}
    diff --git a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py index 9c3dff437..8e813e6e2 100755 --- a/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py +++ b/ScoutSuite/providers/gcp/resources/cloudstorage/buckets.py @@ -27,6 +27,8 @@ def _parse_bucket(self, raw_bucket): bucket_dict['versioning_enabled'] = raw_bucket.versioning_enabled bucket_dict['logging_enabled'] = raw_bucket.logging is not None + bucket_dict['public_access_prevention'] = raw_bucket.iam_configuration.public_access_prevention + iam_configuration = raw_bucket.iam_configuration.get('uniformBucketLevelAccess') or \ raw_bucket.iam_configuration.get('bucketPolicyOnly') if iam_configuration: From 515d0490fad3d6d33c529040dc0c44d678e28de4 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 16:01:38 +0200 Subject: [PATCH 834/979] Add prose --- .../cloudstorage-bucket-no-public-access-prevention.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json index 929028daf..5bd2dd2a0 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json @@ -1,6 +1,6 @@ { "description": "Bucket with Private Access Prevention not Enforced", - "rationale": "TODO", + "rationale": "Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. When you enforce public access prevention, no one can make data in applicable buckets public through IAM policies or ACLs.

    Note that even if a bucket does not have public access prevention explicitly enforced in its settings, it might still inherit public access prevention, which occurs if the organization policy constraint storage.publicAccessPrevention is set on the project, folder, or organization that the bucket exists within. For this reason, the bucket state can only be set to enforced or inherited.", "references": [ "https://cloud.google.com/storage/docs/public-access-prevention" ], From 9f51fb96f4daa438b7bd070dac51e837ed1d0ba5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 16:01:46 +0200 Subject: [PATCH 835/979] Better presentation --- .../partials/gcp/services.cloudstorage.projects.id.buckets.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html index 3147a55a4..0256d60a7 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.cloudstorage.projects.id.buckets.html @@ -12,7 +12,7 @@

    Information

    Storage Class: {{storage_class}}
    Logging: {{convert_bool_to_enabled logging_enabled}}
    Versioning: {{convert_bool_to_enabled versioning_enabled}}
    -
    Public Access Prevention: {{convert_bool_to_enabled public_access_prevention}}
    +
    Public Access Prevention: {{public_access_prevention}}
    Uniform Bucket-Level Access: {{convert_bool_to_enabled uniform_bucket_level_access}}
    From 8018698c93f56425d42a64861444ac91ef0ba91b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 16:22:19 +0200 Subject: [PATCH 836/979] Sorted rulesets --- .../gcp/rules/rulesets/cis-1.1.0.json | 86 +++++------ .../providers/gcp/rules/rulesets/default.json | 144 +++++++++--------- 2 files changed, 115 insertions(+), 115 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json index d243b018d..56d2e12c0 100644 --- a/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/cis-1.1.0.json @@ -1,37 +1,37 @@ { "about": "This ruleset attempts to cover as many recommendations from the CIS Google Cloud Platform Foundation v1.1.0.", "rules": { - "cloudsql-postgresql-instances-log-checkpoints-off.json": [ + "cloudsql-instances-public-ips.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "cloudsql-postgresql-instances-log-connections-off.json": [ + "cloudsql-mysql-instances-local-infile-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-disconnections-off.json": [ + "cloudsql-postgresql-instances-log-checkpoints-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-lock-waits-off.json": [ + "cloudsql-postgresql-instances-log-connections-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ + "cloudsql-postgresql-instances-log-disconnections-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-temp-files-not-set-0.json": [ + "cloudsql-postgresql-instances-log-lock-waits-off.json": [ { "enabled": true, "level": "warning" @@ -43,25 +43,25 @@ "level": "warning" } ], - "cloudsql-instances-public-ips.json": [ + "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ + "cloudsql-postgresql-instances-log-temp-files-not-set-0.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-mysql-instances-local-infile-on.json": [ + "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ + "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ { "enabled": true, "level": "warning" @@ -73,31 +73,31 @@ "level": "warning" } ], - "computeengine-instance-default-service-account.json": [ + "computeengine-instance-block-project-ssh-keys-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-full-api-access.json": [ + "computeengine-instance-connecting-serial-ports-enabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-block-project-ssh-keys-disabled.json": [ + "computeengine-instance-default-service-account.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-os-login-disabled.json": [ + "computeengine-instance-disk-not-csek-encrypted.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-connecting-serial-ports-enabled.json": [ + "computeengine-instance-full-api-access.json": [ { "enabled": true, "level": "warning" @@ -109,85 +109,85 @@ "level": "warning" } ], - "computeengine-instance-shielded-vm-disabled.json": [ + "computeengine-instance-os-login-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-default-in-use.json": [ + "computeengine-instance-public-ip-adresses.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-legacy-in-use.json": [ + "computeengine-instance-shielded-vm-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-disk-not-csek-encrypted.json": [ + "computeengine-network-default-in-use.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-public-ip-adresses.json": [ + "computeengine-network-legacy-in-use.json": [ { "enabled": true, "level": "warning" } ], - "iam-role-account-separation-duties-is-false.json": [ + "dns-zones-dnssec-not-enabled.json": [ { "enabled": true, "level": "warning" } ], - "iam-role-kms-separation-duties-is-false.json": [ + "dns-zones-key-signing-key-using-rsasha1": [ { "enabled": true, "level": "warning" } ], - "kms-cryptokeys-anonymously-publicly-accessible.json": [ + "dns-zones-zone-signing-key-using-rsasha1": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "kms-encryption-keys-not-rotated.json": [ + "iam-role-account-separation-duties-is-false.json": [ { "enabled": true, "level": "warning" } ], - "dns-zones-dnssec-not-enabled.json": [ + "iam-role-kms-separation-duties-is-false.json": [ { "enabled": true, "level": "warning" } ], - "dns-zones-key-signing-key-using-rsasha1": [ + "kms-cryptokeys-anonymously-publicly-accessible.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "dns-zones-zone-signing-key-using-rsasha1": [ + "kms-encryption-keys-not-rotated.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ + "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" @@ -199,13 +199,13 @@ "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" @@ -217,25 +217,25 @@ "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ + "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" @@ -247,13 +247,13 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" @@ -265,13 +265,13 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 1d81fa556..7ae68b10b 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -59,49 +59,49 @@ "level": "warning" } ], - "cloudsql-postgresql-instances-log-checkpoints-off.json": [ + "cloudsql-instances-public-ips.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "cloudsql-postgresql-instances-log-connections-off.json": [ + "cloudsql-mysql-instances-local-infile-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-disconnections-off.json": [ + "cloudsql-postgresql-instances-log-checkpoints-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-lock-waits-off.json": [ + "cloudsql-postgresql-instances-log-connections-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-instances-public-ips.json": [ + "cloudsql-postgresql-instances-log-disconnections-off.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ + "cloudsql-postgresql-instances-log-lock-waits-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ + "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ + "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ { "enabled": true, "level": "warning" @@ -113,13 +113,13 @@ "level": "warning" } ], - "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ + "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-mysql-instances-local-infile-on.json": [ + "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ { "enabled": true, "level": "warning" @@ -147,25 +147,19 @@ "level": "warning" } ], - "cloudstorage-bucket-no-versioning.json": [ - { - "enabled": true, - "level": "warning" - } - ], "cloudstorage-bucket-no-public-access-prevention.json": [ { "enabled": true, "level": "warning" } ], - "cloudstorage-uniform-bucket-level-access-disabled.json": [ + "cloudstorage-bucket-no-versioning.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-vpc-flow-logs-disabled.json": [ + "cloudstorage-uniform-bucket-level-access-disabled.json": [ { "enabled": true, "level": "warning" @@ -216,91 +210,97 @@ "level": "warning" } ], - "computeengine-instance-disk-with-no-snapshot.json": [ + "computeengine-instance-block-project-ssh-keys-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-with-deletion-protection-disabled.json": [ + "computeengine-instance-connecting-serial-ports-enabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-with-no-instances.json": [ + "computeengine-instance-default-service-account.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-default-in-use.json": [ + "computeengine-instance-disk-not-csek-encrypted.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-legacy-in-use.json": [ + "computeengine-instance-disk-with-no-snapshot.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-old-disk-snapshot.json": [ + "computeengine-instance-full-api-access.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-default-service-account.json": [ + "computeengine-instance-ip-forwarding-enabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-full-api-access.json": [ + "computeengine-instance-os-login-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-block-project-ssh-keys-disabled.json": [ + "computeengine-instance-public-ip-adresses.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-os-login-disabled.json": [ + "computeengine-instance-shielded-vm-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-connecting-serial-ports-enabled.json": [ + "computeengine-instance-with-deletion-protection-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-ip-forwarding-enabled.json": [ + "computeengine-network-default-in-use.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-shielded-vm-disabled.json": [ + "computeengine-network-legacy-in-use.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-public-ip-adresses.json": [ + "computeengine-network-with-no-instances.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-disk-not-csek-encrypted.json": [ + "computeengine-old-disk-snapshot.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-vpc-flow-logs-disabled.json": [ { "enabled": true, "level": "warning" @@ -324,6 +324,18 @@ "level": "warning" } ], + "functions-v1-allowing-http.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "functions-v1-environment-variables-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], "functions-v1-member.json": [ { "args": [ @@ -340,55 +352,55 @@ "level": "danger" } ], - "functions-v1-allowing-http.json": [ + "functions-v1-public-endpoint.json": [ { "enabled": true, "level": "warning" } ], - "functions-v1-environment-variables-secrets.json": [ + "functions-v2-environment-variables-secrets.json": [ { "enabled": true, "level": "warning" } ], - "functions-v2-environment-variables-secrets.json": [ + "functions-v2-public-endpoint.json": [ { "enabled": true, "level": "warning" } ], - "functions-v1-public-endpoint.json": [ + "iam-gmail-accounts-used.json": [ { "enabled": true, "level": "warning" } ], - "functions-v2-public-endpoint.json": [ + "iam-lack-of-service-account-key-rotation.json": [ { "enabled": true, "level": "warning" } ], - "iam-gmail-accounts-used.json": [ + "iam-primitive-role-in-use.json": [ { "enabled": true, "level": "warning" } ], - "iam-lack-of-service-account-key-rotation.json": [ + "iam-role-account-separation-duties-is-false.json": [ { "enabled": true, "level": "warning" } ], - "iam-primitive-role-in-use.json": [ + "iam-role-assigned-to-user.json": [ { "enabled": true, "level": "warning" } ], - "iam-role-assigned-to-user.json": [ + "iam-role-kms-separation-duties-is-false.json": [ { "enabled": true, "level": "warning" @@ -430,18 +442,6 @@ "level": "warning" } ], - "iam-role-account-separation-duties-is-false.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-role-kms-separation-duties-is-false.json": [ - { - "enabled": true, - "level": "warning" - } - ], "kms-cryptokeys-anonymously-publicly-accessible.json": [ { "enabled": true, @@ -580,67 +580,67 @@ "level": "warning" } ], - "stackdriverlogging-no-export-sinks.json": [ + "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ + "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ + "stackdriverlogging-no-export-sinks.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ + "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" @@ -652,13 +652,13 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" @@ -670,17 +670,17 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" } ] } -} \ No newline at end of file +} From 6d1dd81432974330c006671e18c856f8cd476b8a Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Wed, 18 May 2022 16:33:46 +0200 Subject: [PATCH 837/979] Sorted rulesets --- .../azure/rules/rulesets/cis-1.0.0.json | 12 +- .../azure/rules/rulesets/cis-1.2.0.json | 684 +++++++++--------- .../azure/rules/rulesets/default.json | 192 +++-- .../providers/gcp/rules/rulesets/default.json | 174 ++--- 4 files changed, 530 insertions(+), 532 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json index c6ced6ece..2ac6d5032 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.0.0.json @@ -1,6 +1,12 @@ { "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.0.0.", "rules": { + "network-security-groups-rule-inbound-service-mssql.json": [ + { + "enabled": true, + "level": "warning" + } + ], "network-security-groups-rule-inbound-service.json": [ { "args": [ @@ -21,12 +27,6 @@ "level": "warning" } ], - "network-security-groups-rule-inbound-service-mssql.json": [ - { - "enabled": true, - "level": "warning" - } - ], "network-watcher-not-enabled.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index d0bf9df8f..7f7d70a3f 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -1,345 +1,345 @@ { - "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", - "rules": { - "aad-users-create-security-groups-disabled.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "keyvault-not-recoverable.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "storageaccount-encrypted-not-customer-managed.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "storageaccount-soft-delete-enabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "network-security-groups-rule-inbound-service-udp.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-managed-disks.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-os-data-encrypted-cmk.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-unattached-disks-encrypted-cmk.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "rbac-custom-subscription-owner-role-not-allowed.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "rbac-administering-resource-locks-assigned.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "sqldatabase-databases-no-auditing.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-databases-no-transparent-data-encryption.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-databases-threat-detection-low-retention.json": [ - { - "args": [ - "90" - ], - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-checkpoints-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-allow-any-ip.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-connections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-disconnections-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-duration-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-connection-throttling-not-on.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-log-retention-days-less-than-4.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "postgresql-database-servers-ssl-enforcement-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-authentication-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-vulnerability-assessments-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-allow-any-ip.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-client-certificates-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-http-2-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "mysql-database-servers-ssl-enforcement-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-http-allowed.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "appservice-managed-service-identities-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "securitycenter-settings-MCAS-integration-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "securitycenter-settings-WDATP-integration-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-log-alert-not-exist-nsg.json": [ - { - "args": [ - "Create/Update Network Security Group", - "5.2.2", - "create_update_NSG_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Network Security Group", - "5.2.3", - "delete_NSG_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Create/Update Network Security Group Rule", - "5.2.4", - "create_update_NSG_rule_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Network Security Group Rule", - "5.2.5", - "delete_NSG_rule_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Create/Update/Delete SQL Server Firewall Rule", - "5.2.8", - "create_delete_firewall_rule_exist" - ], - "enabled": true, - "level": "warning" - } - ], - "appservice-outdated-version-dotnet.json": [ - { - "enabled": true, - "level": "warning" - } - ] - }, - "logging-monitoring-log-alert-not-exist-security-solution.json": [ - { - "args": [ - "Create/Update Security Solution", - "5.2.6", - "create_update_security_solution_exist" - ], - "enabled": true, - "level": "warning" - }, - { - "args": [ - "Delete Security Solution", - "5.2.7", - "delete_security_solution_exist" - ], - "enabled": true, - "level": "warning" - } - ], - "appservice-outdated-version-java.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-logging-key-vault-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-outdated-version-php.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-diagnostic-setting-does-not-exist.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-outdated-version-python.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "logging-monitoring-profile-does-not-capture-all-activities.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-tls-v1-supported.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "appservice-ftp-deployment-enabled.json": [ - { - "enabled": true, - "level": "warning" + "about": "This ruleset covers most of the recommendations from the CIS Microsoft Azure Foundation v1.2.0.", + "appservice-ftp-deployment-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-java.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-php.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-python.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-tls-v1-supported.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-security-solution.json": [ + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-logging-key-vault-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-profile-does-not-capture-all-activities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rules": { + "aad-users-create-security-groups-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "appservice-authentication-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-client-certificates-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-http-2-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-http-allowed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "appservice-managed-service-identities-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "appservice-outdated-version-dotnet.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "keyvault-not-recoverable.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-nsg.json": [ + { + "args": [ + "Create/Update Network Security Group", + "5.2.2", + "create_update_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group", + "5.2.3", + "delete_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update Network Security Group Rule", + "5.2.4", + "create_update_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group Rule", + "5.2.5", + "delete_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update/Delete SQL Server Firewall Rule", + "5.2.8", + "create_delete_firewall_rule_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "mysql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "network-security-groups-rule-inbound-service-udp.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-allow-any-ip.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-connection-throttling-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-checkpoints-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-connections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-disconnections-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-duration-not-on.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-log-retention-days-less-than-4.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "postgresql-database-servers-ssl-enforcement-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-administering-resource-locks-assigned.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "rbac-custom-subscription-owner-role-not-allowed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "securitycenter-settings-MCAS-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "securitycenter-settings-WDATP-integration-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-allow-any-ip.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-databases-no-auditing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-databases-no-transparent-data-encryption.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-databases-threat-detection-low-retention.json": [ + { + "args": [ + "90" + ], + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-assessments-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "storageaccount-encrypted-not-customer-managed.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "storageaccount-soft-delete-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-managed-disks.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-os-data-encrypted-cmk.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "virtual-machines-unattached-disks-encrypted-cmk.json": [ + { + "enabled": true, + "level": "warning" + } + ] } - ] } diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index 0aa113c0f..a462057cc 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -25,22 +25,22 @@ "level": "warning" } ], - "appservice-http-2-disabled.json": [ + "appservice-ftp-deployment-enabled.json": [ { "enabled": true, "level": "warning" } ], - "appservice-http-allowed.json": [ + "appservice-http-2-disabled.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "appservice-ftp-deployment-enabled.json": [ + "appservice-http-allowed.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], "appservice-managed-service-identities-disabled.json": [ @@ -86,7 +86,13 @@ } ], "keyvault-not-recoverable.json": [ - { + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { "enabled": true, "level": "warning" } @@ -134,7 +140,7 @@ "enabled": true, "level": "warning" }, - { + { "args": [ "Create/Update/Delete SQL Server Firewall Rule", "5.2.8", @@ -170,13 +176,13 @@ "level": "warning" } ], - "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + "logging-monitoring-profile-does-not-capture-all-activities.json": [ { "enabled": true, "level": "warning" } ], - "logging-monitoring-profile-does-not-capture-all-activities.json": [ + "mysql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, "level": "warning" @@ -188,6 +194,18 @@ "level": "danger" } ], + "network-security-groups-rule-inbound-service-mssql.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "network-security-groups-rule-inbound-service-udp.json": [ + { + "enabled": true, + "level": "warning" + } + ], "network-security-groups-rule-inbound-service.json": [ { "args": [ @@ -208,145 +226,139 @@ "level": "warning" } ], - "network-security-groups-rule-inbound-service-mssql.json": [ + "network-watcher-not-enabled.json": [ { "enabled": true, "level": "warning" } ], - "network-security-groups-rule-inbound-service-udp.json": [ + "network-watcher-not-provisioned.json": [ { "enabled": true, "level": "warning" } ], - "network-watcher-not-enabled.json": [ + "postgresql-database-servers-allow-any-ip.json": [ { "enabled": true, "level": "warning" } ], - "network-watcher-not-provisioned.json": [ + "postgresql-database-servers-connection-throttling-not-on.json": [ { "enabled": true, "level": "warning" } ], - "rbac-custom-subscription-owner-role-not-allowed.json": [ + "postgresql-database-servers-log-checkpoints-not-on.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "rbac-administering-resource-locks-assigned.json": [ + "postgresql-database-servers-log-connections-not-on.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "securitycenter-auto-provisioning-off.json": [ + "postgresql-database-servers-log-disconnections-not-on.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-security-contacts-email-not-set.json": [ + "postgresql-database-servers-log-duration-not-on.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-security-contacts-no-admin-email-notifications.json": [ + "postgresql-database-servers-log-retention-days-less-than-4.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-security-contacts-no-email-notifications.json": [ + "postgresql-database-servers-ssl-enforcement-disabled.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-security-contacts-not-set.json": [ + "rbac-administering-resource-locks-assigned.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "securitycenter-security-contacts-phone-not-set.json": [ + "rbac-custom-subscription-owner-role-not-allowed.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "securitycenter-standard-tier-not-enabled.json": [ + "securitycenter-auto-provisioning-off.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-settings-MCAS-integration-disabled.json": [ + "securitycenter-security-contacts-email-not-set.json": [ { "enabled": true, "level": "warning" } ], - "securitycenter-settings-WDATP-integration-disabled.json": [ - { + "securitycenter-security-contacts-no-admin-email-notifications.json": [ + { "enabled": true, "level": "warning" } ], - "sqldatabase-databases-auditing-low-retention.json": [ + "securitycenter-security-contacts-no-email-notifications.json": [ { - "args": [ - "90" - ], "enabled": true, "level": "warning" } ], - "sqldatabase-databases-no-auditing.json": [ + "securitycenter-security-contacts-not-set.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-databases-no-threat-detection.json": [ + "securitycenter-security-contacts-phone-not-set.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-databases-no-transparent-data-encryption.json": [ + "securitycenter-settings-MCAS-integration-disabled.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-databases-threat-detection-disabled-alerts.json": [ + "securitycenter-settings-WDATP-integration-disabled.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-databases-threat-detection-low-retention.json": [ + "securitycenter-standard-tier-not-enabled.json": [ { - "args": [ - "90" - ], "enabled": true, "level": "warning" } ], - "sqldatabase-databases-threat-detection-send-alerts-disabled.json": [ + "sqldatabase-allow-any-ip.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-auditing-low-retention.json": [ + "sqldatabase-databases-auditing-low-retention.json": [ { "args": [ "90" @@ -355,31 +367,31 @@ "level": "warning" } ], - "sqldatabase-servers-no-ad-admin-configured.json": [ + "sqldatabase-databases-no-auditing.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-no-auditing.json": [ + "sqldatabase-databases-no-threat-detection.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-no-threat-detection.json": [ + "sqldatabase-databases-no-transparent-data-encryption.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-threat-detection-disabled-alerts.json": [ + "sqldatabase-databases-threat-detection-disabled-alerts.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-threat-detection-low-retention.json": [ + "sqldatabase-databases-threat-detection-low-retention.json": [ { "args": [ "90" @@ -388,50 +400,52 @@ "level": "warning" } ], - "sqldatabase-servers-threat-detection-send-alerts-disabled.json": [ + "sqldatabase-databases-threat-detection-send-alerts-disabled.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-vulnerability-assessments-disabled.json": [ - { + "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ + { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ + "sqldatabase-servers-auditing-low-retention.json": [ { + "args": [ + "90" + ], "enabled": true, "level": "warning" } ], - "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ - { + "sqldatabase-servers-no-ad-admin-configured.json": [ + { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json": [ - + "sqldatabase-servers-no-auditing.json": [ { "enabled": true, "level": "warning" } ], - "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ - { + "sqldatabase-servers-no-threat-detection.json": [ + { "enabled": true, "level": "warning" } ], - "sqldatabase-allow-any-ip.json": [ + "sqldatabase-servers-threat-detection-disabled-alerts.json": [ { "enabled": true, "level": "warning" } ], - "storageaccount-access-keys-not-rotated.json": [ + "sqldatabase-servers-threat-detection-low-retention.json": [ { "args": [ "90" @@ -440,122 +454,106 @@ "level": "warning" } ], - "storageaccount-account-allowing-clear-text.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "storageaccount-public-blob-container.json": [ - { - "enabled": true, - "level": "danger" - } - ], - "storageaccount-public-traffic-allowed.json": [ + "sqldatabase-servers-threat-detection-send-alerts-disabled.json": [ { "enabled": true, "level": "warning" } ], - "storageaccount-trusted-microsoft-services.json": [ + "sqldatabase-servers-vulnerability-assessments-disabled.json": [ { "enabled": true, "level": "warning" } ], - "storageaccount-soft-delete-enabled.json": [ + "sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json": [ { "enabled": true, "level": "warning" } ], - "storageaccount-encrypted-not-customer-managed.json": [ + "sqldatabase-servers-vulnerability-recurring-scans-disabled.json": [ { "enabled": true, "level": "warning" } ], - "virtual-machines-disk-encryption.json": [ + "sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json": [ { "enabled": true, "level": "warning" } ], - "virtual-machines-extensions-installed.json": [ + "storageaccount-access-keys-not-rotated.json": [ { + "args": [ + "90" + ], "enabled": true, "level": "warning" } ], - "virtual-machines-managed-disks.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "virtual-machines-os-data-encrypted-cmk.json": [ + "storageaccount-account-allowing-clear-text.json": [ { "enabled": true, "level": "warning" } ], - "virtual-machines-unattached-disks-encrypted-cmk.json": [ + "storageaccount-encrypted-not-customer-managed.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-log-checkpoints-not-on.json": [ + "storageaccount-public-blob-container.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "postgresql-database-servers-log-connections-not-on.json": [ + "storageaccount-public-traffic-allowed.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-log-disconnections-not-on.json": [ + "storageaccount-soft-delete-enabled.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-log-duration-not-on.json": [ + "storageaccount-trusted-microsoft-services.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-connection-throttling-not-on.json": [ + "virtual-machines-disk-encryption.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-log-retention-days-less-than-4.json": [ + "virtual-machines-extensions-installed.json": [ { "enabled": true, "level": "warning" } ], - "postgresql-database-servers-allow-any-ip.json": [ + "virtual-machines-managed-disks.json": [ { "enabled": true, "level": "warning" } ], - - "postgresql-database-servers-ssl-enforcement-disabled.json": [ + "virtual-machines-os-data-encrypted-cmk.json": [ { "enabled": true, "level": "warning" } ], - "mysql-database-servers-ssl-enforcement-disabled.json": [ + "virtual-machines-unattached-disks-encrypted-cmk.json": [ { "enabled": true, "level": "warning" diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index e93d20a59..ed3755b01 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -35,13 +35,13 @@ "level": "warning" } ], - "cloudsql-instance-is-open-to-the-world.json": [ + "cloudsql-instance-is-open-to-public-range.json": [ { "enabled": true, "level": "danger" } ], - "cloudsql-instance-is-open-to-public-range.json": [ + "cloudsql-instance-is-open-to-the-world.json": [ { "enabled": true, "level": "danger" @@ -65,49 +65,49 @@ "level": "warning" } ], - "cloudsql-postgresql-instances-log-checkpoints-off.json": [ + "cloudsql-instances-public-ips.json": [ { "enabled": true, - "level": "warning" + "level": "danger" } ], - "cloudsql-postgresql-instances-log-connections-off.json": [ + "cloudsql-mysql-instances-local-infile-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-disconnections-off.json": [ + "cloudsql-postgresql-instances-log-checkpoints-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-lock-waits-off.json": [ + "cloudsql-postgresql-instances-log-connections-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-instances-public-ips.json": [ + "cloudsql-postgresql-instances-log-disconnections-off.json": [ { "enabled": true, - "level": "danger" + "level": "warning" } ], - "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ + "cloudsql-postgresql-instances-log-lock-waits-off.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ + "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ + "cloudsql-postgresql-instances-log-min-messages-not-set.json": [ { "enabled": true, "level": "warning" @@ -119,13 +119,13 @@ "level": "warning" } ], - "cloudsql-postgresql-instances-log-min-duration-not-set-1.json": [ + "cloudsql-sqlservers-instances-contained-database-authentication-on.json": [ { "enabled": true, "level": "warning" } ], - "cloudsql-mysql-instances-local-infile-on.json": [ + "cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json": [ { "enabled": true, "level": "warning" @@ -165,12 +165,6 @@ "level": "warning" } ], - "computeengine-vpc-flow-logs-disabled.json": [ - { - "enabled": true, - "level": "warning" - } - ], "computeengine-firewall-default-rule-in-use.json": [ { "enabled": true, @@ -216,91 +210,97 @@ "level": "warning" } ], - "computeengine-instance-disk-with-no-snapshot.json": [ + "computeengine-instance-block-project-ssh-keys-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-with-deletion-protection-disabled.json": [ + "computeengine-instance-connecting-serial-ports-enabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-with-no-instances.json": [ + "computeengine-instance-default-service-account.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-default-in-use.json": [ + "computeengine-instance-disk-not-csek-encrypted.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-network-legacy-in-use.json": [ + "computeengine-instance-disk-with-no-snapshot.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-old-disk-snapshot.json": [ + "computeengine-instance-full-api-access.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-default-service-account.json": [ + "computeengine-instance-ip-forwarding-enabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-full-api-access.json": [ + "computeengine-instance-os-login-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-block-project-ssh-keys-disabled.json": [ + "computeengine-instance-public-ip-adresses.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-os-login-disabled.json": [ + "computeengine-instance-shielded-vm-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-connecting-serial-ports-enabled.json": [ + "computeengine-instance-with-deletion-protection-disabled.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-ip-forwarding-enabled.json": [ + "computeengine-network-default-in-use.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-shielded-vm-disabled.json": [ + "computeengine-network-legacy-in-use.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-public-ip-adresses.json": [ + "computeengine-network-with-no-instances.json": [ { "enabled": true, "level": "warning" } ], - "computeengine-instance-disk-not-csek-encrypted.json": [ + "computeengine-old-disk-snapshot.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-vpc-flow-logs-disabled.json": [ { "enabled": true, "level": "warning" @@ -388,7 +388,7 @@ "level": "warning" } ], - "iam-role-assigned-to-user.json": [ + "iam-role-account-separation-duties-is-false.json": [ { "enabled": true, "level": "warning" @@ -400,6 +400,18 @@ "level": "danger" } ], + "iam-role-assigned-to-user.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "iam-role-kms-separation-duties-is-false.json": [ + { + "enabled": true, + "level": "warning" + } + ], "iam-sa-has-admin-privileges.json": [ { "enabled": true, @@ -436,18 +448,6 @@ "level": "warning" } ], - "iam-role-account-separation-duties-is-false.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "iam-role-kms-separation-duties-is-false.json": [ - { - "enabled": true, - "level": "warning" - } - ], "kms-cryptokeys-anonymously-publicly-accessible.json": [ { "enabled": true, @@ -478,139 +478,139 @@ "level": "warning" } ], - "kubernetesengine-cluster-has-no-labels.json": [ + "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-logging-disabled.json": [ + "kubernetesengine-cluster-binary-authorization-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-master-authorized-networks-disabled.json": [ + "kubernetesengine-cluster-has-no-labels.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-monitoring-disabled.json": [ + "kubernetesengine-cluster-logging-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-network-policy-disabled.json": [ + "kubernetesengine-cluster-master-authorized-networks-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + "kubernetesengine-cluster-metadata-server-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-private-google-access-disabled.json": [ + "kubernetesengine-cluster-monitoring-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-dashboard-enabled.json": [ + "kubernetesengine-cluster-network-policy-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-default-service-account-used.json": [ + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-legacy-abac-enabled.json": [ + "kubernetesengine-cluster-private-endpoint-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-release-channel.json": [ + "kubernetesengine-cluster-private-google-access-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-shielded-nodes-disabled.json": [ + "kubernetesengine-cluster-release-channel.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-binary-authorization-disabled.json": [ + "kubernetesengine-cluster-shielded-nodes-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ + "kubernetesengine-cluster-workload-identity-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-node-auto-repair-disabled.json": [ + "kubernetesengine-dashboard-enabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-node-secure-boot-disabled.json": [ + "kubernetesengine-default-service-account-used.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-node-integrity-monitoring-disabled.json": [ + "kubernetesengine-legacy-abac-enabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-workload-identity-disabled.json": [ + "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-metadata-server-disabled.json": [ + "kubernetesengine-node-auto-repair-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ + "kubernetesengine-node-auto-upgrade-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-node-auto-upgrade-disabled.json": [ + "kubernetesengine-node-container-optimized-os-not-used.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-node-container-optimized-os-not-used.json": [ + "kubernetesengine-node-integrity-monitoring-disabled.json": [ { "enabled": true, "level": "warning" } ], - "kubernetesengine-cluster-private-endpoint-disabled.json": [ + "kubernetesengine-node-secure-boot-disabled.json": [ { "enabled": true, "level": "warning" @@ -640,67 +640,67 @@ "level": "warning" } ], - "stackdriverlogging-no-export-sinks.json": [ + "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ + "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json": [ + "stackdriverlogging-no-export-sinks.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ + "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ { "enabled": true, "level": "warning" @@ -712,13 +712,13 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ { "enabled": true, "level": "warning" @@ -730,17 +730,17 @@ "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json": [ { "enabled": true, "level": "warning" } ], - "stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json": [ + "stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json": [ { "enabled": true, "level": "warning" } ] } -} \ No newline at end of file +} From ed9b74cdcde46d25a2f5099b606762bd85bc11d0 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 20 May 2022 18:10:48 +0200 Subject: [PATCH 838/979] Add latest policies --- .../aws/rules/findings/elb-older-ssl-policy.json | 9 ++++++++- .../aws/rules/findings/elbv2-older-ssl-policy.json | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/elb-older-ssl-policy.json b/ScoutSuite/providers/aws/rules/findings/elb-older-ssl-policy.json index 34d0bf227..10d7a1216 100644 --- a/ScoutSuite/providers/aws/rules/findings/elb-older-ssl-policy.json +++ b/ScoutSuite/providers/aws/rules/findings/elb-older-ssl-policy.json @@ -21,7 +21,14 @@ "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2019-08", - "ELBSecurityPolicy-FS-1-2-Res-2020-10" + "ELBSecurityPolicy-FS-1-2-Res-2020-10", + "ELBSecurityPolicy-TLS13-1-2-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", + "ELBSecurityPolicy-TLS13-1-1-2021-06", + "ELBSecurityPolicy-TLS13-1-0-2021-06", + "ELBSecurityPolicy-TLS13-1-3-2021-06" ] ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json b/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json index 99abfe7a4..e275d62fb 100755 --- a/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json +++ b/ScoutSuite/providers/aws/rules/findings/elbv2-older-ssl-policy.json @@ -21,7 +21,14 @@ "ELBSecurityPolicy-FS-1-1-2019-08", "ELBSecurityPolicy-FS-1-2-2019-08", "ELBSecurityPolicy-FS-1-2-Res-2019-08", - "ELBSecurityPolicy-FS-1-2-Res-2020-10" + "ELBSecurityPolicy-FS-1-2-Res-2020-10", + "ELBSecurityPolicy-TLS13-1-2-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Res-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06", + "ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06", + "ELBSecurityPolicy-TLS13-1-1-2021-06", + "ELBSecurityPolicy-TLS13-1-0-2021-06", + "ELBSecurityPolicy-TLS13-1-3-2021-06" ] ] ] From 8a230848b6bb59c27232f405a1849dde4990a49b Mon Sep 17 00:00:00 2001 From: Scott Bailey Date: Thu, 26 May 2022 13:37:03 -0400 Subject: [PATCH 839/979] Add unit tests for regex fix At present, the new unit test fails. Bizarrely, the test works as expected if it is performed manually instead of using pytest (i.e. define SAMPLE_USER_DATA and then call ._identify_user_data_secrets() with it. The regexes also work correctly when tested interactively or at pythex.org. It just doesn't work correctly for pytest (and by presumption, for actual code -- I'm working to construct a test for that). --- tests/test_aws_provider.py | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index 9c563c047..a0814108d 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -7,7 +7,7 @@ from ScoutSuite.providers.aws.authentication_strategy import AWSCredentials from ScoutSuite.providers.base.authentication_strategy import AuthenticationException from ScoutSuite.providers.base.authentication_strategy_factory import get_authentication_strategy - +from ScoutSuite.providers.aws.resources.ec2.instances import EC2Instances class Object(object): pass @@ -116,3 +116,37 @@ def test_get_report_name( provider="aws", credentials=mock.MagicMock(session="123"), ) assert aws_provider.get_report_name() == "aws-12345" + + def test_identify_user_data_secrets(self): + + SAMPLE_USER_DATA = """ +# Various AWS Access Key exercisers +AKIASHORT # too short +AKIA0123456789ABCDEF # just right +AKIA0123456789ABCDEF0 # too long +AKIA0123456789abcdef # invalid characters +FAKIA0123456789ABCDE # wrong prefix +in middle AKIAFEDCBA9876543210 of line +line ends with AKIAFFFFFFFFFFFFFFFF + +# Various AWS Secret Access Key exercisers +ThisIsTooShort +ThisSequenceIsExactlyTheRightLengthToUse +ThisOneIsJustALittleBitLongerThanItShouldBe +middle="0000000000/1111111111/2222222222/3333333" + "of line" +hats off to TRON: HereIsSomethingThatAppearsAtEndOfLineMCP + """ + + results = EC2Instances._identify_user_data_secrets(SAMPLE_USER_DATA) + print(results) + self.maxDiff = None + assert results["AWS Access Key IDs"] == [ + "AKIA0123456789ABCDEF", + "AKIAFEDCBA9876543210", + "AKIAFFFFFFFFFFFFFFFF" + ] + assert results["AWS Secret Access Keys"] == [ + "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", + "0000000000/1111111111/2222222222/3333333", + "HereIsSomethingThatAppearsAtEndOfLineMCP" + ] From 2f1630378d72190ecd7f7a7a7b3f1cf4a8a7157f Mon Sep 17 00:00:00 2001 From: Scott Bailey Date: Thu, 26 May 2022 15:26:23 -0400 Subject: [PATCH 840/979] Disable and annotate new unit test Good luck figuring this one out... I have verified actual behavior, and interactive invocation (of both the individual commands, and the method) work exactly as expected. For some reason, using pytest to evaluate this configuration appears to break proper parsing of the regular expressions (??!!?!) and the assertions in the test fail because they return substring matches which are explicitly prohibited by the final group of the regular expression. I have annotated the test to indicate it is expected to fail, and added documentation of actual "in the wild" behavior, which is as expected. --- tests/test_aws_provider.py | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/tests/test_aws_provider.py b/tests/test_aws_provider.py index a0814108d..115726651 100755 --- a/tests/test_aws_provider.py +++ b/tests/test_aws_provider.py @@ -117,6 +117,7 @@ def test_get_report_name( ) assert aws_provider.get_report_name() == "aws-12345" + @pytest.mark.skip(reason="pytest does not reproduce actual behavior") def test_identify_user_data_secrets(self): SAMPLE_USER_DATA = """ @@ -137,9 +138,31 @@ def test_identify_user_data_secrets(self): hats off to TRON: HereIsSomethingThatAppearsAtEndOfLineMCP """ + """ + As I write this test, the assertions below fail; somehow, the "too long" + sequences return their initial substrings, which should not even be + possible. This behavior appears with pytest, but not when repeated + interactively. This behavior also does not appear with the actual scanner: + + The following is excerpted from actual (pretty-printed) output: + [...] + "user_data": "#!/bin/bash\ncat << \"EOF\" > /root/rsb\n# Various AWS Access Key exercisers\nAKIASHORT # too short\nAKIA0123456789ABCDEF # just right\nAKIA0123456789ABCDEF0 # too long\nAKIA0123456789abcdef # invalid characters\nFAKIA0123456789ABCDE # wrong prefix\nin middle AKIAFEDCBA9876543210 of line\nline ends with AKIAFFFFFFFFFFFFFFFF\n\n# Various AWS Secret Access Key exercisers\nThisIsTooShort\n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\nThisOneIsJustALittleBitLongerThanItShouldBe\nmiddle=\"0000000000/1111111111/2222222222/3333333\" + \"of line\"\nhats off to TRON: HereIsSomethingThatAppearsAtEndOfLineMCP\nEOF", + "user_data_secrets": { + "AWS Access Key IDs": [ + "AKIA0123456789ABCDEF", + "AKIAFEDCBA9876543210", + "AKIAFFFFFFFFFFFFFFFF" + ], + "AWS Secret Access Keys": [ + "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", + "0000000000/1111111111/2222222222/3333333", + "HereIsSomethingThatAppearsAtEndOfLineMCP" + ] + } + [...] + """ + results = EC2Instances._identify_user_data_secrets(SAMPLE_USER_DATA) - print(results) - self.maxDiff = None assert results["AWS Access Key IDs"] == [ "AKIA0123456789ABCDEF", "AKIAFEDCBA9876543210", From 95297c619483934e4fae40a97b468bc81874bcc0 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:14:06 +0200 Subject: [PATCH 841/979] add DeviceCodeCredential authentication Replace InteractiveBrowserCredential with DeviceCodeCredential authentication method when specifying the "--user-account-browser" command line option to facilitate MFA authentication from Docker container. --- ScoutSuite/providers/azure/authentication_strategy.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/authentication_strategy.py b/ScoutSuite/providers/azure/authentication_strategy.py index 26d190499..fa6eb012d 100755 --- a/ScoutSuite/providers/azure/authentication_strategy.py +++ b/ScoutSuite/providers/azure/authentication_strategy.py @@ -6,7 +6,7 @@ from ScoutSuite.core.console import print_exception from azure.identity import UsernamePasswordCredential, AzureCliCredential, ClientSecretCredential, \ - ManagedIdentityCredential, InteractiveBrowserCredential + ManagedIdentityCredential, DeviceCodeCredential from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException AUTHORITY_HOST_URI = 'https://login.microsoftonline.com/' @@ -86,7 +86,7 @@ def authenticate(self, elif user_account_browser: - identity_credentials = InteractiveBrowserCredential() + identity_credentials = DeviceCodeCredential(authority=AUTHORITY_HOST_URI,tenant_id=tenant_id,client_id=AZURE_CLI_CLIENT_ID) elif service_principal: From 3fe5cde7f86f2b905c21712f54aeef2415b320d6 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:32:35 +0200 Subject: [PATCH 842/979] Disable throttling check Comment out throttling check since is_throttled is not fully implemented and triggers some errors. --- ScoutSuite/providers/utils.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index 86a5721ae..89b279020 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -26,6 +26,9 @@ async def run_concurrently(function, backoff_seconds=15): async with asyncio.get_event_loop().throttler: return await run_function_concurrently(function) except Exception as e: + raise + """ + Commented out so this does not trigger errors from is_throttled, which is not fully implemented # Determine whether the exception is due to API throttling if is_throttled(e): source_file = inspect.getsourcefile(function) @@ -35,6 +38,7 @@ async def run_concurrently(function, backoff_seconds=15): return await run_concurrently(function, backoff_seconds + 15) else: raise + """ def run_function_concurrently(function): From 5a591de04589beda12fe07c0aef0138bb2ac38f7 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:37:46 +0200 Subject: [PATCH 843/979] Handle Graph API 404 responses Handle 404 responses from MS Graph API for queries targetting non-existent datasets (i.e. retrieving group details for groupless users). Fixes typo in get_policies exception. --- ScoutSuite/providers/azure/facade/aad.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/facade/aad.py b/ScoutSuite/providers/azure/facade/aad.py index 30e9f2bc8..b826e0431 100755 --- a/ScoutSuite/providers/azure/facade/aad.py +++ b/ScoutSuite/providers/azure/facade/aad.py @@ -18,6 +18,9 @@ async def _get_microsoft_graph_response(self, api_resource, api_version='v1.0'): response = client.get(endpoint) if response.status_code == 200: return response.json() + # If response is 404 then it means there is no resource associated with the provided id + elif response.status_code == 404: + return {} else: print_exception('Failed to query Microsoft Graph endpoint \"{}\": status code {}'. format(api_resource, response.status_code)) @@ -104,5 +107,5 @@ async def get_policies(self): policies_response = await self._get_microsoft_graph_response('policies/authorizationPolicy') return policies_response except Exception as e: - print_exception(f'Failed to retrieve applications: {e}') + print_exception(f'Failed to retrieve policies: {e}') return [] From 28d5bb250bcc276b0f6c847e95077b06c0f2f6a9 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:41:28 +0200 Subject: [PATCH 844/979] Handle VMs without diagnostics profile Handle errors caused by accessing boot_diagnostics attribute on VMs without a diagnostics profile configured. --- .../providers/azure/resources/virtualmachines/instances.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index db51bd097..9a0458b2e 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -64,7 +64,10 @@ async def _parse_instance(self, raw_instance): # TODO process and display the below instance_dict['hardware_profile'] = raw_instance.hardware_profile.vm_size - instance_dict['diagnostics_profile'] = {'Boot Diagnostics': True if raw_instance.diagnostics_profile.boot_diagnostics.enabled else None} + + # Handle VMs without diagnostics profile configured + if raw_instance.diagnostics_profile is not None: + instance_dict['diagnostics_profile'] = {'Boot Diagnostics': True if raw_instance.diagnostics_profile.boot_diagnostics.enabled else None} instance_dict['os_profile'] = {} if raw_instance.os_profile is not None: From dd405f69043ccf710fd1d5913149d19818ce5f46 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:48:17 +0200 Subject: [PATCH 845/979] Disable KeyVault diagnostic settings checks Disable checks related to KeyVault diagnostic settings since some of the functions involved do not work as expected. get_diagnostic_settings invokes the "list" operation from DiagnosticSettingsOperations for the MonitorManagementClient class, which expects a "resource_uri" parameter consisting on an Azure resource URI. This is not currently being passed onto that function correctly and generates errors. --- .../azure/resources/loggingmonitoring/resources.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py b/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py index e9ec899e0..686ffc96d 100644 --- a/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py +++ b/ScoutSuite/providers/azure/resources/loggingmonitoring/resources.py @@ -5,26 +5,30 @@ class Resources(AzureCompositeResources): + """ + TODO this is commented out since DiagnositcResourceKeyVault.get_diagnostic_settings needs to be fixed _children = [ (DiagnosticResourceKeyVault, 'diagnostic_key_vault'), - ] - + ]""" + def __init__(self, facade: AzureFacade, subscription_id: str): super().__init__(facade) self.subscription_id = subscription_id - async def fetch_all(self): for raw_resource in await self.facade.resourcemanagement.get_specific_type_resources_with_filter( self.subscription_id, 'Microsoft.KeyVault/vaults'): id, resource = self._parse_resource(raw_resource) self[id] = resource - + + """ + TODO this is commented out since DiagnositcResourceKeyVault.get_diagnostic_settings needs to be fixed await self._fetch_children_of_all_resources( resources=self, scopes={resource_id: {'resource_id': resource['id'], 'subscription_id': self.subscription_id} for (resource_id, resource) in self.items()} ) + """ def _parse_resource(self, raw_resource): resource = {} @@ -34,4 +38,4 @@ def _parse_resource(self, raw_resource): resource['tags'] = ["{}:{}".format(key, value) for key, value in raw_resource.tags.items()] else: resource['tags'] = [] - return resource['id'], resource \ No newline at end of file + return resource['id'], resource From 4eaaae12202561271ef047130f900ce6d8188dbe Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:52:01 +0200 Subject: [PATCH 846/979] Disable KeyVault logging and diagnostic settings rules Disable logging and diagnostic settings checks for KeyVaults since related functions need to be fixed. --- ScoutSuite/providers/azure/rules/rulesets/default.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/rulesets/default.json b/ScoutSuite/providers/azure/rules/rulesets/default.json index a462057cc..286085c0f 100755 --- a/ScoutSuite/providers/azure/rules/rulesets/default.json +++ b/ScoutSuite/providers/azure/rules/rulesets/default.json @@ -93,7 +93,7 @@ ], "logging-monitoring-diagnostic-setting-does-not-exist.json": [ { - "enabled": true, + "enabled": false, "level": "warning" } ], @@ -172,7 +172,7 @@ ], "logging-monitoring-logging-key-vault-disabled.json": [ { - "enabled": true, + "enabled": false, "level": "warning" } ], From 0bddd9b32c06bf2aec8ee4432e3306a5bef6b414 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 11:53:01 +0200 Subject: [PATCH 847/979] Disable KeyVault logging and diagnostic settings rules Disable logging and diagnostic settings checks for KeyVaults since related functions need to be fixed. --- ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json index 7f7d70a3f..9c6815ddc 100644 --- a/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json +++ b/ScoutSuite/providers/azure/rules/rulesets/cis-1.2.0.json @@ -32,7 +32,7 @@ ], "logging-monitoring-diagnostic-setting-does-not-exist.json": [ { - "enabled": true, + "enabled": false, "level": "warning" } ], @@ -58,7 +58,7 @@ ], "logging-monitoring-logging-key-vault-disabled.json": [ { - "enabled": true, + "enabled": false, "level": "warning" } ], From 230bd2a9df00a1fedaf6449a97c190f5589255b3 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 3 Jun 2022 12:02:51 +0200 Subject: [PATCH 848/979] Workaround for MissingApiVersionParameter error Workaround for MissingApiVersionParameter error raised by Azure API when calling "list" operation from ComplianceResultsOperations for the SecurityCenter client. Also waiting for further info from Azure Python SDK devs on this matter. --- .../providers/azure/facade/securitycenter.py | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/ScoutSuite/providers/azure/facade/securitycenter.py b/ScoutSuite/providers/azure/facade/securitycenter.py index c2b2677a2..25858f5f9 100755 --- a/ScoutSuite/providers/azure/facade/securitycenter.py +++ b/ScoutSuite/providers/azure/facade/securitycenter.py @@ -79,6 +79,20 @@ async def get_alerts(self, subscription_id: str): print_exception(f'Failed to retrieve alerts: {e}') return [] + def remove_last_ItemPage_from_the_list(self, results): + p = list() + try: + for i in results: + p.append(i) + except Exception: + # TODO implement condition to pass only if the triggered error is MissingApiVersionParameter + pass + return p + + """ + Commented out this part since a weird bug causes MissingApiVersionParameter errors to appear in the last response from Azure API. + Workaround bypasses this but obviously not ideal. + async def get_compliance_results(self, subscription_id: str): try: client = self.get_client(subscription_id) @@ -89,6 +103,18 @@ async def get_compliance_results(self, subscription_id: str): except Exception as e: print_exception(f'Failed to retrieve compliance results: {e}') return [] + """ + + async def get_compliance_results(self, subscription_id: str): + try: + client = self.get_client(subscription_id) + scope = f'/subscriptions/{subscription_id}' + return await run_concurrently( + lambda: self.remove_last_ItemPage_from_the_list(client.compliance_results.list(scope=scope)) + ) + except Exception as e: + print_exception(f'Failed to retrieve compliance results: {e}') + return [] async def get_regulatory_compliance_results(self, subscription_id: str): try: From 0706135ed54fba04025f700c1a340792b40d5108 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 3 Jun 2022 17:30:56 +0200 Subject: [PATCH 849/979] Better parsing --- ScoutSuite/providers/azure/resources/aad/policies.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/azure/resources/aad/policies.py b/ScoutSuite/providers/azure/resources/aad/policies.py index 0a4ba826d..53695de34 100644 --- a/ScoutSuite/providers/azure/resources/aad/policies.py +++ b/ScoutSuite/providers/azure/resources/aad/policies.py @@ -17,10 +17,10 @@ async def _parse_policy(self, raw_policy): policy_dict['allowed_to_use_SSPR'] = raw_policy.get('allowedToUseSSPR') policy_dict['allow_email_verified_users_to_join_organization' ] = raw_policy.get('allowEmailVerifiedUsersToJoinOrganization') - policy_dict['allowed_to_create_apps'] = raw_policy['defaultUserRolePermissions'].get('allowedToCreateApps') + policy_dict['allowed_to_create_apps'] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToCreateApps') policy_dict['allowed_to_create_security_groups' - ] = raw_policy['defaultUserRolePermissions'].get('allowedToCreateSecurityGroups') + ] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToCreateSecurityGroups') policy_dict[ - 'allowed_to_read_other_users'] = raw_policy['defaultUserRolePermissions'].get('allowedToReadOtherUsers') + 'allowed_to_read_other_users'] = raw_policy.get('defaultUserRolePermissions', {}).get('allowedToReadOtherUsers') return policy_dict['id'], policy_dict From 877ed8b6c47095a82c1ea1f8021b1b105f0a7414 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 9 Jun 2022 11:28:55 +0200 Subject: [PATCH 850/979] Address https://github.com/nccgroup/ScoutSuite/issues/1415 --- .../providers/aws/rules/rulesets/default.json | 13 ++++++++++--- .../providers/aws/rules/rulesets/detailed.json | 13 ++++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index eb62980c9..b3afbb226 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -1206,21 +1206,21 @@ }, { "args": [ - "Receive" + "AddPermission" ], "enabled": true, "level": "danger" }, { "args": [ - "AddPermission" + "RemovePermission" ], "enabled": true, "level": "danger" }, { "args": [ - "RemovePermission" + "GetTopicAttributes" ], "enabled": true, "level": "danger" @@ -1232,6 +1232,13 @@ "enabled": true, "level": "danger" }, + { + "args": [ + "ListSubscriptionsByTopic" + ], + "enabled": true, + "level": "danger" + }, { "args": [ "DeleteTopic" diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index 2b886b861..d1043c5c1 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -1235,21 +1235,21 @@ }, { "args": [ - "Receive" + "AddPermission" ], "enabled": true, "level": "danger" }, { "args": [ - "AddPermission" + "RemovePermission" ], "enabled": true, "level": "danger" }, { "args": [ - "RemovePermission" + "GetTopicAttributes" ], "enabled": true, "level": "danger" @@ -1261,6 +1261,13 @@ "enabled": true, "level": "danger" }, + { + "args": [ + "ListSubscriptionsByTopic" + ], + "enabled": true, + "level": "danger" + }, { "args": [ "DeleteTopic" From 8adc2db1cb758deb7fc0e6662828d22dd275b65e Mon Sep 17 00:00:00 2001 From: aa Date: Fri, 17 Jun 2022 09:37:54 +0800 Subject: [PATCH 851/979] Updated dotnet current versions from 4.0 to 6.0 --- .../rules/findings/appservice-outdated-version-dotnet.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json index c1511aae0..cf5710b4e 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json @@ -31,7 +31,8 @@ "appservice.subscriptions.id.web_apps.id.programming_language_version", "containNoneOf", [ - "v4.0" + "v6.0", + "6.0" ] ] ], From bb8d13eb3119e886970d95231d60d8d7d53460e6 Mon Sep 17 00:00:00 2001 From: taichi-kotake Date: Tue, 28 Jun 2022 06:42:42 +0900 Subject: [PATCH 852/979] Remove duplicate link --- .../findings/sqs-queue-server-side-encryption-disabled.json | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json index 53b4703b6..f55863af7 100644 --- a/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/sqs-queue-server-side-encryption-disabled.json @@ -2,7 +2,6 @@ "description": "Queue with Encryption Disabled", "rationale": "SQS Server-Side Encryption ensures that the contents of messages in queues are encrypted.", "references": [ - "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html", "https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html" ], "dashboard_name": "Queues", From 430025d9773d21eed379aaaf24b778fd53fc72aa Mon Sep 17 00:00:00 2001 From: Geert Smelt Date: Thu, 7 Jul 2022 13:33:33 +0200 Subject: [PATCH 853/979] Fix docker-compose build error --- docker/docker-compose.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index bf68f4814..296424a62 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -16,5 +16,3 @@ services: - NAME=${NAME} - IMAGE_NAME=${IMAGE_NAME} - DESCRIPTION=${DESCRIPTION} - env_file: - - config/build.env \ No newline at end of file From c6eca9de166c124ed8e65d74dd81dc720061cd4f Mon Sep 17 00:00:00 2001 From: Consultant Date: Fri, 15 Jul 2022 04:35:08 -0700 Subject: [PATCH 854/979] Version update --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 32ece961f..901271c1c 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.11.0' +__version__ = '5.12.0-rc1' ERRORS_LIST = [] From aed8f74c74688ecf206d5e4933469df1d27c0075 Mon Sep 17 00:00:00 2001 From: tkmru Date: Mon, 29 Aug 2022 04:16:58 +0900 Subject: [PATCH 855/979] The phone in azure means a phone number --- .../securitycenter-security-contacts-phone-not-set.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json index dbe695d25..516b80f5e 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-phone-not-set.json @@ -1,6 +1,6 @@ { "description": "No Security Contact Phone Set", - "rationale": "Set at least one security contact email.", + "rationale": "Set at least one security contact phone number.", "compliance": [ { "name": "CIS Microsoft Azure Foundations", From 59b03153f7de717ddc619c9682721bc9ed6c8bf7 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Thu, 1 Sep 2022 11:52:08 +0200 Subject: [PATCH 856/979] Update __init__.py --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index 901271c1c..6209ae9c7 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.12.0-rc1' +__version__ = '5.12.0' ERRORS_LIST = [] From 4dfd04cb3e9bf29bfbc91216f7d982d763d93191 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Thu, 1 Sep 2022 12:26:21 +0200 Subject: [PATCH 857/979] Update AWS IPs --- ScoutSuite/data/aws/ip-ranges/aws.json | 4134 +++++++++++++++++++++++- 1 file changed, 3981 insertions(+), 153 deletions(-) diff --git a/ScoutSuite/data/aws/ip-ranges/aws.json b/ScoutSuite/data/aws/ip-ranges/aws.json index b60d8c55b..3d5fc376b 100755 --- a/ScoutSuite/data/aws/ip-ranges/aws.json +++ b/ScoutSuite/data/aws/ip-ranges/aws.json @@ -1,7 +1,13 @@ { - "syncToken": "1650565401", - "createDate": "2022-04-21-18-23-21", + "syncToken": "1662013390", + "createDate": "2022-09-01-06-23-10", "prefixes": [ + { + "ip_prefix": "3.2.34.0/26", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", @@ -26,6 +32,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.78.160/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.230.221.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.180.0.0/16", "region": "eu-west-3", @@ -104,6 +122,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.35.64/26", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.34.11.32/27", "region": "ap-east-1", @@ -128,6 +152,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.69.64/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.230.39.60/31", "region": "us-east-2", @@ -356,6 +386,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-chi-1" }, + { + "ip_prefix": "13.34.71.0/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.230.39.44/31", "region": "us-east-2", @@ -422,6 +458,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-chi-1" }, + { + "ip_prefix": "13.34.70.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.70.0/24", "region": "ap-northeast-1", @@ -452,6 +494,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.116.148/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.127.133/32", "region": "ap-south-1", @@ -530,6 +578,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.73.96/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.193.3.0/24", "region": "ap-southeast-2", @@ -584,6 +638,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "54.117.0.0/16", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "54.240.236.26/32", "region": "eu-south-1", @@ -692,12 +752,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.197.36.0/22", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "15.230.158.0/23", "region": "eu-west-2", "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "16.57.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "43.206.0.0/15", "region": "ap-northeast-1", @@ -800,6 +872,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-pilot-6" }, + { + "ip_prefix": "13.34.53.192/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.34.60.128/27", "region": "us-east-1", @@ -842,6 +920,24 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "16.30.0.0/16", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "16.49.0.0/16", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, + { + "ip_prefix": "40.167.0.0/16", + "region": "ap-southeast-6", + "service": "AMAZON", + "network_border_group": "ap-southeast-6" + }, { "ip_prefix": "52.46.190.0/30", "region": "us-east-1", @@ -902,6 +998,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.2.40.0/25", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.41.192/27", "region": "ap-southeast-2", @@ -926,6 +1028,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "16.155.0.0/16", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "18.34.248.0/22", "region": "ap-southeast-1", @@ -998,6 +1106,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.27.12/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.234.52/31", "region": "us-west-1", @@ -1052,6 +1166,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "54.21.0.0/16", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "54.206.0.0/16", "region": "ap-southeast-2", @@ -1094,6 +1214,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.68.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.69.224/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.70.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.124.0/24", "region": "us-east-1", @@ -1124,6 +1262,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "16.22.0.0/16", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "16.24.0.0/15", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "43.224.76.32/30", "region": "us-west-2", @@ -1178,6 +1328,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-atl-1" }, + { + "ip_prefix": "13.204.0.0/14", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.181.247.0/24", "region": "us-east-1", @@ -1238,18 +1394,36 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "142.4.160.144/29", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1-tpe-1" + }, { "ip_prefix": "13.34.54.224/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.79.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.248.119.0/24", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.220.120.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bue-1" + }, { "ip_prefix": "15.230.39.254/31", "region": "us-east-2", @@ -1394,6 +1568,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.27.18/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.164.220/31", "region": "eu-west-1", @@ -1418,6 +1598,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.230.169.6/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.224.79.254/31", "region": "us-west-2", @@ -1502,6 +1688,12 @@ "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ip_prefix": "13.34.72.160/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.208.0.0/16", "region": "ap-northeast-3", @@ -1538,6 +1730,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "15.230.253.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "43.224.79.96/31", "region": "eu-west-2", @@ -1586,6 +1784,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.222.90.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.236.0.0/15", "region": "us-east-1", @@ -1646,6 +1850,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.56.0.0/16", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "18.191.0.0/16", "region": "us-east-2", @@ -1664,6 +1874,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "98.131.0.0/16", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "99.77.159.0/24", "region": "eu-south-1", @@ -1682,6 +1898,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.21.128/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "13.34.55.0/27", "region": "us-west-2", @@ -1700,6 +1922,24 @@ "service": "AMAZON", "network_border_group": "us-east-1-atl-1" }, + { + "ip_prefix": "15.230.241.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "16.55.0.0/16", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "47.128.0.0/14", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.46.191.60/31", "region": "us-east-1", @@ -1892,6 +2132,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "3.2.34.128/26", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "13.34.59.96/27", "region": "us-east-1", @@ -1904,6 +2150,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.74.64/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.248.100.0/24", "region": "eu-north-1", @@ -1982,6 +2234,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "54.20.0.0/16", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "54.250.0.0/16", "region": "ap-northeast-1", @@ -2000,6 +2258,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "76.223.168.0/24", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "107.20.0.0/14", "region": "us-east-1", @@ -2144,6 +2408,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.4.164/31", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.230.132.0/24", "region": "eu-west-1", @@ -2222,6 +2492,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.71.224/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.36.0.0/14", "region": "eu-west-3", @@ -2300,6 +2576,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.177.94.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "43.224.76.188/30", "region": "us-east-1", @@ -2366,6 +2648,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.71.32/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.230.0.12/31", "region": "sa-east-1", @@ -2577,16 +2865,16 @@ "network_border_group": "us-east-2" }, { - "ip_prefix": "18.116.0.0/14", - "region": "us-east-2", + "ip_prefix": "15.230.251.4/31", + "region": "ap-southeast-1", "service": "AMAZON", - "network_border_group": "us-east-2" + "network_border_group": "ap-southeast-1" }, { - "ip_prefix": "43.192.0.0/15", - "region": "cn-northwest-1", + "ip_prefix": "18.116.0.0/14", + "region": "us-east-2", "service": "AMAZON", - "network_border_group": "cn-northwest-1" + "network_border_group": "us-east-2" }, { "ip_prefix": "52.46.189.16/30", @@ -2678,6 +2966,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.251.0/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "16.20.0.0/16", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "18.34.32.0/20", "region": "eu-west-1", @@ -2888,6 +3188,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "54.222.91.0/24", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "64.252.72.0/24", "region": "us-west-2", @@ -2912,6 +3218,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "13.34.69.0/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.230.178.0/24", "region": "ap-southeast-3", @@ -3038,6 +3350,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.38/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.240.0/24", "region": "sa-east-1", @@ -3092,6 +3410,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "16.180.0.0/16", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "43.224.79.198/31", "region": "us-east-1", @@ -3122,12 +3446,24 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "150.222.129.149/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.234.142/31", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.41.0/26", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.6.224/27", "region": "ap-south-2", @@ -3152,6 +3488,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.73.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.50.0/24", "region": "eu-west-3", @@ -3332,6 +3674,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.123/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.234.56/31", "region": "us-west-1", @@ -3452,6 +3800,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.77.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.191.24/31", "region": "us-east-1", @@ -3494,18 +3848,42 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "136.9.0.0/16", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "172.96.110.0/24", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.2.37.128/26", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "13.34.56.224/27", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.71.96/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.34.79.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.18.0/24", "region": "us-east-1", @@ -3608,6 +3986,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "16.157.0.0/16", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "35.71.104.0/24", "region": "me-central-1", @@ -3836,6 +4220,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "99.83.102.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "142.4.160.8/29", "region": "us-east-1", @@ -4028,6 +4418,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.72.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.74.224/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "18.34.72.0/21", "region": "us-east-2", @@ -4184,12 +4586,30 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.53.160/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "13.34.57.0/27", "region": "us-west-2", "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.75.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.80.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.67.0/26", "region": "us-west-1", @@ -4262,6 +4682,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.232.176/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.234.112/31", "region": "us-west-1", @@ -4286,6 +4712,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.79.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.181.241.0/24", "region": "us-east-1", @@ -4382,6 +4814,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.76.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.177.99.0/24", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.193.5.0/24", "region": "eu-west-2", @@ -4394,6 +4838,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.220.32.0/21", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "15.230.39.24/31", "region": "us-east-2", @@ -4430,6 +4880,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.93.71.46/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.94.250.16/28", "region": "ap-southeast-4", @@ -4568,6 +5024,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "13.34.76.96/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "15.230.193.0/24", "region": "us-east-1", @@ -4646,6 +5108,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.232.122/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "3.32.0.0/16", "region": "us-gov-west-1", @@ -4784,6 +5252,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "150.222.129.148/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.66/31", "region": "af-south-1", @@ -4802,6 +5276,12 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.70.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.136/31", "region": "us-east-2", @@ -4874,6 +5354,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "13.34.2.0/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.12.64/27", "region": "us-west-2", @@ -4898,6 +5384,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.243.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "52.46.191.2/31", "region": "us-east-1", @@ -5170,9 +5662,9 @@ }, { "ip_prefix": "13.34.21.160/27", - "region": "us-east-1", + "region": "eu-south-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "eu-south-1" }, { "ip_prefix": "13.34.24.64/27", @@ -5180,6 +5672,12 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ip_prefix": "13.34.27.0/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.34.33.64/27", "region": "eu-central-1", @@ -5192,6 +5690,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.72.64/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.248.105.0/24", "region": "ap-south-1", @@ -5276,6 +5780,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.74.32/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "13.248.0.0/20", "region": "ap-northeast-3", @@ -5372,6 +5882,18 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "13.34.74.96/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "15.220.80.0/20", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1-tpe-1" + }, { "ip_prefix": "15.230.39.158/31", "region": "us-east-2", @@ -5486,12 +6008,24 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "98.80.0.0/12", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.234.5/32", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "157.152.0.0/16", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "205.251.246.0/24", "region": "us-east-1", @@ -5510,6 +6044,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.78.224/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "15.220.48.0/21", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1-waw-1" + }, { "ip_prefix": "15.230.197.0/24", "region": "sa-east-1", @@ -5576,6 +6122,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.126/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.234.6/31", "region": "us-west-1", @@ -5666,12 +6218,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.62.64/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.56.0.0/16", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.230.16.196/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.39.4/31", "region": "us-east-2", @@ -5756,6 +6320,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.79.0/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "15.230.39.12/31", "region": "us-east-2", @@ -5780,6 +6350,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.168.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "15.230.251.6/32", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "35.160.0.0/13", "region": "us-west-2", @@ -5840,12 +6422,30 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.2.38.128/26", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "13.32.0.0/15", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "13.34.75.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.77.64/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.112.0.0/14", "region": "ap-northeast-1", @@ -5936,6 +6536,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "16.156.0.0/16", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.60.0.0/15", "region": "ap-south-2", @@ -6110,6 +6716,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.73.160/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.97.0/24", "region": "eu-central-1", @@ -6194,12 +6806,6 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, - { - "ip_prefix": "43.196.0.0/15", - "region": "cn-north-1", - "service": "AMAZON", - "network_border_group": "cn-north-1" - }, { "ip_prefix": "43.224.79.30/31", "region": "us-east-1", @@ -6368,6 +6974,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "54.7.0.0/16", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "54.68.0.0/14", "region": "us-west-2", @@ -6424,9 +7036,9 @@ }, { "ip_prefix": "13.34.68.32/27", - "region": "ap-south-1", + "region": "us-west-2", "service": "AMAZON", - "network_border_group": "ap-south-1" + "network_border_group": "us-west-2" }, { "ip_prefix": "13.50.0.0/16", @@ -6440,6 +7052,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "16.21.0.0/16", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.44.0.0/15", "region": "us-east-1", @@ -6506,6 +7124,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "184.32.0.0/12", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "3.5.228.0/22", "region": "af-south-1", @@ -6718,9 +7342,9 @@ }, { "ip_prefix": "13.34.68.96/27", - "region": "us-east-1", + "region": "ap-south-1", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "ap-south-1" }, { "ip_prefix": "15.197.18.0/23", @@ -6794,6 +7418,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.39.0/26", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.77.96/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.249.0.0/16", "region": "GLOBAL", @@ -6920,6 +7556,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "16.52.0.0/16", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "18.144.0.0/15", "region": "us-west-1", @@ -7004,6 +7646,12 @@ "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "136.18.18.0/24", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.3.226/31", "region": "ap-southeast-1", @@ -7016,6 +7664,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.232.224/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.30.0/27", "region": "us-east-1", @@ -7028,6 +7682,24 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.34.76.0/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.220.64.0/20", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1-waw-1" + }, + { + "ip_prefix": "15.230.4.166/31", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.230.173.0/24", "region": "eu-west-2", @@ -7124,6 +7796,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.37.0/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.33.35.0/24", "region": "eu-central-1", @@ -7352,6 +8030,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.220.152.0/21", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1-ham-1" + }, { "ip_prefix": "15.230.77.64/26", "region": "ap-northeast-1", @@ -7418,6 +8102,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.11.192/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "13.34.31.160/27", "region": "sa-east-1", @@ -7550,6 +8240,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "3.2.41.128/26", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "13.34.22.88/29", "region": "ap-south-1", @@ -7580,6 +8276,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "16.26.0.0/16", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "43.224.79.34/31", "region": "us-east-1", @@ -7730,6 +8432,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "56.156.0.0/16", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "103.8.172.0/22", "region": "ap-southeast-2", @@ -7874,6 +8582,30 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "13.34.71.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.34.73.0/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.79.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.220.144.0/23", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1-ham-1" + }, { "ip_prefix": "15.230.39.118/31", "region": "us-east-2", @@ -7886,6 +8618,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "16.54.0.0/16", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "18.186.0.0/15", "region": "eu-west-1", @@ -8054,6 +8792,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "52.93.71.40/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.124.96/32", "region": "eu-west-3", @@ -8102,6 +8846,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.2.38.192/26", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "3.3.8.0/21", "region": "GLOBAL", @@ -8168,6 +8918,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.96.0/20", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1-han-1" + }, { "ip_prefix": "15.221.33.0/24", "region": "ca-central-1", @@ -8348,6 +9104,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.93.71.44/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.127.113/32", "region": "ap-southeast-1", @@ -8516,6 +9278,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "16.158.0.0/16", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "43.224.76.208/30", "region": "us-east-1", @@ -8528,6 +9296,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.71.45/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.126.245/32", "region": "ap-south-1", @@ -8564,6 +9338,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.8.0/24", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.34.50.128/27", "region": "us-east-1", @@ -8576,6 +9356,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.75.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.78.64/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.140/31", "region": "us-east-2", @@ -8792,6 +9584,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "13.34.77.32/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.39.32/31", "region": "us-east-2", @@ -9008,6 +9806,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.176.0.0/16", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.46.191.238/31", "region": "us-east-1", @@ -9236,6 +10040,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "40.172.0.0/14", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.64.0/24", "region": "us-east-1", @@ -9314,6 +10124,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.79.64/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.248.121.0/24", "region": "eu-west-1", @@ -9488,6 +10304,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.11.224/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "13.34.54.64/27", "region": "ap-southeast-1", @@ -9644,6 +10466,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.77.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.230.16.12/32", "region": "us-west-1", @@ -9830,6 +10658,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "15.230.223.4/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "43.224.79.156/31", "region": "eu-west-2", @@ -9896,6 +10730,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "16.181.0.0/16", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "18.164.0.0/15", "region": "GLOBAL", @@ -9992,6 +10832,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.43.0/26", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "13.34.28.96/27", "region": "us-west-2", @@ -10100,6 +10946,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.42.64/26", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "13.34.0.160/27", "region": "ap-northeast-1", @@ -10184,6 +11036,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.32.128/26", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "13.34.28.64/27", "region": "us-west-2", @@ -10298,6 +11156,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.250.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "46.51.216.0/21", "region": "ap-southeast-1", @@ -10478,6 +11342,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "150.222.232.125/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.125.236/31", "region": "us-east-1", @@ -10772,6 +11642,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "16.29.0.0/16", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "52.46.190.254/31", "region": "us-east-1", @@ -10850,6 +11726,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.56.0/21", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1-tpe-1" + }, { "ip_prefix": "15.230.133.28/31", "region": "ap-southeast-1", @@ -10868,6 +11750,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.71.42/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.156/32", "region": "us-west-1", @@ -10952,6 +11840,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-las-1" }, + { + "ip_prefix": "16.154.0.0/16", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ip_prefix": "52.93.127.115/32", "region": "ap-southeast-1", @@ -10976,6 +11870,12 @@ "service": "AMAZON", "network_border_group": "us-west-2-den-1" }, + { + "ip_prefix": "3.2.41.64/26", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.0.128/27", "region": "ap-northeast-1", @@ -11282,6 +12182,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.76.64/27", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.34.80.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.244.0.0/15", "region": "af-south-1", @@ -11372,6 +12284,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.75.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.0.4/32", "region": "sa-east-1", @@ -11450,6 +12368,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.70.96/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "15.221.16.0/22", "region": "us-west-1", @@ -11582,6 +12506,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.80.64/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.230.16.0/32", "region": "us-west-1", @@ -11684,6 +12614,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.232.93/32", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.234.96/31", "region": "us-west-1", @@ -11696,6 +12632,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.2.32/27", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "13.34.12.96/27", "region": "us-west-2", @@ -11708,6 +12650,18 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "16.27.0.0/16", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, + { + "ip_prefix": "18.88.0.0/18", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-2" + }, { "ip_prefix": "52.93.127.178/32", "region": "ap-northeast-1", @@ -11768,6 +12722,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "150.222.232.160/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "162.213.234.0/23", "region": "eu-west-1", @@ -11786,6 +12746,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.136.0/21", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-1" + }, + { + "ip_prefix": "16.159.0.0/16", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "18.34.244.0/22", "region": "us-west-2", @@ -11900,6 +12872,12 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.230.14.248/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.74/31", "region": "us-east-2", @@ -11990,6 +12968,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "15.220.146.0/23", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "43.224.76.140/30", "region": "us-east-1", @@ -12116,6 +13100,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "52.93.71.41/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.95.239.0/24", "region": "eu-west-2", @@ -12248,6 +13238,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "13.34.72.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.152.0.0/16", "region": "ap-northeast-3", @@ -12272,6 +13268,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.230.169.4/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "43.224.79.104/31", "region": "eu-west-2", @@ -12320,6 +13322,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "136.18.20.0/24", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "161.188.132.0/23", "region": "us-east-1", @@ -12500,12 +13508,30 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.71.64/27", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "15.230.240.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.182.0.0/16", "region": "ap-northeast-1", "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.218.0.0/16", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.46.189.112/30", "region": "us-west-2", @@ -12554,6 +13580,18 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "16.53.0.0/16", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, + { + "ip_prefix": "16.179.0.0/16", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "18.178.0.0/16", "region": "ap-northeast-1", @@ -12566,6 +13604,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.37/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.126.234/32", "region": "sa-east-1", @@ -12626,6 +13670,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "150.222.232.192/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.234.20/31", "region": "us-west-1", @@ -12638,6 +13688,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.18.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.34.28.32/27", "region": "us-west-2", @@ -12722,6 +13778,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.116.250/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.178.214/32", "region": "us-west-1", @@ -12782,6 +13844,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.74.0/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.220.204.0/24", "region": "us-west-2", @@ -12986,6 +14054,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.78.96/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.80.224/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.125.0.0/16", "region": "ap-northeast-2", @@ -13106,6 +14186,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.32.64/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.34.9.0/27", "region": "eu-west-1", @@ -13118,6 +14204,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.251.2/31", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "43.224.76.112/30", "region": "us-east-1", @@ -13136,6 +14228,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.39/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.153.174/32", "region": "eu-west-2", @@ -13250,6 +14348,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "54.46.0.0/16", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "54.240.128.0/18", "region": "GLOBAL", @@ -13298,6 +14402,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "15.177.97.0/24", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.230.39.216/31", "region": "us-east-2", @@ -13316,6 +14426,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.230.247.0/24", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.71.68.0/22", "region": "us-east-1", @@ -13490,6 +14606,12 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "57.180.0.0/14", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "64.252.80.0/24", "region": "sa-east-1", @@ -13562,6 +14684,18 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "52.93.139.250/32", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "76.162.0.0/15", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "150.222.234.10/31", "region": "us-west-1", @@ -13569,16 +14703,28 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "3.3.16.0/21", - "region": "us-east-1", + "ip_prefix": "3.2.33.64/26", + "region": "eu-west-3", "service": "AMAZON", - "network_border_group": "us-east-1" + "network_border_group": "eu-west-3" }, { - "ip_prefix": "13.34.26.224/27", - "region": "eu-west-2", + "ip_prefix": "3.2.35.192/26", + "region": "ap-south-2", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "3.2.43.64/26", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ip_prefix": "3.3.16.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "13.34.40.64/27", @@ -13742,6 +14888,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.202.0.0/15", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.181.64.0/20", "region": "us-west-2", @@ -13814,6 +14966,18 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.232.128/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.2.39.128/26", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "13.34.5.78/32", "region": "eu-central-1", @@ -13832,6 +14996,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "40.180.0.0/16", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "43.224.76.80/30", "region": "us-east-1", @@ -13898,6 +15068,24 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.69.96/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "13.34.75.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.78.32/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.206.0.0/15", "region": "ap-south-1", @@ -13910,6 +15098,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "16.177.0.0/16", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "50.18.0.0/16", "region": "us-west-1", @@ -13952,6 +15146,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.129.226/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.230.120/31", "region": "eu-central-1", @@ -14042,6 +15242,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "136.18.21.0/24", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.11.88/31", "region": "eu-west-1", @@ -14072,6 +15278,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ip_prefix": "13.34.73.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.128.0/17", "region": "GLOBAL", @@ -14168,6 +15380,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.70.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.156.0/24", "region": "eu-west-3", @@ -14282,6 +15500,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.34.74.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.46.189.252/30", "region": "us-west-2", @@ -14324,6 +15548,18 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.72.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.77.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.181.248.0/24", "region": "us-west-2", @@ -14462,12 +15698,6 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, - { - "ip_prefix": "13.200.0.0/13", - "region": "ap-south-1", - "service": "AMAZON", - "network_border_group": "ap-south-1" - }, { "ip_prefix": "15.230.59.0/24", "region": "ap-northeast-1", @@ -14522,6 +15752,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.139.248/31", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "52.93.178.128/32", "region": "us-west-1", @@ -14576,6 +15812,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "3.2.32.192/26", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.34.4.64/27", "region": "us-east-1", @@ -14708,6 +15950,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "150.222.232.226/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "176.32.64.0/19", "region": "ap-northeast-1", @@ -14738,12 +15986,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.200.0.0/15", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.248.48.0/21", "region": "ap-east-1", "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "15.230.246.0/24", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.248.24.0/22", "region": "ap-south-1", @@ -14900,6 +16160,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "16.28.0.0/16", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "35.71.111.0/24", "region": "eu-west-2", @@ -14960,6 +16226,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "54.116.0.0/16", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "99.150.72.0/21", "region": "eu-west-3", @@ -15027,10 +16299,10 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "71.137.8.0/22", - "region": "cn-north-1", + "ip_prefix": "56.157.0.0/16", + "region": "ap-northeast-3", "service": "AMAZON", - "network_border_group": "cn-north-1" + "network_border_group": "ap-northeast-3" }, { "ip_prefix": "99.77.139.0/24", @@ -15086,6 +16358,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "13.34.72.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.193.4.0/24", "region": "eu-central-1", @@ -15164,6 +16442,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.33.128/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -15224,6 +16508,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "16.31.0.0/16", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "43.224.79.66/31", "region": "eu-west-2", @@ -15314,6 +16604,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.41.192/26", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "13.34.34.160/27", "region": "me-central-1", @@ -15392,6 +16688,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.17.0/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.34.19.224/27", "region": "eu-west-1", @@ -15512,6 +16814,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.35.128/26", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "13.34.56.64/27", "region": "us-east-1", @@ -15536,6 +16844,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.230.220.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", @@ -15692,6 +17006,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.33.44.0/22", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.36.0/27", "region": "ap-southeast-3", @@ -15806,6 +17126,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "43.192.0.0/16", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "43.224.77.212/30", "region": "us-east-1", @@ -15926,6 +17252,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.230.14.22/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.131.0/24", "region": "eu-central-1", @@ -15938,6 +17270,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.222.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "52.93.50.138/31", "region": "us-east-1", @@ -15998,6 +17336,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.70.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.181.242.0/24", "region": "us-east-1", @@ -16028,6 +17372,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.245.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.248.8.0/22", "region": "us-east-2", @@ -16100,6 +17450,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "13.34.69.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.177.78.0/24", "region": "eu-west-2", @@ -16184,6 +17540,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.71.192/27", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.230.80.0/24", "region": "eu-central-1", @@ -16310,6 +17672,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "52.93.116.149/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.178.129/32", "region": "us-west-1", @@ -16550,6 +17918,18 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "13.34.17.32/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "13.34.70.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.132/31", "region": "us-east-2", @@ -16586,6 +17966,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "142.4.160.160/29", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-1" + }, { "ip_prefix": "150.222.15.126/32", "region": "us-east-1", @@ -16700,6 +18086,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.62.96/27", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.248.65.0/24", "region": "eu-south-2", @@ -16868,12 +18260,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.72.128/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.210.0.0/15", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "16.48.0.0/16", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "43.224.77.144/30", "region": "eu-west-2", @@ -16994,6 +18398,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.248.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.72.0.0/13", "region": "ap-northeast-1", @@ -17162,12 +18572,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.75.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.202/31", "region": "us-east-2", "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.180.0/24", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "16.12.12.0/23", "region": "il-central-1", @@ -17258,6 +18680,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.169.0/31", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "18.34.240.0/22", "region": "eu-west-1", @@ -17348,6 +18776,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.2.38.0/26", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.34.53.128/27", "region": "ap-southeast-1", @@ -17480,6 +18914,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "136.18.23.0/24", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "13.34.25.128/27", "region": "us-west-2", @@ -17498,6 +18938,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.78.128/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.220.220.0/23", "region": "us-east-1", @@ -17540,6 +18986,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "136.18.19.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "150.222.92.0/22", "region": "af-south-1", @@ -17594,6 +19046,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "16.79.0.0/16", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "18.130.0.0/16", "region": "eu-west-2", @@ -17672,6 +19130,12 @@ "service": "AMAZON", "network_border_group": "af-south-1" }, + { + "ip_prefix": "150.222.232.144/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.34.5.79/32", "region": "eu-central-1", @@ -17762,6 +19226,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "98.130.0.0/16", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "99.82.162.0/24", "region": "eu-west-1", @@ -17930,6 +19400,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "16.23.0.0/16", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "40.164.0.0/16", + "region": "ap-southeast-6", + "service": "AMAZON", + "network_border_group": "ap-southeast-6" + }, { "ip_prefix": "43.224.76.12/30", "region": "us-east-1", @@ -17990,6 +19472,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.76.32/27", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "15.220.248.0/23", "region": "us-east-1", @@ -18008,6 +19496,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "18.68.0.0/16", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "43.224.76.44/30", "region": "us-west-2", @@ -18170,6 +19664,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "150.222.27.234/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.86/31", "region": "af-south-1", @@ -18188,6 +19688,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.80.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.84.0/24", "region": "ca-central-1", @@ -18278,6 +19784,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.79.32/27", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, + { + "ip_prefix": "15.177.98.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", @@ -18362,6 +19880,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.2.36.0/25", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.34.5.17/32", "region": "eu-central-1", @@ -18374,6 +19898,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.34.69.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.176/31", "region": "us-east-2", @@ -18386,6 +19916,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.230.252.0/24", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.251.0.22/32", "region": "sa-east-1", @@ -18584,6 +20120,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.39.64/26", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "13.34.8.96/27", "region": "us-east-1", @@ -18692,6 +20234,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.223.0/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "16.164.0.0/16", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "43.224.76.196/30", "region": "us-west-2", @@ -18752,6 +20306,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.192.0.0/13", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.221.40.0/21", "region": "sa-east-1", @@ -18884,6 +20444,12 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "63.246.120.0/21", + "region": "GLOBAL", + "service": "AMAZON", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.78.196.0/22", "region": "us-west-2", @@ -18914,6 +20480,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "15.230.16.22/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.143.0/24", "region": "eu-south-1", @@ -19154,6 +20726,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "142.4.160.152/29", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1-waw-1" + }, { "ip_prefix": "150.222.3.188/32", "region": "ap-southeast-1", @@ -19167,10 +20745,16 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "13.34.17.24/29", - "region": "ap-southeast-3", + "ip_prefix": "13.34.77.0/27", + "region": "eu-west-2", "service": "AMAZON", - "network_border_group": "ap-southeast-3" + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "40.165.0.0/16", + "region": "ap-southeast-6", + "service": "AMAZON", + "network_border_group": "ap-southeast-6" }, { "ip_prefix": "52.46.188.56/30", @@ -19250,6 +20834,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.232.208/28", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "203.83.220.0/22", "region": "ap-southeast-1", @@ -19262,6 +20852,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.80.96/27", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "15.220.206.0/24", "region": "us-west-2", @@ -19322,6 +20918,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "150.222.129.150/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "150.222.208.65/32", "region": "af-south-1", @@ -19352,6 +20954,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.73.128/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.248.109.0/24", "region": "ap-southeast-2", @@ -19376,6 +20984,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.196.0.0/16", + "region": "cn-north-1", + "service": "AMAZON", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.46.191.34/31", "region": "us-west-2", @@ -19856,6 +21470,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.75.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.39.90/31", "region": "us-east-2", @@ -19946,12 +21566,24 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.34.80.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.28.0/24", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "16.178.0.0/16", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "35.71.101.0/24", "region": "eu-west-3", @@ -20042,6 +21674,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.230.194.0/24", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.207.0/24", "region": "ap-northeast-2", @@ -20054,6 +21692,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "18.88.128.0/18", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-2" + }, { "ip_prefix": "34.240.0.0/13", "region": "eu-west-1", @@ -20192,6 +21836,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "54.47.0.0/16", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "150.222.219.0/24", "region": "ap-southeast-1", @@ -20204,6 +21854,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.34.192/26", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "3.2.35.0/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "3.3.0.0/23", "region": "GLOBAL", @@ -20222,6 +21884,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "13.34.76.192/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.32.0.0/14", "region": "us-west-2", @@ -20384,6 +22052,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "3.2.42.0/26", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ip_prefix": "13.34.12.192/27", "region": "us-east-1", @@ -20396,6 +22070,12 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ip_prefix": "15.230.16.198/31", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "15.230.186.0/24", "region": "us-west-1", @@ -20468,6 +22148,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "13.34.74.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.230.163.0/24", "region": "ap-southeast-1", @@ -20576,6 +22262,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.82.171.0/24", + "region": "cn-northwest-1", + "service": "AMAZON", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.93.127.166/32", "region": "us-east-1", @@ -20618,6 +22310,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "16.165.0.0/16", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "43.224.76.72/30", "region": "us-east-1", @@ -20654,6 +22352,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "54.6.0.0/16", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "54.239.0.192/28", "region": "ap-northeast-2", @@ -20666,6 +22370,18 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ip_prefix": "3.2.32.0/26", + "region": "ap-southeast-6", + "service": "AMAZON", + "network_border_group": "ap-southeast-6" + }, + { + "ip_prefix": "13.34.18.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "13.34.40.224/27", "region": "eu-west-1", @@ -20708,6 +22424,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.71.43/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.91.109/32", "region": "us-east-1", @@ -20744,6 +22466,18 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ip_prefix": "13.34.69.192/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "13.184.0.0/13", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "15.177.0.0/18", "region": "GLOBAL", @@ -20882,12 +22616,6 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, - { - "ip_prefix": "13.34.27.17/32", - "region": "eu-west-2", - "service": "AMAZON", - "network_border_group": "eu-west-2" - }, { "ip_prefix": "13.34.44.128/27", "region": "ap-southeast-1", @@ -21008,6 +22736,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.75.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "15.230.4.176/28", "region": "ap-southeast-1", @@ -21038,6 +22772,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "40.181.0.0/16", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.46.188.236/30", "region": "us-east-1", @@ -21092,6 +22832,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "3.2.33.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "13.34.16.64/27", "region": "ap-east-1", @@ -21110,6 +22856,18 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.76.224/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.78.0/27", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "13.248.115.0/24", "region": "ap-northeast-1", @@ -21176,6 +22934,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "150.222.129.224/31", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "161.188.150.0/23", "region": "us-east-1", @@ -21320,6 +23084,18 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ip_prefix": "13.34.70.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "13.34.71.128/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.40.0.0/14", "region": "eu-west-2", @@ -21332,6 +23108,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.177.96.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.181.251.0/24", "region": "us-west-2", @@ -21501,10 +23283,16 @@ "network_border_group": "us-west-1" }, { - "ip_prefix": "13.34.27.16/32", - "region": "eu-west-2", + "ip_prefix": "150.222.232.124/32", + "region": "us-west-1", "service": "AMAZON", - "network_border_group": "eu-west-2" + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "13.34.74.160/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" }, { "ip_prefix": "13.248.126.0/24", @@ -21602,6 +23390,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.76.128/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "13.248.66.0/24", "region": "me-central-1", @@ -21620,6 +23414,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.230.249.0/24", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "43.224.77.80/30", "region": "us-east-1", @@ -21764,6 +23564,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "136.18.22.0/24", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "150.222.129.66/31", "region": "eu-central-1", @@ -21794,6 +23600,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.34.73.64/27", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "15.177.91.0/24", "region": "af-south-1", @@ -21812,6 +23624,18 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "15.230.223.2/31", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "15.230.242.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.155.0.0/16", "region": "us-west-2", @@ -21926,6 +23750,12 @@ "service": "AMAZON", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "16.78.0.0/16", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "52.76.0.0/17", "region": "ap-southeast-1", @@ -22130,6 +23960,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.220.44.0/22", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1-han-1" + }, { "ip_prefix": "15.230.195.0/24", "region": "eu-west-1", @@ -22184,6 +24020,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "13.34.9.76/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "13.34.49.192/27", "region": "eu-west-1", @@ -22250,6 +24092,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "75.79.0.0/16", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "100.24.0.0/13", "region": "us-east-1", @@ -22418,6 +24266,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.34.72.96/27", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.248.101.0/24", "region": "eu-west-2", @@ -22508,6 +24362,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.230.169.2/32", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "16.162.0.0/15", "region": "ap-east-1", @@ -22670,6 +24530,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.177.93.0/24", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.181.243.0/24", "region": "us-east-1", @@ -22754,6 +24620,12 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.34.78.192/27", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.230.61.0/24", "region": "eu-west-1", @@ -23060,6 +24932,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ip_prefix": "13.34.69.32/27", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.197.20.0/22", "region": "GLOBAL", @@ -23132,6 +25010,18 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.73.32/27", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "40.166.0.0/16", + "region": "ap-southeast-6", + "service": "AMAZON", + "network_border_group": "ap-southeast-6" + }, { "ip_prefix": "43.224.79.60/31", "region": "us-east-1", @@ -23180,6 +25070,12 @@ "service": "AMAZON", "network_border_group": "eu-south-2" }, + { + "ip_prefix": "150.222.129.151/32", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "205.251.240.0/22", "region": "us-east-1", @@ -23216,12 +25112,24 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "13.34.79.224/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.248.102.0/24", "region": "ap-southeast-2", "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.112.0/21", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-bue-1" + }, { "ip_prefix": "15.230.19.252/31", "region": "eu-west-1", @@ -23342,6 +25250,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "52.93.116.251/32", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.93.153.178/32", "region": "eu-west-2", @@ -23414,6 +25328,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.230.244.0/24", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "18.166.0.0/15", "region": "ap-east-1", @@ -23456,6 +25376,12 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "52.93.71.47/32", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "52.93.178.148/32", "region": "us-west-1", @@ -23528,6 +25454,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "13.34.77.128/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "15.220.128.0/21", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1-del-1" + }, { "ip_prefix": "15.230.39.62/31", "region": "us-east-2", @@ -23624,6 +25562,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.220.160.0/21", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.230.177.4/32", "region": "me-central-1", @@ -23690,6 +25634,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ip_prefix": "136.8.0.0/16", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ip_prefix": "150.222.75.0/24", "region": "us-west-2", @@ -23708,6 +25658,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.3.2.0/24", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.5.134.0/23", "region": "eu-central-1", @@ -23726,6 +25682,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.40.0/22", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "15.230.39.86/31", "region": "us-east-2", @@ -23912,6 +25874,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "13.34.80.160/27", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "15.177.68.0/23", "region": "eu-central-1", @@ -24728,12 +26696,6 @@ "service": "S3", "network_border_group": "us-west-1" }, - { - "ip_prefix": "71.137.8.0/22", - "region": "cn-north-1", - "service": "S3", - "network_border_group": "cn-north-1" - }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -25496,6 +27458,12 @@ "service": "DYNAMODB", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.2.34.0/26", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ip_prefix": "3.5.140.0/22", "region": "ap-northeast-2", @@ -25508,6 +27476,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.2.35.64/26", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "3.108.0.0/14", "region": "ap-south-1", @@ -25676,6 +27650,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.2.40.0/25", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ip_prefix": "18.34.248.0/22", "region": "ap-southeast-1", @@ -25772,6 +27752,18 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "142.4.160.144/29", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1-tpe-1" + }, + { + "ip_prefix": "15.220.120.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bue-1" + }, { "ip_prefix": "54.74.0.0/15", "region": "eu-west-1", @@ -25892,6 +27884,12 @@ "service": "EC2", "network_border_group": "us-east-1-atl-1" }, + { + "ip_prefix": "47.128.0.0/14", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "54.153.128.0/17", "region": "ap-southeast-2", @@ -25928,6 +27926,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.2.34.128/26", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ip_prefix": "54.250.0.0/16", "region": "ap-northeast-1", @@ -25988,6 +27992,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.177.94.0/24", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "52.95.255.16/28", "region": "ap-southeast-2", @@ -26144,6 +28154,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "3.2.41.0/26", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "204.236.128.0/18", "region": "us-west-1", @@ -26270,6 +28286,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.2.37.128/26", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "18.231.0.0/16", "region": "sa-east-1", @@ -26468,12 +28490,24 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.177.99.0/24", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.193.5.0/24", "region": "eu-west-2", "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.220.32.0/21", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-1" + }, { "ip_prefix": "52.80.0.0/16", "region": "cn-north-1", @@ -26678,12 +28712,24 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "15.220.80.0/20", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1-tpe-1" + }, { "ip_prefix": "3.96.0.0/15", "region": "ca-central-1", "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.48.0/21", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1-waw-1" + }, { "ip_prefix": "54.216.0.0/15", "region": "eu-west-1", @@ -26774,6 +28820,12 @@ "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "3.2.38.128/26", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "13.112.0.0/14", "region": "ap-northeast-1", @@ -26978,6 +29030,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.2.39.0/26", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "15.193.6.0/24", "region": "us-east-1", @@ -27026,6 +29084,12 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ip_prefix": "15.220.64.0/20", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1-waw-1" + }, { "ip_prefix": "52.0.0.0/15", "region": "us-east-1", @@ -27062,6 +29126,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.37.0/26", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.33.35.0/24", "region": "eu-central-1", @@ -27104,6 +29174,12 @@ "service": "EC2", "network_border_group": "me-central-1" }, + { + "ip_prefix": "15.220.152.0/21", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1-ham-1" + }, { "ip_prefix": "52.74.0.0/16", "region": "ap-southeast-1", @@ -27152,6 +29228,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.2.41.128/26", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "13.214.0.0/15", "region": "ap-southeast-1", @@ -27236,6 +29318,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.144.0/23", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1-ham-1" + }, { "ip_prefix": "54.223.0.0/16", "region": "cn-north-1", @@ -27284,6 +29372,12 @@ "service": "EC2", "network_border_group": "eu-south-2" }, + { + "ip_prefix": "3.2.38.192/26", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ip_prefix": "54.170.0.0/15", "region": "eu-west-1", @@ -27296,6 +29390,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "15.220.96.0/20", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1-han-1" + }, { "ip_prefix": "35.71.98.0/24", "region": "eu-north-1", @@ -27374,6 +29474,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.4.8.0/24", + "region": "GLOBAL", + "service": "EC2", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.163.0.0/16", "region": "ap-east-1", @@ -27638,6 +29744,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.43.0/26", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "35.71.110.0/24", "region": "ap-northeast-3", @@ -27656,12 +29768,24 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "3.2.42.64/26", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "52.95.255.112/28", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.2.32.128/26", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ip_prefix": "15.181.224.0/21", "region": "us-east-1", @@ -27842,6 +29966,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ip_prefix": "15.220.56.0/21", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1-tpe-1" + }, { "ip_prefix": "184.72.128.0/17", "region": "us-east-1", @@ -27860,6 +29990,12 @@ "service": "EC2", "network_border_group": "us-west-2-den-1" }, + { + "ip_prefix": "3.2.41.64/26", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ip_prefix": "13.51.0.0/16", "region": "eu-north-1", @@ -27992,12 +30128,24 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "18.88.0.0/18", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-2" + }, { "ip_prefix": "162.213.234.0/23", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.220.136.0/21", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-1" + }, { "ip_prefix": "18.34.244.0/22", "region": "us-west-2", @@ -28046,6 +30194,12 @@ "service": "EC2", "network_border_group": "us-east-1-nyc-1" }, + { + "ip_prefix": "15.220.146.0/23", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ip_prefix": "52.95.246.0/24", "region": "us-west-1", @@ -28166,6 +30320,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "43.218.0.0/16", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "54.152.0.0/16", "region": "us-east-1", @@ -28304,6 +30464,12 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.2.32.64/26", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "64.252.88.0/24", "region": "eu-central-1", @@ -28328,6 +30494,12 @@ "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "15.177.97.0/24", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "35.71.68.0/22", "region": "us-east-1", @@ -28412,6 +30584,24 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "3.2.33.64/26", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "3.2.35.192/26", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, + { + "ip_prefix": "3.2.43.64/26", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "13.212.0.0/15", "region": "ap-southeast-1", @@ -28472,6 +30662,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "3.2.39.128/26", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "16.16.0.0/16", "region": "eu-north-1", @@ -28628,6 +30824,12 @@ "service": "EC2", "network_border_group": "us-east-1-mia-1" }, + { + "ip_prefix": "3.2.32.192/26", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "13.246.0.0/16", "region": "af-south-1", @@ -28664,6 +30866,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "13.200.0.0/15", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "52.95.235.0/24", "region": "ap-southeast-3", @@ -28772,6 +30980,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "3.2.33.128/26", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "3.5.212.0/23", "region": "ap-south-1", @@ -28814,6 +31028,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.2.41.192/26", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "99.77.55.1/32", "region": "eu-south-2", @@ -28826,6 +31046,12 @@ "service": "EC2", "network_border_group": "us-east-1-dfw-1" }, + { + "ip_prefix": "3.2.35.128/26", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ip_prefix": "15.253.0.0/16", "region": "us-west-2", @@ -28892,6 +31118,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "43.192.0.0/16", + "region": "cn-northwest-1", + "service": "EC2", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.94.248.192/28", "region": "eu-west-2", @@ -29054,6 +31286,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "142.4.160.160/29", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-1" + }, { "ip_prefix": "162.222.148.0/22", "region": "us-west-2", @@ -29222,6 +31460,12 @@ "service": "EC2", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.2.38.0/26", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "15.220.220.0/23", "region": "us-east-1", @@ -29408,6 +31652,12 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "15.177.98.0/24", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.200.0.0/16", "region": "us-gov-west-1", @@ -29438,6 +31688,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.2.36.0/25", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "35.71.107.0/24", "region": "ap-east-1", @@ -29462,6 +31718,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "3.2.39.64/26", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "15.181.249.0/24", "region": "us-east-1", @@ -29564,6 +31826,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "142.4.160.152/29", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1-waw-1" + }, { "ip_prefix": "185.48.120.0/22", "region": "eu-west-1", @@ -29618,6 +31886,12 @@ "service": "EC2", "network_border_group": "us-west-2" }, + { + "ip_prefix": "43.196.0.0/16", + "region": "cn-north-1", + "service": "EC2", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "54.174.0.0/15", "region": "us-east-1", @@ -29750,6 +32024,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "18.88.128.0/18", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-2" + }, { "ip_prefix": "34.240.0.0/13", "region": "eu-west-1", @@ -29786,6 +32066,18 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.2.34.192/26", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "3.2.35.0/26", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "52.32.0.0/14", "region": "us-west-2", @@ -29822,6 +32114,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.2.42.0/26", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ip_prefix": "52.95.250.0/24", "region": "ca-central-1", @@ -29870,6 +32168,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "3.2.32.0/26", + "region": "ap-southeast-6", + "service": "EC2", + "network_border_group": "ap-southeast-6" + }, { "ip_prefix": "15.177.0.0/18", "region": "GLOBAL", @@ -29960,6 +32264,12 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "3.2.33.192/26", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ip_prefix": "52.52.0.0/15", "region": "us-west-1", @@ -30014,6 +32324,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "15.177.96.0/24", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.181.251.0/24", "region": "us-west-2", @@ -30206,6 +32522,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "15.220.44.0/22", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1-han-1" + }, { "ip_prefix": "99.151.144.0/21", "region": "ap-northeast-2", @@ -30296,6 +32618,12 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.177.93.0/24", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.181.243.0/24", "region": "us-east-1", @@ -30404,6 +32732,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ip_prefix": "15.220.112.0/21", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-bue-1" + }, { "ip_prefix": "52.77.0.0/16", "region": "ap-southeast-1", @@ -30476,6 +32810,12 @@ "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "15.220.128.0/21", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1-del-1" + }, { "ip_prefix": "18.183.0.0/16", "region": "ap-northeast-1", @@ -30506,6 +32846,18 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.220.160.0/21", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, + { + "ip_prefix": "3.3.2.0/24", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.5.134.0/23", "region": "eu-central-1", @@ -30518,6 +32870,12 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.220.40.0/22", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-den-1" + }, { "ip_prefix": "52.94.248.96/28", "region": "us-west-2", @@ -30974,6 +33332,12 @@ "service": "CLOUDFRONT", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.68.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "18.64.0.0/14", "region": "GLOBAL", @@ -31088,6 +33452,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "15.197.36.0/22", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "13.248.124.0/24", "region": "us-east-1", @@ -31112,6 +33482,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "eu-west-1" }, + { + "ip_prefix": "13.248.110.0/24", + "region": "ap-southeast-3", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.197.32.0/23", "region": "GLOBAL", @@ -31124,6 +33500,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "99.83.102.0/24", + "region": "ap-southeast-1", + "service": "GLOBALACCELERATOR", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "99.82.172.0/24", "region": "us-west-1", @@ -31448,6 +33830,12 @@ "service": "GLOBALACCELERATOR", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "63.246.120.0/21", + "region": "GLOBAL", + "service": "GLOBALACCELERATOR", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "99.83.99.0/24", "region": "eu-central-1", @@ -31598,12 +33986,24 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "ap-southeast-1" }, + { + "ip_prefix": "15.177.94.0/24", + "region": "ap-south-2", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "ap-south-2" + }, { "ip_prefix": "15.177.76.0/24", "region": "ap-northeast-2", "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.177.99.0/24", + "region": "il-central-1", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "il-central-1" + }, { "ip_prefix": "15.177.86.0/24", "region": "ap-east-1", @@ -31658,6 +34058,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.177.97.0/24", + "region": "eu-south-2", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "15.177.64.0/23", "region": "us-east-1", @@ -31694,6 +34100,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "15.177.98.0/24", + "region": "eu-central-2", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "eu-central-2" + }, { "ip_prefix": "15.177.80.0/24", "region": "us-west-2", @@ -31706,6 +34118,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "15.177.96.0/24", + "region": "ap-southeast-4", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "ap-southeast-4" + }, { "ip_prefix": "15.177.87.0/24", "region": "me-south-1", @@ -31724,6 +34142,12 @@ "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", "network_border_group": "af-south-1" }, + { + "ip_prefix": "15.177.93.0/24", + "region": "me-central-1", + "service": "ROUTE53_HEALTHCHECKS_PUBLISHING", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.177.92.0/24", "region": "ap-southeast-3", @@ -31952,6 +34376,12 @@ "service": "CLOUDFRONT_ORIGIN_FACING", "network_border_group": "GLOBAL" }, + { + "ip_prefix": "18.68.0.0/16", + "region": "GLOBAL", + "service": "CLOUDFRONT_ORIGIN_FACING", + "network_border_group": "GLOBAL" + }, { "ip_prefix": "54.182.156.0/22", "region": "GLOBAL", @@ -32060,12 +34490,48 @@ "service": "API_GATEWAY", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.36.16/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.36.32/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.36.64/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.57.0/24", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "140.179.58.0/26", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.58.88/29", "region": "cn-north-1", "service": "EBS", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.59.0/24", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "140.179.79.160/27", "region": "cn-north-1", @@ -32084,6 +34550,12 @@ "service": "EBS", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "140.179.79.64/26", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.80.197.0/25", "region": "cn-north-1", @@ -32108,6 +34580,60 @@ "service": "CODEBUILD", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.80.51.200/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.51.208/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.51.216/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.51.224/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.51.240/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.80.51.248/29", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.81.113.32/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.81.113.64/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, + { + "ip_prefix": "52.81.113.96/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.81.124.0/23", "region": "cn-north-1", @@ -32126,6 +34652,12 @@ "service": "API_GATEWAY", "network_border_group": "cn-north-1" }, + { + "ip_prefix": "52.81.151.0/27", + "region": "cn-north-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-north-1" + }, { "ip_prefix": "52.81.167.128/27", "region": "cn-north-1", @@ -32162,6 +34694,18 @@ "service": "API_GATEWAY", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "161.189.23.0/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "161.189.23.32/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "161.189.66.128/26", "region": "cn-northwest-1", @@ -32210,18 +34754,90 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.26.192/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.26.224/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.83.26.64/26", "region": "cn-northwest-1", "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.33.104/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.33.112/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.33.72/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.33.80/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.33.88/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.33.96/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.83.34.128/25", "region": "cn-northwest-1", "service": "ROUTE53_HEALTHCHECKS", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.34.72/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.34.80/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.34.88/29", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "52.83.34.96/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "52.83.35.0/25", "region": "cn-northwest-1", @@ -32240,6 +34856,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "52.83.58.0/24", + "region": "cn-northwest-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "68.79.2.244/30", "region": "cn-northwest-1", @@ -32252,12 +34874,36 @@ "service": "EBS", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "68.79.2.64/27", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "69.230.219.0/24", "region": "cn-northwest-1", "service": "API_GATEWAY", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "69.230.226.0/24", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.230.227.0/24", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, + { + "ip_prefix": "69.230.228.0/24", + "region": "cn-northwest-1", + "service": "ROUTE53_RESOLVER", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "69.234.197.192/26", "region": "cn-northwest-1", @@ -32270,12 +34916,30 @@ "service": "CODEBUILD", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "69.235.162.0/24", + "region": "cn-northwest-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "cn-northwest-1" + }, { "ip_prefix": "69.235.170.0/23", "region": "cn-northwest-1", "service": "API_GATEWAY", "network_border_group": "cn-northwest-1" }, + { + "ip_prefix": "18.252.4.0/30", + "region": "us-gov-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "15.200.28.80/30", + "region": "us-gov-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "18.252.126.0/25", "region": "us-gov-east-1", @@ -32319,9 +34983,9 @@ "network_border_group": "us-gov-east-1" }, { - "ip_prefix": "18.252.4.0/30", + "ip_prefix": "18.252.165.140/30", "region": "us-gov-east-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "KINESIS_VIDEO_STREAMS", "network_border_group": "us-gov-east-1" }, { @@ -32348,6 +35012,24 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-east-1" }, + { + "ip_prefix": "18.254.23.64/26", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.254.61.128/26", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, + { + "ip_prefix": "18.254.68.0/23", + "region": "us-gov-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-gov-east-1" + }, { "ip_prefix": "15.200.141.0/25", "region": "us-gov-west-1", @@ -32378,12 +35060,6 @@ "service": "S3", "network_border_group": "us-gov-west-1" }, - { - "ip_prefix": "15.200.28.80/30", - "region": "us-gov-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-gov-west-1" - }, { "ip_prefix": "15.200.28.88/29", "region": "us-gov-west-1", @@ -32408,6 +35084,42 @@ "service": "API_GATEWAY", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "3.30.129.0/24", + "region": "us-gov-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.30.130.0/23", + "region": "us-gov-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.30.40.84/30", + "region": "us-gov-west-1", + "service": "KINESIS_VIDEO_STREAMS", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.30.98.128/26", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.30.98.64/26", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ip_prefix": "3.32.139.0/24", + "region": "us-gov-west-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-gov-west-1" + }, { "ip_prefix": "3.32.190.0/25", "region": "us-gov-west-1", @@ -32438,6 +35150,102 @@ "service": "CODEBUILD", "network_border_group": "us-gov-west-1" }, + { + "ip_prefix": "3.112.23.0/29", + "region": "ap-northeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-northeast-1" + }, + { + "ip_prefix": "18.202.216.48/29", + "region": "eu-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-1" + }, + { + "ip_prefix": "18.206.107.24/29", + "region": "us-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "18.237.140.160/29", + "region": "us-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "13.52.6.112/29", + "region": "us-west-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-west-1" + }, + { + "ip_prefix": "3.0.5.32/29", + "region": "ap-southeast-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-1" + }, + { + "ip_prefix": "13.233.177.0/29", + "region": "ap-south-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-south-1" + }, + { + "ip_prefix": "3.120.181.40/29", + "region": "eu-central-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-central-1" + }, + { + "ip_prefix": "18.228.70.32/29", + "region": "sa-east-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "sa-east-1" + }, + { + "ip_prefix": "13.209.1.56/29", + "region": "ap-northeast-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-northeast-2" + }, + { + "ip_prefix": "13.239.158.0/29", + "region": "ap-southeast-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ap-southeast-2" + }, + { + "ip_prefix": "13.48.4.200/30", + "region": "eu-north-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-north-1" + }, + { + "ip_prefix": "35.180.112.80/29", + "region": "eu-west-3", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-3" + }, + { + "ip_prefix": "3.16.146.0/29", + "region": "us-east-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "us-east-2" + }, + { + "ip_prefix": "3.8.37.24/29", + "region": "eu-west-2", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "eu-west-2" + }, + { + "ip_prefix": "35.183.92.176/29", + "region": "ca-central-1", + "service": "EC2_INSTANCE_CONNECT", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "13.244.121.0/26", "region": "af-south-1", @@ -32618,6 +35426,12 @@ "service": "S3", "network_border_group": "af-south-1" }, + { + "ip_prefix": "13.246.108.0/22", + "region": "af-south-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "af-south-1" + }, { "ip_prefix": "13.246.70.0/23", "region": "af-south-1", @@ -32972,12 +35786,6 @@ "service": "API_GATEWAY", "network_border_group": "ap-northeast-1" }, - { - "ip_prefix": "3.112.23.0/29", - "region": "ap-northeast-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-northeast-1" - }, { "ip_prefix": "3.112.64.0/23", "region": "ap-northeast-1", @@ -33050,6 +35858,12 @@ "service": "AMAZON_APPFLOW", "network_border_group": "ap-northeast-1" }, + { + "ip_prefix": "3.114.164.0/22", + "region": "ap-northeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-1" + }, { "ip_prefix": "35.72.164.212/30", "region": "ap-northeast-1", @@ -33296,12 +36110,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "ap-northeast-2" }, - { - "ip_prefix": "13.209.1.56/29", - "region": "ap-northeast-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-northeast-2" - }, { "ip_prefix": "13.209.1.8/29", "region": "ap-northeast-2", @@ -33356,6 +36164,12 @@ "service": "CLOUD9", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "15.165.193.128/26", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "15.165.193.64/26", "region": "ap-northeast-2", @@ -33422,6 +36236,12 @@ "service": "CLOUDFRONT", "network_border_group": "ap-northeast-2" }, + { + "ip_prefix": "3.35.160.0/22", + "region": "ap-northeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-northeast-2" + }, { "ip_prefix": "3.36.167.128/25", "region": "ap-northeast-2", @@ -33734,6 +36554,18 @@ "service": "API_GATEWAY", "network_border_group": "ap-northeast-3" }, + { + "ip_prefix": "15.152.133.112/28", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, + { + "ip_prefix": "15.152.133.128/28", + "region": "ap-northeast-3", + "service": "S3", + "network_border_group": "ap-northeast-3" + }, { "ip_prefix": "15.152.174.0/23", "region": "ap-northeast-3", @@ -33860,12 +36692,6 @@ "service": "CLOUD9", "network_border_group": "ap-south-1" }, - { - "ip_prefix": "13.233.177.0/29", - "region": "ap-south-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-south-1" - }, { "ip_prefix": "13.233.177.192/26", "region": "ap-south-1", @@ -34064,6 +36890,12 @@ "service": "S3", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "65.1.156.0/22", + "region": "ap-south-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-south-1" + }, { "ip_prefix": "65.1.170.0/23", "region": "ap-south-1", @@ -34094,6 +36926,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ip_prefix": "13.212.132.0/22", + "region": "ap-southeast-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-1" + }, { "ip_prefix": "13.212.209.128/26", "region": "ap-southeast-1", @@ -34406,12 +37244,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "ap-southeast-1" }, - { - "ip_prefix": "3.0.5.32/29", - "region": "ap-southeast-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-southeast-1" - }, { "ip_prefix": "52.220.191.0/26", "region": "ap-southeast-1", @@ -34520,12 +37352,6 @@ "service": "CLOUD9", "network_border_group": "ap-southeast-2" }, - { - "ip_prefix": "13.239.158.0/29", - "region": "ap-southeast-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ap-southeast-2" - }, { "ip_prefix": "13.54.63.128/26", "region": "ap-southeast-2", @@ -34592,6 +37418,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ip_prefix": "3.25.248.0/22", + "region": "ap-southeast-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ap-southeast-2" + }, { "ip_prefix": "3.25.37.128/25", "region": "ap-southeast-2", @@ -34790,6 +37622,36 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ip_prefix": "108.137.114.0/28", + "region": "ap-southeast-3", + "service": "CODEBUILD", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.137.58.0/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.137.58.128/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.137.58.192/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, + { + "ip_prefix": "108.137.58.64/26", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ip_prefix": "15.222.16.32/27", "region": "ca-central-1", @@ -34892,6 +37754,12 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "ca-central-1" }, + { + "ip_prefix": "3.97.20.0/22", + "region": "ca-central-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "ca-central-1" + }, { "ip_prefix": "3.97.217.0/24", "region": "ca-central-1", @@ -35060,12 +37928,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "ca-central-1" }, - { - "ip_prefix": "35.183.92.176/29", - "region": "ca-central-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "ca-central-1" - }, { "ip_prefix": "99.79.126.0/24", "region": "ca-central-1", @@ -35150,6 +38012,12 @@ "service": "CLOUDFRONT", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "18.192.216.0/22", + "region": "eu-central-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "18.196.161.0/27", "region": "eu-central-1", @@ -35198,12 +38066,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "eu-central-1" }, - { - "ip_prefix": "3.120.181.40/29", - "region": "eu-central-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-central-1" - }, { "ip_prefix": "3.122.128.0/23", "region": "eu-central-1", @@ -35402,6 +38264,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-central-1" }, + { + "ip_prefix": "3.74.148.128/26", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ip_prefix": "35.157.127.248/29", "region": "eu-central-1", @@ -35480,12 +38348,6 @@ "service": "CODEBUILD", "network_border_group": "eu-north-1" }, - { - "ip_prefix": "13.48.4.200/30", - "region": "eu-north-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-north-1" - }, { "ip_prefix": "13.48.4.208/29", "region": "eu-north-1", @@ -35546,6 +38408,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-north-1" }, + { + "ip_prefix": "13.50.12.192/26", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ip_prefix": "13.51.120.0/24", "region": "eu-north-1", @@ -35822,6 +38690,12 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "eu-south-1" }, + { + "ip_prefix": "18.100.74.0/23", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ip_prefix": "108.128.160.0/23", "region": "eu-west-1", @@ -35847,9 +38721,9 @@ "network_border_group": "eu-west-1" }, { - "ip_prefix": "18.202.216.48/29", + "ip_prefix": "3.248.176.0/22", "region": "eu-west-1", - "service": "EC2_INSTANCE_CONNECT", + "service": "WORKSPACES_GATEWAYS", "network_border_group": "eu-west-1" }, { @@ -36230,6 +39104,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "13.41.1.160/27", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.130.91.144/30", "region": "eu-west-2", @@ -36290,6 +39170,12 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-2" }, + { + "ip_prefix": "18.134.68.0/22", + "region": "eu-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "eu-west-2" + }, { "ip_prefix": "18.135.226.192/26", "region": "eu-west-2", @@ -36428,12 +39314,6 @@ "service": "AMAZON", "network_border_group": "eu-west-2" }, - { - "ip_prefix": "3.8.37.24/29", - "region": "eu-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-2" - }, { "ip_prefix": "3.8.37.96/27", "region": "eu-west-2", @@ -36638,6 +39518,12 @@ "service": "API_GATEWAY", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "13.38.202.64/26", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ip_prefix": "15.188.102.0/27", "region": "eu-west-3", @@ -36764,12 +39650,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "eu-west-3" }, - { - "ip_prefix": "35.180.112.80/29", - "region": "eu-west-3", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "eu-west-3" - }, { "ip_prefix": "35.180.244.0/23", "region": "eu-west-3", @@ -36800,6 +39680,30 @@ "service": "CODEBUILD", "network_border_group": "eu-west-3" }, + { + "ip_prefix": "3.28.70.112/28", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "3.28.70.48/28", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "3.28.70.96/28", + "region": "me-central-1", + "service": "S3", + "network_border_group": "me-central-1" + }, + { + "ip_prefix": "3.28.72.0/23", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ip_prefix": "15.184.1.128/26", "region": "me-south-1", @@ -37076,6 +39980,12 @@ "service": "API_GATEWAY", "network_border_group": "sa-east-1" }, + { + "ip_prefix": "15.228.64.0/22", + "region": "sa-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "sa-east-1" + }, { "ip_prefix": "15.228.72.64/26", "region": "sa-east-1", @@ -37148,12 +40058,6 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, - { - "ip_prefix": "18.228.70.32/29", - "region": "sa-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "sa-east-1" - }, { "ip_prefix": "18.229.100.0/26", "region": "sa-east-1", @@ -37334,12 +40238,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "us-east-1" }, - { - "ip_prefix": "18.206.107.24/29", - "region": "us-east-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-east-1" - }, { "ip_prefix": "18.209.113.240/28", "region": "us-east-1", @@ -37598,6 +40496,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.227.4.0/22", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.228.170.0/26", "region": "us-east-1", @@ -37814,6 +40718,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "3.238.166.0/24", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, { "ip_prefix": "3.238.167.0/24", "region": "us-east-1", @@ -38336,6 +41246,24 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ip_prefix": "44.206.4.0/22", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.209.84.0/22", + "region": "us-east-1", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-east-1" + }, + { + "ip_prefix": "44.210.64.0/22", + "region": "us-east-1", + "service": "API_GATEWAY", + "network_border_group": "us-east-1" + }, { "ip_prefix": "52.23.61.0/24", "region": "us-east-1", @@ -38564,6 +41492,12 @@ "service": "API_GATEWAY", "network_border_group": "us-east-2" }, + { + "ip_prefix": "3.145.232.192/26", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ip_prefix": "3.145.31.0/26", "region": "us-east-2", @@ -38594,12 +41528,6 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, - { - "ip_prefix": "3.16.146.0/29", - "region": "us-east-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-east-2" - }, { "ip_prefix": "3.17.136.0/23", "region": "us-east-2", @@ -38720,12 +41648,6 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "us-west-1" }, - { - "ip_prefix": "13.52.6.112/29", - "region": "us-west-1", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-1" - }, { "ip_prefix": "13.56.112.168/29", "region": "us-west-1", @@ -39008,12 +41930,6 @@ "service": "AMAZON_CONNECT", "network_border_group": "us-west-2" }, - { - "ip_prefix": "18.237.140.160/29", - "region": "us-west-2", - "service": "EC2_INSTANCE_CONNECT", - "network_border_group": "us-west-2" - }, { "ip_prefix": "34.216.226.136/29", "region": "us-west-2", @@ -39302,6 +42218,12 @@ "service": "ROUTE53_RESOLVER", "network_border_group": "us-west-2" }, + { + "ip_prefix": "34.223.96.0/22", + "region": "us-west-2", + "service": "WORKSPACES_GATEWAYS", + "network_border_group": "us-west-2" + }, { "ip_prefix": "35.162.63.192/26", "region": "us-west-2", @@ -39386,6 +42308,30 @@ "service": "AMAZON", "network_border_group": "us-west-2" }, + { + "ip_prefix": "35.90.103.192/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.90.132.0/23", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.92.124.192/26", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ip_prefix": "35.92.26.0/24", + "region": "us-west-2", + "service": "API_GATEWAY", + "network_border_group": "us-west-2" + }, { "ip_prefix": "44.227.178.0/24", "region": "us-west-2", @@ -39646,6 +42592,12 @@ } ], "ipv6_prefixes": [ + { + "ipv6_prefix": "2600:1ff2:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d07a:a000::/40", "region": "eu-south-1", @@ -39778,6 +42730,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:da61:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:daf1:a000::/40", "region": "ap-south-1", @@ -39910,6 +42868,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2406:da61:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", @@ -40162,6 +43126,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ipv6_prefix": "2406:daf2:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2600:1f01:4880::/47", "region": "ap-northeast-1", @@ -40180,6 +43150,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d031:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2400:6500:ff00::/64", "region": "ap-southeast-1", @@ -40204,6 +43180,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:daf2:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2406:dafc:4000::/40", "region": "ap-northeast-1", @@ -40216,6 +43198,12 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:da61:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -40300,6 +43288,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:da61:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2406:dafc:e000::/40", "region": "ap-east-1", @@ -40366,6 +43360,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da61:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2406:daf8:a000::/40", "region": "ap-south-1", @@ -40390,12 +43390,24 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:daf2:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2400:7fc0:2600::/40", "region": "cn-north-1", "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2406:da61:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:9000:f800::/37", "region": "GLOBAL", @@ -40606,18 +43618,36 @@ "service": "AMAZON", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:daf2:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f60:5000::/40", "region": "us-gov-east-1", "service": "AMAZON", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2600:1f61:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:9000:ac00::/40", "region": "GLOBAL", "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:f0f0:4000::/44", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2406:daf9:7000::/40", "region": "me-central-1", @@ -40630,6 +43660,12 @@ "service": "AMAZON", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2a05:d072:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2600:1fff:4000::/40", "region": "us-west-2", @@ -40690,12 +43726,24 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:da61:6000::/40", + "region": "ap-northeast-3", + "service": "AMAZON", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2600:1ff9:c000::/40", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1ffb:8080::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffe:e000::/40", "region": "sa-east-1", @@ -40744,6 +43792,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2a05:d072:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ffe:c000::/40", "region": "us-west-1", @@ -40756,6 +43810,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:f00f::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2606:f40:3001::/48", "region": "us-east-1", @@ -40792,12 +43852,24 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f12:4000::/36", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f1c::/36", "region": "us-west-1", "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:f0f0:1000::/44", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2620:107:4000:2::90/128", "region": "us-west-1", @@ -40864,6 +43936,12 @@ "service": "AMAZON", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1ffb:8021::/48", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da18::/36", "region": "ap-southeast-1", @@ -40876,6 +43954,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2a05:d031:e000::/40", + "region": "me-south-1", + "service": "AMAZON", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2404:c2c0:8000::/36", "region": "cn-northwest-1", @@ -40996,6 +44080,18 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2a05:d031:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d031:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", @@ -41086,6 +44182,12 @@ "service": "AMAZON", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d031:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d071:1000::/40", "region": "eu-south-2", @@ -41098,6 +44200,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1f61:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:8285::/48", "region": "ap-south-1", @@ -41134,6 +44242,12 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2600:1ff2:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2a05:d079:a000::/40", "region": "eu-south-1", @@ -41146,6 +44260,12 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2406:da61:9000::/40", + "region": "ap-southeast-3", + "service": "AMAZON", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2406:daf8:9000::/40", "region": "ap-southeast-3", @@ -41188,6 +44308,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ipv6_prefix": "2a05:d072:c000::/40", + "region": "eu-west-2", + "service": "AMAZON", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", @@ -41200,6 +44326,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1ff2:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -41236,6 +44368,12 @@ "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ipv6_prefix": "2406:da61:a000::/40", + "region": "ap-south-1", + "service": "AMAZON", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:daf1:f000::/40", "region": "ap-southeast-4", @@ -41302,6 +44440,18 @@ "service": "AMAZON", "network_border_group": "me-central-1" }, + { + "ipv6_prefix": "2600:f00c::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d031:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2a05:d07c:2000::/40", "region": "eu-west-3", @@ -41512,6 +44662,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f61:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2400:7fc0:200::/40", "region": "cn-north-1", @@ -41536,12 +44692,24 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d072:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a01:578:0:7700::/56", "region": "il-central-1", "service": "AMAZON", "network_border_group": "il-central-1" }, + { + "ipv6_prefix": "2600:1f61:1000::/40", + "region": "ca-central-1", + "service": "AMAZON", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2400:6700:ff00::/64", "region": "ap-northeast-1", @@ -41560,6 +44728,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2406:daf2:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1f16::/36", "region": "us-east-2", @@ -41818,6 +44992,18 @@ "service": "AMAZON", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2406:da61:8000::/40", + "region": "ap-southeast-1", + "service": "AMAZON", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:daf2:f000::/40", + "region": "ap-southeast-4", + "service": "AMAZON", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -41848,6 +45034,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2600:f00c:8000::/39", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d018::/36", "region": "eu-west-1", @@ -41878,6 +45070,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:f000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da68:c000::/40", "region": "ap-southeast-2", @@ -41932,6 +45130,12 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2406:da61:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1f01:48d2::/47", "region": "ap-southeast-2", @@ -41956,6 +45160,18 @@ "service": "AMAZON", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:da61:2000::/40", + "region": "ap-northeast-2", + "service": "AMAZON", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2600:1f14:4000::/36", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1-dfw-2" + }, { "ipv6_prefix": "2600:1ffd:84bd::/48", "region": "eu-west-2", @@ -42088,6 +45304,12 @@ "service": "AMAZON", "network_border_group": "GLOBAL" }, + { + "ipv6_prefix": "2a05:d031:a000::/40", + "region": "eu-south-1", + "service": "AMAZON", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2a05:d050:c000::/40", "region": "eu-west-2", @@ -42166,6 +45388,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2a05:d031:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d072:6000::/40", + "region": "eu-north-1", + "service": "AMAZON", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d07c:1000::/40", "region": "eu-south-2", @@ -42244,6 +45478,12 @@ "service": "AMAZON", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff2:e000::/40", + "region": "sa-east-1", + "service": "AMAZON", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:819f::/48", "region": "ca-central-1", @@ -42490,6 +45730,18 @@ "service": "AMAZON", "network_border_group": "us-east-1-wl1-bos-wlz-1" }, + { + "ipv6_prefix": "2600:f000:8000::/39", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2a05:d072:9000::/40", + "region": "eu-central-2", + "service": "AMAZON", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2406:dafc:9000::/40", "region": "ap-southeast-3", @@ -42526,6 +45778,12 @@ "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d072:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:daf9:b000::/40", "region": "ap-south-2", @@ -42556,6 +45814,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:daf2:4000::/40", + "region": "ap-northeast-1", + "service": "AMAZON", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2600:1f01:4830::/47", "region": "eu-central-1", @@ -42586,6 +45850,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1f61:4000::/40", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ffd:8508::/48", "region": "us-west-2", @@ -42598,6 +45868,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1f1c:4000::/36", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2-phx-2" + }, { "ipv6_prefix": "2a05:d018:1000::/36", "region": "eu-west-1", @@ -42622,6 +45898,12 @@ "service": "AMAZON", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1f61:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2620:107:4000:a840::/58", "region": "ap-southeast-3", @@ -42646,6 +45928,12 @@ "service": "AMAZON", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2606:f40:1801::/48", + "region": "us-west-2", + "service": "AMAZON", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d070:8000::/40", "region": "eu-west-1", @@ -42724,6 +46012,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-4" }, + { + "ipv6_prefix": "2406:daf2:1000::/40", + "region": "af-south-1", + "service": "AMAZON", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1f00:1000::/40", "region": "ca-central-1", @@ -42754,6 +46048,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:1ff2:c000::/40", + "region": "us-west-1", + "service": "AMAZON", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2a05:d071:e000::/40", "region": "me-south-1", @@ -42808,6 +46108,12 @@ "service": "AMAZON", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2600:1ff2:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffa:8000::/40", "region": "us-east-1", @@ -42862,6 +46168,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1-wl1-nrt-wlz-1" }, + { + "ipv6_prefix": "2a05:d031:4000::/40", + "region": "eu-central-1", + "service": "AMAZON", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2406:daf9:1000::/40", "region": "af-south-1", @@ -42916,6 +46228,12 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf2:e000::/40", + "region": "ap-east-1", + "service": "AMAZON", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ffe:5000::/40", "region": "us-gov-east-1", @@ -42952,6 +46270,12 @@ "service": "AMAZON", "network_border_group": "eu-central-2" }, + { + "ipv6_prefix": "2406:daf2:7000::/40", + "region": "me-central-1", + "service": "AMAZON", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:dafe:9000::/40", "region": "ap-southeast-3", @@ -43012,6 +46336,18 @@ "service": "AMAZON", "network_border_group": "us-east-2" }, + { + "ipv6_prefix": "2600:1ff2:8000::/39", + "region": "us-east-1", + "service": "AMAZON", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d072:1000::/40", + "region": "eu-south-2", + "service": "AMAZON", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07f:1000::/40", "region": "eu-south-2", @@ -43066,6 +46402,12 @@ "service": "AMAZON", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1ff2:5000::/40", + "region": "us-gov-east-1", + "service": "AMAZON", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2a05:d070:c000::/40", "region": "eu-west-2", @@ -43276,6 +46618,12 @@ "service": "AMAZON", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2406:daf2:c000::/40", + "region": "ap-southeast-2", + "service": "AMAZON", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1ff0:5000::/40", "region": "us-gov-east-1", @@ -43516,6 +46864,18 @@ "service": "AMAZON", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1f61:2000::/40", + "region": "us-gov-west-1", + "service": "AMAZON", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1f61:6000::/40", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fff:5000::/40", "region": "us-gov-east-1", @@ -43528,6 +46888,12 @@ "service": "AMAZON", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1f01:48f0::/47", + "region": "us-east-2", + "service": "AMAZON", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1f1b:8000::/36", "region": "us-west-2", @@ -43564,6 +46930,12 @@ "service": "AMAZON", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2406:daf2:b000::/40", + "region": "ap-south-2", + "service": "AMAZON", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:da70:a000::/40", "region": "ap-south-1", @@ -43576,12 +46948,24 @@ "service": "AMAZON", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2a05:d031:5000::/40", + "region": "il-central-1", + "service": "AMAZON", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2a05:d03a:8000::/40", "region": "eu-west-1", "service": "AMAZON", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d072:2000::/40", + "region": "eu-west-3", + "service": "AMAZON", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2400:6500:0:7300::/56", "region": "ap-east-1", @@ -43594,6 +46978,12 @@ "service": "AMAZON", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d072:8000::/40", + "region": "eu-west-1", + "service": "AMAZON", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2a05:d07a:a000::/40", "region": "eu-south-1", @@ -44764,6 +48154,12 @@ "service": "S3", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2600:1ff2:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d070:e000::/40", "region": "me-south-1", @@ -44812,6 +48208,12 @@ "service": "EC2", "network_border_group": "us-west-2-pilot-2" }, + { + "ipv6_prefix": "2406:da61:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2406:daf1:a000::/40", "region": "ap-south-1", @@ -44884,6 +48286,12 @@ "service": "EC2", "network_border_group": "us-gov-west-1" }, + { + "ipv6_prefix": "2406:da61:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2600:1ffd:80c8::/48", "region": "eu-central-1", @@ -44998,12 +48406,24 @@ "service": "EC2", "network_border_group": "ap-southeast-4" }, + { + "ipv6_prefix": "2406:daf2:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, { "ipv6_prefix": "2404:c2c0:2f00::/40", "region": "cn-northwest-1", "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2a05:d031:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2400:6500:ff00::/64", "region": "ap-southeast-1", @@ -45016,12 +48436,24 @@ "service": "EC2", "network_border_group": "eu-north-1" }, + { + "ipv6_prefix": "2406:daf2:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, { "ipv6_prefix": "2a05:d070:a000::/40", "region": "eu-south-1", "service": "EC2", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:da61:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2600:1f70:6000::/40", "region": "us-east-2", @@ -45052,6 +48484,12 @@ "service": "EC2", "network_border_group": "eu-west-2" }, + { + "ipv6_prefix": "2406:da61:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1ffd:807f::/48", "region": "us-east-1", @@ -45082,6 +48520,12 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2406:da61:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1ff1:e000::/40", "region": "sa-east-1", @@ -45094,6 +48538,18 @@ "service": "EC2", "network_border_group": "eu-central-1" }, + { + "ipv6_prefix": "2406:daf2:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, + { + "ipv6_prefix": "2406:da61:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2406:da00:f000::/40", "region": "ap-southeast-4", @@ -45160,18 +48616,42 @@ "service": "EC2", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2406:daf2:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2600:1f60:5000::/40", "region": "us-gov-east-1", "service": "EC2", "network_border_group": "us-gov-east-1" }, + { + "ipv6_prefix": "2600:1f61:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2600:f0f0:4000::/44", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2620:108:700f::/64", "region": "us-west-2", "service": "EC2", "network_border_group": "us-west-2" }, + { + "ipv6_prefix": "2a05:d072:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2600:1fff:4000::/40", "region": "us-west-2", @@ -45196,6 +48676,18 @@ "service": "EC2", "network_border_group": "ap-northeast-1" }, + { + "ipv6_prefix": "2406:da61:6000::/40", + "region": "ap-northeast-3", + "service": "EC2", + "network_border_group": "ap-northeast-3" + }, + { + "ipv6_prefix": "2600:1ffb:8080::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2a05:d000:4000::/40", "region": "eu-central-1", @@ -45214,6 +48706,18 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2a05:d072:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, + { + "ipv6_prefix": "2600:f00f::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, { "ipv6_prefix": "2606:f40:3001::/48", "region": "us-east-1", @@ -45244,12 +48748,24 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1f12:4000::/36", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1f1c::/36", "region": "us-west-1", "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:f0f0:1000::/44", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da1e::/32", "region": "ap-east-1", @@ -45292,12 +48808,24 @@ "service": "EC2", "network_border_group": "cn-northwest-1" }, + { + "ipv6_prefix": "2600:1ffb:8021::/48", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2406:da18::/36", "region": "ap-southeast-1", "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2a05:d031:e000::/40", + "region": "me-south-1", + "service": "EC2", + "network_border_group": "me-south-1" + }, { "ipv6_prefix": "2404:c2c0:8000::/36", "region": "cn-northwest-1", @@ -45370,6 +48898,18 @@ "service": "EC2", "network_border_group": "ap-northeast-2" }, + { + "ipv6_prefix": "2a05:d031:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, + { + "ipv6_prefix": "2a05:d031:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2606:f40::/48", "region": "us-east-1", @@ -45418,6 +48958,12 @@ "service": "EC2", "network_border_group": "eu-west-3" }, + { + "ipv6_prefix": "2a05:d031:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d071:1000::/40", "region": "eu-south-2", @@ -45430,6 +48976,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1f61:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:8285::/48", "region": "ap-south-1", @@ -45466,6 +49018,18 @@ "service": "EC2", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2600:1ff2:6000::/40", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, + { + "ipv6_prefix": "2406:da61:9000::/40", + "region": "ap-southeast-3", + "service": "EC2", + "network_border_group": "ap-southeast-3" + }, { "ipv6_prefix": "2a01:578:3::/64", "region": "eu-west-1", @@ -45484,6 +49048,12 @@ "service": "EC2", "network_border_group": "il-central-1" }, + { + "ipv6_prefix": "2a05:d072:c000::/40", + "region": "eu-west-2", + "service": "EC2", + "network_border_group": "eu-west-2" + }, { "ipv6_prefix": "2400:7fc0:4000::/40", "region": "cn-north-1", @@ -45496,6 +49066,12 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2600:1ff2:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2600:1ffd:80f0::/48", "region": "eu-central-1", @@ -45520,6 +49096,12 @@ "service": "EC2", "network_border_group": "il-central-1" }, + { + "ipv6_prefix": "2406:da61:a000::/40", + "region": "ap-south-1", + "service": "EC2", + "network_border_group": "ap-south-1" + }, { "ipv6_prefix": "2406:daf1:f000::/40", "region": "ap-southeast-4", @@ -45550,6 +49132,18 @@ "service": "EC2", "network_border_group": "ap-southeast-1" }, + { + "ipv6_prefix": "2600:f00c::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d031:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, { "ipv6_prefix": "2600:1f60:e000::/40", "region": "sa-east-1", @@ -45664,6 +49258,12 @@ "service": "EC2", "network_border_group": "ap-northeast-3" }, + { + "ipv6_prefix": "2600:1f61:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2406:daf1:e000::/40", "region": "ap-east-1", @@ -45676,6 +49276,18 @@ "service": "EC2", "network_border_group": "sa-east-1" }, + { + "ipv6_prefix": "2a05:d072:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, + { + "ipv6_prefix": "2600:1f61:1000::/40", + "region": "ca-central-1", + "service": "EC2", + "network_border_group": "ca-central-1" + }, { "ipv6_prefix": "2400:6700:ff00::/64", "region": "ap-northeast-1", @@ -45688,6 +49300,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2406:daf2:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, { "ipv6_prefix": "2600:1f16::/36", "region": "us-east-2", @@ -45796,6 +49414,18 @@ "service": "EC2", "network_border_group": "ap-south-2" }, + { + "ipv6_prefix": "2406:da61:8000::/40", + "region": "ap-southeast-1", + "service": "EC2", + "network_border_group": "ap-southeast-1" + }, + { + "ipv6_prefix": "2406:daf2:f000::/40", + "region": "ap-southeast-4", + "service": "EC2", + "network_border_group": "ap-southeast-4" + }, { "ipv6_prefix": "2600:1f13:8000::/36", "region": "us-east-1", @@ -45820,6 +49450,12 @@ "service": "EC2", "network_border_group": "us-east-1-wl1-dfw-wlz-1" }, + { + "ipv6_prefix": "2600:f00c:8000::/39", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d018::/36", "region": "eu-west-1", @@ -45838,12 +49474,24 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:f000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, { "ipv6_prefix": "2600:1ffb:80a1::/48", "region": "us-east-1", "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:da61:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1ffd:818f::/48", "region": "ca-central-1", @@ -45856,6 +49504,18 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2406:da61:2000::/40", + "region": "ap-northeast-2", + "service": "EC2", + "network_border_group": "ap-northeast-2" + }, + { + "ipv6_prefix": "2600:1f14:4000::/36", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1-dfw-2" + }, { "ipv6_prefix": "2600:1ffd:84bd::/48", "region": "eu-west-2", @@ -45898,6 +49558,12 @@ "service": "EC2", "network_border_group": "eu-south-1" }, + { + "ipv6_prefix": "2a05:d031:a000::/40", + "region": "eu-south-1", + "service": "EC2", + "network_border_group": "eu-south-1" + }, { "ipv6_prefix": "2804:800:ff00::/64", "region": "sa-east-1", @@ -45940,6 +49606,18 @@ "service": "EC2", "network_border_group": "af-south-1" }, + { + "ipv6_prefix": "2a05:d031:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, + { + "ipv6_prefix": "2a05:d072:6000::/40", + "region": "eu-north-1", + "service": "EC2", + "network_border_group": "eu-north-1" + }, { "ipv6_prefix": "2a05:d07f:2000::/40", "region": "eu-west-3", @@ -45982,6 +49660,12 @@ "service": "EC2", "network_border_group": "cn-north-1" }, + { + "ipv6_prefix": "2600:1ff2:e000::/40", + "region": "sa-east-1", + "service": "EC2", + "network_border_group": "sa-east-1" + }, { "ipv6_prefix": "2600:1ffd:819f::/48", "region": "ca-central-1", @@ -46114,12 +49798,30 @@ "service": "EC2", "network_border_group": "us-east-1-wl1-bos-wlz-1" }, + { + "ipv6_prefix": "2600:f000:8000::/39", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, + { + "ipv6_prefix": "2a05:d072:9000::/40", + "region": "eu-central-2", + "service": "EC2", + "network_border_group": "eu-central-2" + }, { "ipv6_prefix": "2606:f40:4000::/48", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d072:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2406:da70:7000::/40", "region": "me-central-1", @@ -46138,6 +49840,18 @@ "service": "EC2", "network_border_group": "ap-southeast-3" }, + { + "ipv6_prefix": "2406:daf2:4000::/40", + "region": "ap-northeast-1", + "service": "EC2", + "network_border_group": "ap-northeast-1" + }, + { + "ipv6_prefix": "2600:1f61:4000::/40", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2600:1ffd:8508::/48", "region": "us-west-2", @@ -46150,6 +49864,12 @@ "service": "EC2", "network_border_group": "ap-southeast-2" }, + { + "ipv6_prefix": "2600:1f1c:4000::/36", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2-phx-2" + }, { "ipv6_prefix": "2a05:d018:1000::/36", "region": "eu-west-1", @@ -46162,6 +49882,12 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1f61:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2406:da70:b000::/40", "region": "ap-south-2", @@ -46174,6 +49900,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2606:f40:1801::/48", + "region": "us-west-2", + "service": "EC2", + "network_border_group": "us-west-2" + }, { "ipv6_prefix": "2a05:d070:8000::/40", "region": "eu-west-1", @@ -46240,6 +49972,12 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf2:1000::/40", + "region": "af-south-1", + "service": "EC2", + "network_border_group": "af-south-1" + }, { "ipv6_prefix": "2600:1f00:1000::/40", "region": "ca-central-1", @@ -46252,6 +49990,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2600:1ff2:c000::/40", + "region": "us-west-1", + "service": "EC2", + "network_border_group": "us-west-1" + }, { "ipv6_prefix": "2a05:d071:e000::/40", "region": "me-south-1", @@ -46270,6 +50014,12 @@ "service": "EC2", "network_border_group": "ap-east-1" }, + { + "ipv6_prefix": "2600:1ff2:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, { "ipv6_prefix": "2600:1ffb:60c1::/48", "region": "us-east-2", @@ -46312,6 +50062,12 @@ "service": "EC2", "network_border_group": "ap-northeast-1-wl1-nrt-wlz-1" }, + { + "ipv6_prefix": "2a05:d031:4000::/40", + "region": "eu-central-1", + "service": "EC2", + "network_border_group": "eu-central-1" + }, { "ipv6_prefix": "2600:1ffd:85b2::/48", "region": "ap-southeast-1", @@ -46336,6 +50092,12 @@ "service": "EC2", "network_border_group": "us-east-1-wl1-was-wlz-1" }, + { + "ipv6_prefix": "2406:daf2:e000::/40", + "region": "ap-east-1", + "service": "EC2", + "network_border_group": "ap-east-1" + }, { "ipv6_prefix": "2600:1f70:e000::/40", "region": "sa-east-1", @@ -46354,6 +50116,12 @@ "service": "EC2", "network_border_group": "eu-central-2" }, + { + "ipv6_prefix": "2406:daf2:7000::/40", + "region": "me-central-1", + "service": "EC2", + "network_border_group": "me-central-1" + }, { "ipv6_prefix": "2406:da70:2000::/40", "region": "ap-northeast-2", @@ -46384,6 +50152,18 @@ "service": "EC2", "network_border_group": "ca-central-1" }, + { + "ipv6_prefix": "2600:1ff2:8000::/39", + "region": "us-east-1", + "service": "EC2", + "network_border_group": "us-east-1" + }, + { + "ipv6_prefix": "2a05:d072:1000::/40", + "region": "eu-south-2", + "service": "EC2", + "network_border_group": "eu-south-2" + }, { "ipv6_prefix": "2a05:d07f:1000::/40", "region": "eu-south-2", @@ -46414,6 +50194,12 @@ "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2600:1ff2:5000::/40", + "region": "us-gov-east-1", + "service": "EC2", + "network_border_group": "us-gov-east-1" + }, { "ipv6_prefix": "2a05:d070:c000::/40", "region": "eu-west-2", @@ -46498,6 +50284,12 @@ "service": "EC2", "network_border_group": "us-east-1" }, + { + "ipv6_prefix": "2406:daf2:c000::/40", + "region": "ap-southeast-2", + "service": "EC2", + "network_border_group": "ap-southeast-2" + }, { "ipv6_prefix": "2600:1ff0:5000::/40", "region": "us-gov-east-1", @@ -46594,6 +50386,18 @@ "service": "EC2", "network_border_group": "us-west-1" }, + { + "ipv6_prefix": "2600:1f61:2000::/40", + "region": "us-gov-west-1", + "service": "EC2", + "network_border_group": "us-gov-west-1" + }, + { + "ipv6_prefix": "2600:1f61:6000::/40", + "region": "us-east-2", + "service": "EC2", + "network_border_group": "us-east-2" + }, { "ipv6_prefix": "2600:1fff:5000::/40", "region": "us-gov-east-1", @@ -46624,18 +50428,42 @@ "service": "EC2", "network_border_group": "me-south-1" }, + { + "ipv6_prefix": "2406:daf2:b000::/40", + "region": "ap-south-2", + "service": "EC2", + "network_border_group": "ap-south-2" + }, { "ipv6_prefix": "2406:da70:a000::/40", "region": "ap-south-1", "service": "EC2", "network_border_group": "ap-south-1" }, + { + "ipv6_prefix": "2a05:d031:5000::/40", + "region": "il-central-1", + "service": "EC2", + "network_border_group": "il-central-1" + }, { "ipv6_prefix": "2a05:d03a:8000::/40", "region": "eu-west-1", "service": "EC2", "network_border_group": "eu-west-1" }, + { + "ipv6_prefix": "2a05:d072:2000::/40", + "region": "eu-west-3", + "service": "EC2", + "network_border_group": "eu-west-3" + }, + { + "ipv6_prefix": "2a05:d072:8000::/40", + "region": "eu-west-1", + "service": "EC2", + "network_border_group": "eu-west-1" + }, { "ipv6_prefix": "2600:9000:3000::/36", "region": "GLOBAL", From 3faf763e2377652bb18d8f243c20036ee14e7d44 Mon Sep 17 00:00:00 2001 From: Consultant Date: Thu, 1 Sep 2022 07:20:56 -0700 Subject: [PATCH 858/979] Add flag to authenticate against an AWS China region --- ScoutSuite/__main__.py | 8 +++- ScoutSuite/core/cli_parser.py | 7 ++- .../providers/aws/authentication_strategy.py | 43 ++++++++++++++----- 3 files changed, 45 insertions(+), 13 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index ff1ca56e9..cc50c1dc1 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -64,6 +64,7 @@ def run_from_cli(): max_workers=args.get('max_workers'), regions=args.get('regions'), excluded_regions=args.get('excluded_regions'), + china_region=args.get('china_region'), fetch_local=args.get('fetch_local'), update=args.get('update'), max_rate=args.get('max_rate'), ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'), @@ -107,6 +108,7 @@ def run(provider, max_workers=10, regions=[], excluded_regions=[], + china_region=False, fetch_local=False, update=False, max_rate=None, ip_ranges=[], ip_ranges_name_key='name', @@ -158,6 +160,7 @@ async def _run(provider, database_name, host_ip, host_port, regions, excluded_regions, + china_region, fetch_local, update, ip_ranges, ip_ranges_name_key, ruleset, exceptions, @@ -171,7 +174,7 @@ async def _run(provider, """ Run a scout job. """ - + print("china_region", china_region) # Configure the debug level set_logger_configuration(debug, quiet, log_file) @@ -198,7 +201,8 @@ async def _run(provider, username=username, password=password, access_key_id=access_key_id, - access_key_secret=access_key_secret) + access_key_secret=access_key_secret, + china_region=china_region) if not credentials: return 101 diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index db9563f0f..cb032bbff 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -67,7 +67,12 @@ def _init_aws_parser(self): help='AWS Session Token') aws_additional_parser = parser.add_argument_group('Additional arguments') - + + aws_additional_parser.add_argument('-cr', + '--china-region', + action='store_true', + dest='china_region', + help='Authenticate against a China region') aws_additional_parser.add_argument('-r', '--regions', dest='regions', diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index d8d2fe2b6..68610a622 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -20,6 +20,7 @@ class AWSAuthenticationStrategy(AuthenticationStrategy): def authenticate(self, profile=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, + china_region=False, **kwargs): try: @@ -29,23 +30,45 @@ def authenticate(self, logging.getLogger('botocore.auth').setLevel(logging.ERROR) logging.getLogger('urllib3').setLevel(logging.ERROR) + # There are two AWS regions in china cn-northwest-1 and cn-north-1, an access key created in either of these two regions can be used to call sts get-caller-identity + if profile: - session = boto3.Session(profile_name=profile) + if china_region: + session = boto3.Session(profile_name=profile, region_name='cn-north-1') + else: + session = boto3.Session(profile_name=profile) elif aws_access_key_id and aws_secret_access_key: if aws_session_token: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - aws_session_token=aws_session_token, - ) + if china_region: + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + aws_session_token=aws_session_token, + region_name='cn-north-1' + ) + else: + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + aws_session_token=aws_session_token, + ) else: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - ) + if china_region: + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + region_name='cn-north-1' + ) + else: + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + + ) else: session = boto3.Session() + # Test querying for current user get_caller_identity(session) From ee4fd9a089146233c630119534449404c640c3e0 Mon Sep 17 00:00:00 2001 From: Consultant Date: Thu, 1 Sep 2022 07:39:04 -0700 Subject: [PATCH 859/979] removed unnecessary print --- ScoutSuite/__main__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index cc50c1dc1..6213edc7c 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -174,7 +174,6 @@ async def _run(provider, """ Run a scout job. """ - print("china_region", china_region) # Configure the debug level set_logger_configuration(debug, quiet, log_file) From 4dd7eb415f1f50b7a9f8b99ce40218c615406150 Mon Sep 17 00:00:00 2001 From: michyweb Date: Thu, 1 Sep 2022 07:55:51 -0700 Subject: [PATCH 860/979] removed unnecessary argument, minor refactor of the latest feature --- ScoutSuite/__main__.py | 9 +++++---- ScoutSuite/core/cli_parser.py | 7 +------ ScoutSuite/providers/aws/authentication_strategy.py | 8 ++++---- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 6213edc7c..b8e77c97d 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -64,7 +64,6 @@ def run_from_cli(): max_workers=args.get('max_workers'), regions=args.get('regions'), excluded_regions=args.get('excluded_regions'), - china_region=args.get('china_region'), fetch_local=args.get('fetch_local'), update=args.get('update'), max_rate=args.get('max_rate'), ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'), @@ -108,7 +107,6 @@ def run(provider, max_workers=10, regions=[], excluded_regions=[], - china_region=False, fetch_local=False, update=False, max_rate=None, ip_ranges=[], ip_ranges_name_key='name', @@ -160,7 +158,6 @@ async def _run(provider, database_name, host_ip, host_port, regions, excluded_regions, - china_region, fetch_local, update, ip_ranges, ip_ranges_name_key, ruleset, exceptions, @@ -182,6 +179,10 @@ async def _run(provider, print_info('Authenticating to cloud provider') auth_strategy = get_authentication_strategy(provider) + authenticate_in_china_region = False + if 'cn-north-1' in regions or 'cn-northwest-1' in regions: + authenticate_in_china_region = True + try: credentials = auth_strategy.authenticate(profile=profile, aws_access_key_id=aws_access_key_id, @@ -201,7 +202,7 @@ async def _run(provider, password=password, access_key_id=access_key_id, access_key_secret=access_key_secret, - china_region=china_region) + authenticate_in_china_region=authenticate_in_china_region) if not credentials: return 101 diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index cb032bbff..db9563f0f 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -67,12 +67,7 @@ def _init_aws_parser(self): help='AWS Session Token') aws_additional_parser = parser.add_argument_group('Additional arguments') - - aws_additional_parser.add_argument('-cr', - '--china-region', - action='store_true', - dest='china_region', - help='Authenticate against a China region') + aws_additional_parser.add_argument('-r', '--regions', dest='regions', diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 68610a622..937e81423 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -20,7 +20,7 @@ class AWSAuthenticationStrategy(AuthenticationStrategy): def authenticate(self, profile=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, - china_region=False, + authenticate_in_china_region=False, **kwargs): try: @@ -33,13 +33,13 @@ def authenticate(self, # There are two AWS regions in china cn-northwest-1 and cn-north-1, an access key created in either of these two regions can be used to call sts get-caller-identity if profile: - if china_region: + if authenticate_in_china_region: session = boto3.Session(profile_name=profile, region_name='cn-north-1') else: session = boto3.Session(profile_name=profile) elif aws_access_key_id and aws_secret_access_key: if aws_session_token: - if china_region: + if authenticate_in_china_region: session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, @@ -53,7 +53,7 @@ def authenticate(self, aws_session_token=aws_session_token, ) else: - if china_region: + if authenticate_in_china_region: session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, From 56de0bedb4f7f265b32c80e26586709ba6ed1fba Mon Sep 17 00:00:00 2001 From: Florin Asavoaie Date: Fri, 2 Sep 2022 11:11:41 +0300 Subject: [PATCH 861/979] Fix AWS when building for arm64 --- docker/bin/container-install-aws2.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/bin/container-install-aws2.sh b/docker/bin/container-install-aws2.sh index b35bb7a0d..720c43ecd 100755 --- a/docker/bin/container-install-aws2.sh +++ b/docker/bin/container-install-aws2.sh @@ -15,7 +15,7 @@ echo -e "\n\nAWS2 CLI Installation Starting...\n\n" # install AWS CLI v2 # ===================================== cd ${TMPDIR} -curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "awscliv2.zip" unzip awscliv2.zip ./aws/install --update From 01428f5cec4b556ad34df21bb55abb0444b4f462 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 2 Sep 2022 11:36:27 +0200 Subject: [PATCH 862/979] Revert "removed unnecessary argument, minor refactor of the latest feature" This reverts commit 4dd7eb415f1f50b7a9f8b99ce40218c615406150. --- ScoutSuite/__main__.py | 9 ++++----- ScoutSuite/core/cli_parser.py | 7 ++++++- ScoutSuite/providers/aws/authentication_strategy.py | 8 ++++---- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index b8e77c97d..6213edc7c 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -64,6 +64,7 @@ def run_from_cli(): max_workers=args.get('max_workers'), regions=args.get('regions'), excluded_regions=args.get('excluded_regions'), + china_region=args.get('china_region'), fetch_local=args.get('fetch_local'), update=args.get('update'), max_rate=args.get('max_rate'), ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'), @@ -107,6 +108,7 @@ def run(provider, max_workers=10, regions=[], excluded_regions=[], + china_region=False, fetch_local=False, update=False, max_rate=None, ip_ranges=[], ip_ranges_name_key='name', @@ -158,6 +160,7 @@ async def _run(provider, database_name, host_ip, host_port, regions, excluded_regions, + china_region, fetch_local, update, ip_ranges, ip_ranges_name_key, ruleset, exceptions, @@ -179,10 +182,6 @@ async def _run(provider, print_info('Authenticating to cloud provider') auth_strategy = get_authentication_strategy(provider) - authenticate_in_china_region = False - if 'cn-north-1' in regions or 'cn-northwest-1' in regions: - authenticate_in_china_region = True - try: credentials = auth_strategy.authenticate(profile=profile, aws_access_key_id=aws_access_key_id, @@ -202,7 +201,7 @@ async def _run(provider, password=password, access_key_id=access_key_id, access_key_secret=access_key_secret, - authenticate_in_china_region=authenticate_in_china_region) + china_region=china_region) if not credentials: return 101 diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index db9563f0f..cb032bbff 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -67,7 +67,12 @@ def _init_aws_parser(self): help='AWS Session Token') aws_additional_parser = parser.add_argument_group('Additional arguments') - + + aws_additional_parser.add_argument('-cr', + '--china-region', + action='store_true', + dest='china_region', + help='Authenticate against a China region') aws_additional_parser.add_argument('-r', '--regions', dest='regions', diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 937e81423..68610a622 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -20,7 +20,7 @@ class AWSAuthenticationStrategy(AuthenticationStrategy): def authenticate(self, profile=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, - authenticate_in_china_region=False, + china_region=False, **kwargs): try: @@ -33,13 +33,13 @@ def authenticate(self, # There are two AWS regions in china cn-northwest-1 and cn-north-1, an access key created in either of these two regions can be used to call sts get-caller-identity if profile: - if authenticate_in_china_region: + if china_region: session = boto3.Session(profile_name=profile, region_name='cn-north-1') else: session = boto3.Session(profile_name=profile) elif aws_access_key_id and aws_secret_access_key: if aws_session_token: - if authenticate_in_china_region: + if china_region: session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, @@ -53,7 +53,7 @@ def authenticate(self, aws_session_token=aws_session_token, ) else: - if authenticate_in_china_region: + if china_region: session = boto3.Session( aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key, From 8e37d90f4230a8324e3a1290e498ba93a7e0e184 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 2 Sep 2022 11:36:34 +0200 Subject: [PATCH 863/979] Revert "removed unnecessary print" This reverts commit ee4fd9a089146233c630119534449404c640c3e0. --- ScoutSuite/__main__.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 6213edc7c..cc50c1dc1 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -174,6 +174,7 @@ async def _run(provider, """ Run a scout job. """ + print("china_region", china_region) # Configure the debug level set_logger_configuration(debug, quiet, log_file) From d064666f329319fb3d7abd8ce77d9bc13730db32 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 2 Sep 2022 11:38:08 +0200 Subject: [PATCH 864/979] Revert "Add flag to authenticate against an AWS China region" This reverts commit 3faf763e2377652bb18d8f243c20036ee14e7d44. --- ScoutSuite/__main__.py | 8 +--- ScoutSuite/core/cli_parser.py | 7 +-- .../providers/aws/authentication_strategy.py | 43 +++++-------------- 3 files changed, 13 insertions(+), 45 deletions(-) diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index cc50c1dc1..ff1ca56e9 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -64,7 +64,6 @@ def run_from_cli(): max_workers=args.get('max_workers'), regions=args.get('regions'), excluded_regions=args.get('excluded_regions'), - china_region=args.get('china_region'), fetch_local=args.get('fetch_local'), update=args.get('update'), max_rate=args.get('max_rate'), ip_ranges=args.get('ip_ranges'), ip_ranges_name_key=args.get('ip_ranges_name_key'), @@ -108,7 +107,6 @@ def run(provider, max_workers=10, regions=[], excluded_regions=[], - china_region=False, fetch_local=False, update=False, max_rate=None, ip_ranges=[], ip_ranges_name_key='name', @@ -160,7 +158,6 @@ async def _run(provider, database_name, host_ip, host_port, regions, excluded_regions, - china_region, fetch_local, update, ip_ranges, ip_ranges_name_key, ruleset, exceptions, @@ -174,7 +171,7 @@ async def _run(provider, """ Run a scout job. """ - print("china_region", china_region) + # Configure the debug level set_logger_configuration(debug, quiet, log_file) @@ -201,8 +198,7 @@ async def _run(provider, username=username, password=password, access_key_id=access_key_id, - access_key_secret=access_key_secret, - china_region=china_region) + access_key_secret=access_key_secret) if not credentials: return 101 diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index cb032bbff..db9563f0f 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -67,12 +67,7 @@ def _init_aws_parser(self): help='AWS Session Token') aws_additional_parser = parser.add_argument_group('Additional arguments') - - aws_additional_parser.add_argument('-cr', - '--china-region', - action='store_true', - dest='china_region', - help='Authenticate against a China region') + aws_additional_parser.add_argument('-r', '--regions', dest='regions', diff --git a/ScoutSuite/providers/aws/authentication_strategy.py b/ScoutSuite/providers/aws/authentication_strategy.py index 68610a622..d8d2fe2b6 100755 --- a/ScoutSuite/providers/aws/authentication_strategy.py +++ b/ScoutSuite/providers/aws/authentication_strategy.py @@ -20,7 +20,6 @@ class AWSAuthenticationStrategy(AuthenticationStrategy): def authenticate(self, profile=None, aws_access_key_id=None, aws_secret_access_key=None, aws_session_token=None, - china_region=False, **kwargs): try: @@ -30,45 +29,23 @@ def authenticate(self, logging.getLogger('botocore.auth').setLevel(logging.ERROR) logging.getLogger('urllib3').setLevel(logging.ERROR) - # There are two AWS regions in china cn-northwest-1 and cn-north-1, an access key created in either of these two regions can be used to call sts get-caller-identity - if profile: - if china_region: - session = boto3.Session(profile_name=profile, region_name='cn-north-1') - else: - session = boto3.Session(profile_name=profile) + session = boto3.Session(profile_name=profile) elif aws_access_key_id and aws_secret_access_key: if aws_session_token: - if china_region: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - aws_session_token=aws_session_token, - region_name='cn-north-1' - ) - else: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - aws_session_token=aws_session_token, - ) + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + aws_session_token=aws_session_token, + ) else: - if china_region: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - region_name='cn-north-1' - ) - else: - session = boto3.Session( - aws_access_key_id=aws_access_key_id, - aws_secret_access_key=aws_secret_access_key, - - ) + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + ) else: session = boto3.Session() - # Test querying for current user get_caller_identity(session) From 732bd73d54dac24d2ed978d8e87d4efba7034809 Mon Sep 17 00:00:00 2001 From: James Hodgkinson Date: Fri, 9 Sep 2022 11:39:45 +1000 Subject: [PATCH 865/979] fixing typo --- docker/bin/container-set-init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/bin/container-set-init.sh b/docker/bin/container-set-init.sh index 7f89131c7..4f7c08901 100755 --- a/docker/bin/container-set-init.sh +++ b/docker/bin/container-set-init.sh @@ -3,5 +3,5 @@ cat <<'EOF' >> /root/.bashrc export TERM=linux cd ${HOME} source ${HOME}/scoutsuite/bin/activate -echo -e "Welcome to Sscoutsuite!\nYou are already in the Scoutsuite virtual environment, so just type \`scout\` to run it!\n (for example: \`scout -h\` to see the help documentation).\n\nHave fun!\n\n" +echo -e "Welcome to Scoutsuite!\nYou are already in the Scoutsuite virtual environment, so just type \`scout\` to run it!\n (for example: \`scout -h\` to see the help documentation).\n\nHave fun!\n\n" EOF From 41e360eaaeb3e4bdccde4cedf026155838c7c7e7 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Thu, 15 Sep 2022 16:06:26 +0200 Subject: [PATCH 866/979] Handle empty function 'maxInstances' Handle error when function has no maxInstances attribute defined --- ScoutSuite/providers/gcp/resources/functions/functions_v1.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 5ef31f101..99e423f43 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -27,9 +27,9 @@ def _parse_function(self, raw_function): function_dict['runtime'] = raw_function['runtime'] function_dict['memory'] = raw_function['availableMemoryMb'] function_dict['timeout'] = raw_function['timeout'] - function_dict['max_instances'] = raw_function['maxInstances'] + if raw_function['maxInstances']: + function_dict['max_instances'] = raw_function['maxInstances'] function_dict['docker_registry'] = raw_function['dockerRegistry'] - function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') function_dict['security_level'] = raw_function.get('httpsTrigger', {}).get('securityLevel') function_dict['ingress_settings'] = raw_function['ingressSettings'] From 4799df8122d30a37b46d540d28e405c2f3f136b7 Mon Sep 17 00:00:00 2001 From: tkmru Date: Mon, 19 Sep 2022 17:17:50 +0900 Subject: [PATCH 867/979] docs.microsoft.com->learn.microsoft.com --- .../appservice-authentication-disabled.json | 8 ++++---- .../appservice-client-certificates-disabled.json | 2 +- .../appservice-ftp-deployment-enabled.json | 8 ++++---- .../findings/appservice-http-2-disabled.json | 4 ++-- .../rules/findings/appservice-http-allowed.json | 2 +- ...vice-managed-service-identities-disabled.json | 4 ++-- .../appservice-outdated-version-dotnet.json | 4 ++-- .../appservice-outdated-version-java.json | 4 ++-- .../appservice-outdated-version-php.json | 4 ++-- .../appservice-outdated-version-python.json | 2 +- .../findings/appservice-tls-v1-supported.json | 2 +- ...ing-outdated-progamming-language-version.json | 2 +- .../rules/findings/keyvault-not-recoverable.json | 4 ++-- ...toring-diagnostic-setting-does-not-exist.json | 6 +++--- ...alert-not-exist-create-policy-assignment.json | 8 ++++---- ...gging-monitoring-log-alert-not-exist-nsg.json | 8 ++++---- ...ng-log-alert-not-exist-security-solution.json | 8 ++++---- ...ng-monitoring-logging-key-vault-disabled.json | 4 ++-- ...-profile-does-not-capture-all-activities.json | 4 ++-- ...atabase-servers-ssl-enforcement-disabled.json | 6 +++--- ...security-groups-rule-inbound-service-udp.json | 10 +++++----- ...ork-security-groups-rule-inbound-service.json | 10 +++++----- .../findings/network-watcher-not-enabled.json | 6 +++--- ...postgresql-database-servers-allow-any-ip.json | 8 ++++---- ...ase-servers-connection-throttling-not-on.json | 6 +++--- ...-database-servers-log-checkpoints-not-on.json | 6 +++--- ...-database-servers-log-connections-not-on.json | 6 +++--- ...tabase-servers-log-disconnections-not-on.json | 6 +++--- ...sql-database-servers-log-duration-not-on.json | 6 +++--- ...e-servers-log-retention-days-less-than-4.json | 6 +++--- ...atabase-servers-ssl-enforcement-disabled.json | 4 ++-- ...ac-administering-resource-locks-assigned.json | 4 ++-- ...stom-subscription-owner-role-not-allowed.json | 6 +++--- .../securitycenter-auto-provisioning-off.json | 14 +++++++------- ...tycenter-security-contacts-email-not-set.json | 6 +++--- ...ty-contacts-no-admin-email-notifications.json | 6 +++--- ...security-contacts-no-email-notifications.json | 6 +++--- ...enter-settings-MCAS-integration-disabled.json | 6 +++--- ...nter-settings-WDATP-integration-disabled.json | 6 +++--- ...securitycenter-standard-tier-not-enabled.json | 4 ++-- .../rules/findings/sqldatabase-allow-any-ip.json | 8 ++++---- ...atabase-databases-auditing-low-retention.json | 8 ++++---- .../sqldatabase-databases-no-auditing.json | 10 +++++----- ...databases-no-transparent-data-encryption.json | 4 ++-- ...-not-encrypted-with-customer-managed-key.json | 4 ++-- ...ldatabase-servers-no-ad-admin-configured.json | 10 +++++----- .../sqldatabase-servers-no-threat-detection.json | 4 ++-- ...servers-threat-detection-disabled-alerts.json | 4 ++-- ...rs-threat-detection-send-alerts-disabled.json | 4 ++-- ...rvers-vulnerability-assessments-disabled.json | 10 +++++----- ...ity-email-notif-to-admins-owners-not-set.json | 10 +++++----- ...s-vulnerability-recurring-scans-disabled.json | 10 +++++----- ...lity-send-scan-reports-to-not-configured.json | 10 +++++----- .../storageaccount-access-keys-not-rotated.json | 4 ++-- ...orageaccount-account-allowing-clear-text.json | 12 ++++++------ ...geaccount-encrypted-not-customer-managed.json | 4 ++-- .../storageaccount-public-blob-container.json | 4 ++-- .../storageaccount-public-traffic-allowed.json | 4 ++-- .../storageaccount-soft-delete-enabled.json | 2 +- ...torageaccount-trusted-microsoft-services.json | 4 ++-- .../virtual-machines-disk-encryption.json | 4 ++-- .../virtual-machines-extensions-installed.json | 4 ++-- .../findings/virtual-machines-managed-disks.json | 4 ++-- .../virtual-machines-os-data-encrypted-cmk.json | 12 ++++++------ ...-machines-unattached-disks-encrypted-cmk.json | 16 ++++++++-------- ...ces-contained-database-authentication-on.json | 4 ++-- ...instances-cross-db-ownership-chaining-on.json | 2 +- 67 files changed, 201 insertions(+), 201 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json index 2806f06b3..92bacb3f4 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json @@ -15,10 +15,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-overview", - "https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy" + "https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-overview", + "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json index 2123218d7..f9efc64d0 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json @@ -15,7 +15,7 @@ } ], "references": [ - "https://docs.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" + "https://learn.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json index d781a766c..a6afae335 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json @@ -10,10 +10,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp", - "https://docs.microsoft.com/en-us/azure/app-service/overview-security", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + "https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp", + "https://learn.microsoft.com/en-us/azure/app-service/overview-security", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json index 9bd3fadc9..7225797b6 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json index 364c5b5d0..a84db3775 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-allowed.json @@ -15,7 +15,7 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-https" + "https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-https" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json index 9e835bfad..dc03a2606 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + "https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json index cf5710b4e..a8f77864a 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json index d5609b92c..f71403661 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json @@ -16,8 +16,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json index 82c6d842d..b9c4d4e95 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json index 64fda7b89..f041369ad 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json @@ -15,7 +15,7 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json index dc13f3207..cc86ebd70 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json @@ -15,7 +15,7 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" + "https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json index f4fbb2127..8f9597f12 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-webapp-using-outdated-progamming-language-version.json @@ -25,7 +25,7 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" ], "dashboard_name": "Web Apps", "path": "appservice.subscriptions.id.web_apps.id", diff --git a/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json b/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json index 5220e74f1..b4cf4c9da 100755 --- a/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json +++ b/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli", + "https://learn.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli", "https://blogs.technet.microsoft.com/kv/2017/05/10/azure-key-vault-recovery-options/", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy" + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy" ], "dashboard_name": "PostgreSQL Servers", "path": "keyvault.subscriptions.id.vaults.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json index cfb5e1eb8..4b0d72a96 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", - "https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" + "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" ], "dashboard_name": "Diagnostic Settings", "path": "loggingmonitoring.subscriptions.id.diagnostic_settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json index 48b9d0fbc..6bd4127c2 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json @@ -11,10 +11,10 @@ ], "references": [ "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json index 8737d947a..49677b50f 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json @@ -11,10 +11,10 @@ ], "references": [ "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json index 2886759d6..5349eb7de 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json @@ -11,10 +11,10 @@ ], "references": [ "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json index 81378b1ad..4823f8b89 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Key Vaults", "path": "loggingmonitoring.subscriptions.id.resources_logging.id" , diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json index bf0d01eda..9ec1e3d1c 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Profile", "path": "loggingmonitoring.subscriptions.id.log_profiles.id" , diff --git a/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json index 9a4405489..7f7d049bb 100644 --- a/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", - "https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" + "https://learn.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", + "https://learn.microsoft.com/en-us/azure/mysql/howto-configure-ssl", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" ], "dashboard_name": "MySQL Servers", "path": "mysqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json index 1835d4aa7..028344c41 100644 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal", - "https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal", - "https://docs.microsoft.com/en-us/azure/expressroute/", - "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic" + "https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal", + "https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal", + "https://learn.microsoft.com/en-us/azure/expressroute/", + "https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic" ], "dashboard_name": "NSGs", "display_path": "network.subscriptions.id.security_groups.id", diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json index a13f942c5..f1a51ca48 100755 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service.json @@ -15,11 +15,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal", - "https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal", - "https://docs.microsoft.com/en-us/azure/expressroute/", - "https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#disable-rdpssh-access-to-azure-virtual-machines", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security" + "https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal", + "https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal", + "https://learn.microsoft.com/en-us/azure/expressroute/", + "https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#disable-rdpssh-access-to-azure-virtual-machines", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security" ], "dashboard_name": "NSGs", "display_path": "network.subscriptions.id.security_groups.id", diff --git a/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json b/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json index 4b4c58c84..8ccbd2c2d 100755 --- a/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/network-watcher-not-enabled.json @@ -14,10 +14,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", + "https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview", "https://docs.azure.cn/zh-cn/cli/network/watcher?view=azure-cli-latest", - "https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-create", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-asset-management#am-2-ensure-security-team-has-access-to-asset-inventory-and-metadata" + "https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-asset-management#am-2-ensure-security-team-has-access-to-asset-inventory-and-metadata" ], "dashboard_name": "Network Configurations", "display_path": "network.subscriptions.id.watchers", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json index 3e58bb136..dd59bc63d 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json @@ -9,10 +9,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-manage-firewall-using-cli", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-4-protect-applications-and-services-from-external-network-attacks" + "https://learn.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-manage-firewall-using-cli", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-4-protect-applications-and-services-from-external-network-attacks" ], "dashboard_name": "PostgreSQL Firewall Rules", "display_path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json index 512ce8077..229c7d94c 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json index 0256a5cc5..47d898159 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json index 35df67259..9a9685f65 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json index d460cbbaf..5602a9185 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json index 3c442dd76..223f9476e 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json index 191247c08..725f3a2e8 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-retention-days-less-than-4.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", - "https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/rest/api/postgresql/configurations/listbyserver", + "https://learn.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json index d23192245..f497f0bc6 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" + "https://learn.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" ], "dashboard_name": "PostgreSQL Servers", "path": "postgresqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json index 836bba236..d5e7922d3 100644 --- a/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json +++ b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles", - "https://docs.microsoft.com/en-us/azure/role-based-access-control/check-access" + "https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles", + "https://learn.microsoft.com/en-us/azure/role-based-access-control/check-access" ], "dashboard_name": "Roles", "path": "rbac.subscriptions.id.custom_roles_report.id", diff --git a/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json b/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json index 85cb58802..a3f48a601 100644 --- a/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json +++ b/ScoutSuite/providers/azure/rules/findings/rbac-custom-subscription-owner-role-not-allowed.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" + "https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-administrator", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], "dashboard_name": "Roles", "path": "rbac.subscriptions.id.roles.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json index ce4ae5f96..96872574f 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-auto-provisioning-off.json @@ -15,13 +15,13 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security-center/security-center-data-security", - "https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection", - "https://docs.microsoft.com/en-us/previous-versions/azure/reference/mt704062(v=azure.100)?redirectedfrom=MSDN", - "https://docs.microsoft.com/en-us/previous-versions/azure/reference/mt704063(v=azure.100)?redirectedfrom=MSDN", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + "https://learn.microsoft.com/en-us/azure/security-center/security-center-data-security", + "https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection", + "https://learn.microsoft.com/en-us/previous-versions/azure/reference/mt704062(v=azure.100)?redirectedfrom=MSDN", + "https://learn.microsoft.com/en-us/previous-versions/azure/reference/mt704063(v=azure.100)?redirectedfrom=MSDN", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/list", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/autoprovisioningsettings/create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" ], "dashboard_name": "Security Center", "path": "securitycenter.subscriptions.id.auto_provisioning_settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json index 7c55b97c2..d38787210 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-email-not-set.json @@ -15,9 +15,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + "https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" ], "dashboard_name": "Security contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json index fd0ffe21b..ea38c8f8b 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-admin-email-notifications.json @@ -15,9 +15,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + "https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" ], "dashboard_name": "Security contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json index bb11e4d1c..15a084426 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-security-contacts-no-email-notifications.json @@ -15,9 +15,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" + "https://learn.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-3-define-security-posture-management-strategy" ], "dashboard_name": "Security contacts", "path": "securitycenter.subscriptions.id.security_contacts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json index aa5802d9d..ba9e037ea 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-in/azure/security-center/azure-defender#azure-management-layer-azure-resource-manager-preview", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/update" + "https://learn.microsoft.com/en-in/azure/security-center/azure-defender#azure-management-layer-azure-resource-manager-preview", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/list", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/update" ], "dashboard_name": "Security Settings", "path": "securitycenter.subscriptions.id.settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json index 716f6b66b..2b01855be 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://docs.microsoft.com/en-in/azure/security-center/security-center-wdatp", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/list", - "https://docs.microsoft.com/en-us/rest/api/securitycenter/settings/update" + "https://learn.microsoft.com/en-in/azure/security-center/security-center-wdatp", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/list", + "https://learn.microsoft.com/en-us/rest/api/securitycenter/settings/update" ], "dashboard_name": "Security Settings", "path": "securitycenter.subscriptions.id.settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json index 018c7d529..ccfc14e4a 100755 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-standard-tier-not-enabled.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list", - "https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview" + "https://learn.microsoft.com/en-us/rest/api/securitycenter/pricings/list", + "https://learn.microsoft.com/en-us/azure/security-center/security-center-alerts-overview" ], "dashboard_name": "Pricings", "display_path": "securitycenter.subscriptions.id.pricings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json index 5cb14f699..1692f2fba 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-allow-any-ip.json @@ -10,10 +10,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access?view=sql-server-2017", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverfirewallrule?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure", - "https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database?view=azuresqldb-current" + "https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access?view=sql-server-2017", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverfirewallrule?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure", + "https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-set-database-firewall-rule-azure-sql-database?view=azuresqldb-current" ], "dashboard_name": "Firewall Rules", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json index 4a0f509a7..9f2085edb 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json @@ -15,10 +15,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditing?view=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention" + "https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-6-configure-log-storage-retention" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json index 2323f1e6c..3f1a946c4 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json @@ -15,11 +15,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json index 56a376356..6479913e1 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json @@ -14,8 +14,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-with-azure-sql-database", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" + "https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-with-azure-sql-database", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json index 69ea13f1a..01d3d640d 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json @@ -10,10 +10,10 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15", "https://azure.microsoft.com/en-in/blog/preview-sql-transparent-data-encryption-tde-with-bring-your-own-key-support/", "https://winterdom.com/2017/09/07/azure-sql-tde-protector-keyvault", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json index 1e05054d5..30c8b22bb 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json @@ -15,11 +15,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json index 252ba0baf..1d2726b0a 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json @@ -17,8 +17,8 @@ "display_path": "sqldatabase.subscriptions.id.servers.id", "path": "sqldatabase.subscriptions.id.servers.id", "references": [ - "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" ], "conditions": [ "and", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json index 82ef2843b..00f9dc1e7 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json @@ -17,8 +17,8 @@ "display_path": "sqldatabase.subscriptions.id.servers.id", "path": "sqldatabase.subscriptions.id.servers.id", "references": [ - "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" ], "conditions": [ "and", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json index bb6d1a5cc..a18b0e9c2 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json @@ -24,8 +24,8 @@ } ], "references":[ - "https://docs.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", - "https://docs.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json index a09d3825c..94b306536 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-assessments-disabled.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", - "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json index 25635c629..30b9c98b7 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", - "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json index 5c13dfcb5..288252266 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-recurring-scans-disabled.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", - "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json index 3aab8f438..9def9df4f 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", - "https://docs.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment", + "https://learn.microsoft.com/en-us/rest/api/sql/servervulnerabilityassessments/listbyserver", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Update-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-in/powershell/module/Az.Sql/Get-AzSqlServerVulnerabilityAssessmentSetting?view=azps-5.5.0&viewFallbackFrom=azps-2.6.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-posture-vulnerability-management#pv-6-perform-software-vulnerability-assessments" ], "dashboard_name": "SQL Servers", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json index ca98d6eda..da580f77e 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-create-storage-account", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" + "https://learn.microsoft.com/en-us/azure/storage/common/storage-create-storage-account", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json index 37a69441d..6e6f6f3b0 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-account-allowing-clear-text.json @@ -15,12 +15,12 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide", - "https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer", - "https://docs.microsoft.com/en-us/azure/storage/blobs/security-recommendations#encryption-in-transit", - "https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list", - "https://docs.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" + "https://learn.microsoft.com/en-us/azure/storage/common/storage-security-guide", + "https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer", + "https://learn.microsoft.com/en-us/azure/storage/blobs/security-recommendations#encryption-in-transit", + "https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_list", + "https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest#az_storage_account_update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit" ], "dashboard_name": "Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json index 7c628adaa..31cbcf942 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption", - "https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest" + "https://learn.microsoft.com/en-us/azure/storage/common/storage-service-encryption", + "https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest" ], "dashboard_name": "Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json index 7facb8f52..ab3e6bd5b 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" + "https://learn.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], "dashboard_name": "Storage Accounts", "display_path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json index b8549da88..887cb04ed 100644 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-traffic-allowed.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy" + "https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json index 1a85144a4..b75aad3f0 100644 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-soft-delete-enabled.json @@ -10,7 +10,7 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" + "https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-soft-delete" ], "dashboard_name": "Accounts", "display_path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json index a9bce2ea1..ad51940ac 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-trusted-microsoft-services.json @@ -15,8 +15,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic" + "https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-network-security#ns-1-implement-security-for-internal-traffic" ], "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json index 2feb4a840..cbc08209d 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-disk-encryption.json @@ -30,8 +30,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview", - "https://docs.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption" + "https://learn.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview", + "https://learn.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption" ], "dashboard_name": "Disks", "path": "virtualmachines.subscriptions.id.disks.id", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json index 3afbba585..e79baba66 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-extensions-installed.json @@ -20,8 +20,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-features", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + "https://learn.microsoft.com/en-us/azure/virtual-machines/windows/extensions-features", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" ], "dashboard_name": "Instances", "path": "virtualmachines.subscriptions.id.instances.id", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json index 20c6fb0f0..9b46cf9e6 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-managed-disks.json @@ -10,8 +10,8 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-1-define-asset-management-and-data-protection-strategy" + "https://learn.microsoft.com/en-us/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-1-define-asset-management-and-data-protection-strategy" ], "dashboard_name": "Instances", "path": "virtualmachines.subscriptions.id.instances.id", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json index 6214d493b..60fddb174 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json @@ -10,12 +10,12 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss", - "https://docs.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json", - "https://docs.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest", - "https://docs.microsoft.com/en-us/rest/api/compute/disks/delete", - "https://docs.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" + "https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss", + "https://learn.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json", + "https://learn.microsoft.com/en-us/azure/security/fundamentals/data-encryption-best-practices#protect-data-at-rest", + "https://learn.microsoft.com/en-us/rest/api/compute/disks/delete", + "https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" ], "dashboard_name": "Disks", "path": "virtualmachines.subscriptions.id.disks.id", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json index d4ddb63eb..dbb94fa09 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json @@ -1,7 +1,7 @@ { "description": "Unattached Disks Not Encrypted With CMK", "rationale": "Managed disks are encrypted by default with Platform-managed keys. Using Customer-managed keys may provide an additional level of security or meet an organization's regulatory requirements. Encrypting managed disks ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. Even if the disk is not attached to any of the VMs, there is always a risk where a compromised user account with administrative access to VM service can mount/attach these data disks which may lead to sensitive information disclosure and tampering.", - "remediation": "If data stored in the disk is no longer useful, refer to Azure documentation to delete unattached data disks at :
    1. https://docs.microsoft.com/en-us/rest/api/compute/disks/delete
    2. https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete

    If data stored in the disk is important, To encrypt the disk refer azure documentation at:
    1. https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal
    2. https://docs.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings
    ", + "remediation": "If data stored in the disk is no longer useful, refer to Azure documentation to delete unattached data disks at :
    1. https://learn.microsoft.com/en-us/rest/api/compute/disks/delete
    2. https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete

    If data stored in the disk is important, To encrypt the disk refer azure documentation at:
    1. https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal
    2. https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", @@ -10,13 +10,13 @@ } ], "references": [ - "https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss", - "https://docs.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json", - "https://docs.microsoft.com/en-us/rest/api/compute/disks/delete", - "https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete", - "https://docs.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings", - "https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-update", - "https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" + "https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss", + "https://learn.microsoft.com/en-us/azure/security-center/asset-inventory?toc=%2Fazure%2Fsecurity%2Ftoc.json", + "https://learn.microsoft.com/en-us/rest/api/compute/disks/delete", + "https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete", + "https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings", + "https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-5-encrypt-sensitive-data-at-rest" ], "dashboard_name": "Disks", "path": "virtualmachines.subscriptions.id.disks.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json index d91a86f6f..1841613da 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json @@ -11,8 +11,8 @@ ], "references": [ "https://cloud.google.com/sql/docs/sqlserver/flags", - "https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/contained-database-authentication-server-configuration-option?view=sql-server-ver15", - "https://docs.microsoft.com/en-us/sql/relational-databases/databases/security-best-practices-with-contained-databases?view=sql-server-ver15" + "https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/contained-database-authentication-server-configuration-option?view=sql-server-ver15", + "https://learn.microsoft.com/en-us/sql/relational-databases/databases/security-best-practices-with-contained-databases?view=sql-server-ver15" ], "dashboard_name": "Instances", "path": "cloudsql.projects.id.instances.id", diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json index b2e82fd61..d9f0657d0 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json @@ -11,7 +11,7 @@ ], "references": [ "https://cloud.google.com/sql/docs/sqlserver/flags", - "https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/cross-db-ownership-chaining-server-configuration-option?view=sql-server-ver15" + "https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/cross-db-ownership-chaining-server-configuration-option?view=sql-server-ver15" ], "dashboard_name": "Instances", "path": "cloudsql.projects.id.instances.id", From 5507cc6c496b014caa46bde9572ce7af86caaa19 Mon Sep 17 00:00:00 2001 From: Liyun Li Date: Thu, 22 Sep 2022 12:07:49 -0400 Subject: [PATCH 868/979] Kubescout Alpha --- MANIFEST.in | 2 + README.md | 1 + ScoutSuite/__main__.py | 32 +- ScoutSuite/core/cli_parser.py | 43 + .../details_for_kubernetes_resource.html | 62 ++ .../kubernetes/details_for_project.html | 17 + .../kubernetes/details_for_subscription.html | 17 + .../partials/kubernetes/kubernetes_code.html | 66 ++ ...kubernetes_container_security_context.html | 89 ++ .../partials/kubernetes/kubernetes_data.html | 23 + .../kubernetes/kubernetes_object.html | 45 + .../kubernetes_pod_security_context.html | 62 ++ .../kubernetes_resource_containers.html | 26 + .../kubernetes/kubernetes_resource_host.html | 30 + .../kubernetes_resource_limits.html | 22 + .../left_menu_for_kubernetes_resource.html | 52 + .../kubernetes/left_menu_for_project.html | 33 + .../left_menu_for_subscription.html | 33 + .../kubernetes/services.eks.encryption.html | 21 + .../kubernetes/services.eks.logging.html | 19 + .../services.kubernetesengine.clusters.html | 109 ++ ....subscriptions.id.diagnostic_settings.html | 22 + ...onitoring.subscriptions.id.log_alerts.html | 29 + ...itoring.subscriptions.id.log_profiles.html | 27 + ...ng.subscriptions.id.resources_logging.html | 22 + .../kubernetes/services.version.details.html | 9 + .../data/html/partials/kubernetes/utils.html | 83 ++ .../data/html/partials/resources_details.html | 2 +- .../services.kubernetes_workload.images.html | 15 + .../services.rbac.dangerous_grants.html | 37 + .../services.rbac.dodgy_subjects.html | 22 + .../services.rbac.permissive_bindings.html | 25 + .../output/data/inc-scoutsuite/scoutsuite.js | 193 ++-- ScoutSuite/providers/__init__.py | 3 +- .../base/authentication_strategy_factory.py | 3 +- ScoutSuite/providers/base/services.py | 1 + ScoutSuite/providers/kubernetes/__init__.py | 0 .../kubernetes/authentication_strategy.py | 69 ++ .../providers/kubernetes/facade/__init__.py | 27 + .../providers/kubernetes/facade/base.py | 142 +++ .../providers/kubernetes/facade/core.py | 42 + ScoutSuite/providers/kubernetes/facade/eks.py | 19 + .../providers/kubernetes/facade/extra.py | 36 + .../providers/kubernetes/facade/version.py | 15 + ScoutSuite/providers/kubernetes/metadata.json | 81 ++ ScoutSuite/providers/kubernetes/provider.py | 208 ++++ .../kubernetes/resources/__init__.py | 0 .../providers/kubernetes/resources/aks.py | 14 + .../providers/kubernetes/resources/base.py | 47 + .../providers/kubernetes/resources/eks.py | 60 ++ .../resources/fake_network_policy.py | 9 + .../providers/kubernetes/resources/gke.py | 8 + .../providers/kubernetes/resources/rbac.py | 124 +++ .../providers/kubernetes/resources/version.py | 10 + .../kubernetes/resources/workload.py | 90 ++ .../configmap-unnecessary-secrets.json | 18 + .../cron-job-apparmor-annotation-missing.json | 23 + ...job-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + ...n-job-container-running-as-root-group.json | 41 + ...on-job-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/cron-job-host-ipc-true.json | 24 + .../findings/cron-job-host-network-true.json | 24 + .../findings/cron-job-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 59 ++ ...cron-job-privileged-container-running.json | 24 + ...b-resources-without-defined-cpu-limit.json | 29 + ...-job-resources-without-defined-limits.json | 33 + ...esources-without-defined-memory-limit.json | 29 + ...daemonset-apparmor-annotation-missing.json | 23 + ...set-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 31 + ...ntainer-allowing-privilege-escalation.json | 30 + ...onset-container-running-as-root-group.json | 25 + ...monset-container-running-as-root-user.json | 25 + ...r-with-overly-permissive-capabilities.json | 35 + ...ntainer-with-possible-root-privileges.json | 30 + .../findings/daemonset-host-ipc-true.json | 24 + .../findings/daemonset-host-network-true.json | 24 + .../findings/daemonset-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 54 + ...aemonset-privileged-container-running.json | 24 + ...t-resources-without-defined-cpu-limit.json | 29 + ...nset-resources-without-defined-limits.json | 36 + ...esources-without-defined-memory-limit.json | 29 + ...eployment-apparmor-annotation-missing.json | 23 + ...ent-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + ...yment-container-running-as-root-group.json | 41 + ...oyment-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/deployment-host-ipc-true.json | 24 + .../deployment-host-network-true.json | 24 + .../findings/deployment-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 59 ++ ...ployment-privileged-container-running.json | 24 + ...t-resources-without-defined-cpu-limit.json | 29 + ...ment-resources-without-defined-limits.json | 33 + ...esources-without-defined-memory-limit.json | 29 + ...ks-insufficient-control-plane-logging.json | 18 + .../findings/eks-kms-encryption-disabled.json | 22 + .../eks-publically-accessible-apiserver.json | 24 + .../job-apparmor-annotation-missing.json | 23 + ...job-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + .../job-container-running-as-root-group.json | 41 + .../job-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../rules/findings/job-host-ipc-true.json | 24 + .../rules/findings/job-host-network-true.json | 24 + .../rules/findings/job-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 59 ++ .../job-privileged-container-running.json | 24 + ...b-resources-without-defined-cpu-limit.json | 29 + .../job-resources-without-defined-limits.json | 33 + ...esources-without-defined-memory-limit.json | 29 + ...esengine-basic-authentication-enabled.json | 32 + ...ne-certificate-authentication-enabled.json | 27 + ...netesengine-cluster-alias-ip-disabled.json | 32 + ...application-layer-encryption-disabled.json | 26 + ...cluster-binary-authorization-disabled.json | 26 + ...ubernetesengine-cluster-has-no-labels.json | 25 + ...rnetesengine-cluster-logging-disabled.json | 33 + ...r-master-authorized-networks-disabled.json | 33 + ...gine-cluster-metadata-server-disabled.json | 26 + ...tesengine-cluster-monitoring-disabled.json | 33 + ...ngine-cluster-network-policy-disabled.json | 33 + ...r-pod-security-policy-config-disabled.json | 34 + ...ine-cluster-private-endpoint-disabled.json | 33 + ...luster-private-google-access-disabled.json | 25 + ...ernetesengine-cluster-release-channel.json | 29 + ...ngine-cluster-shielded-nodes-disabled.json | 26 + ...ne-cluster-workload-identity-disabled.json | 26 + .../kubernetesengine-dashboard-enabled.json | 32 + ...esengine-default-service-account-used.json | 32 + .../kubernetesengine-legacy-abac-enabled.json | 32 + ...ine-legacy-metadata-endpoints-enabled.json | 28 + ...netesengine-node-auto-repair-disabled.json | 33 + ...etesengine-node-auto-upgrade-disabled.json | 33 + ...-node-container-optimized-os-not-used.json | 36 + ...ne-node-integrity-monitoring-disabled.json | 21 + ...netesengine-node-secure-boot-disabled.json | 21 + ...bernetesengine-private-nodes-disabled.json | 33 + .../kubernetesengine-scopes-not-limited.json | 25 + ...ing-diagnostic-setting-does-not-exist.json | 28 + ...rt-not-exist-create-policy-assignment.json | 35 + ...ng-monitoring-log-alert-not-exist-nsg.json | 41 + ...log-alert-not-exist-security-solution.json | 41 + ...monitoring-logging-key-vault-disabled.json | 27 + ...ofile-does-not-capture-all-activities.json | 27 + ...y-unrestricted-cluster-network-access.json | 19 + ...y-unrestricted-cluster-network-egress.json | 29 + ...-unrestricted-cluster-network-ingress.json | 50 + .../pod-apparmor-annotation-missing.json | 23 + ...pod-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + .../pod-container-running-as-root-group.json | 41 + .../pod-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/pod-helm-tiller-in-use.json | 24 + .../rules/findings/pod-host-ipc-true.json | 24 + .../rules/findings/pod-host-network-true.json | 24 + .../rules/findings/pod-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 60 ++ .../pod-privileged-container-running.json | 24 + ...d-resources-without-defined-cpu-limit.json | 29 + .../pod-resources-without-defined-limits.json | 38 + ...esources-without-defined-memory-limit.json | 29 + ...dtemplate-apparmor-annotation-missing.json | 23 + ...ate-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + ...plate-container-running-as-root-group.json | 41 + ...mplate-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/podtemplate-host-ipc-true.json | 24 + .../podtemplate-host-network-true.json | 24 + .../findings/podtemplate-host-pid-true.json | 24 + ...template-privileged-container-running.json | 24 + ...e-resources-without-defined-cpu-limit.json | 29 + ...late-resources-without-defined-limits.json | 38 + ...esources-without-defined-memory-limit.json | 29 + .../rules/findings/rbac-dangerous-grants.json | 17 + .../rules/findings/rbac-dodgy-subjects.json | 17 + .../findings/rbac-permissive-bindings.json | 17 + ...eplicaset-apparmor-annotation-missing.json | 23 + ...set-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + ...caset-container-running-as-root-group.json | 41 + ...icaset-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/replicaset-host-ipc-true.json | 24 + .../replicaset-host-network-true.json | 24 + .../findings/replicaset-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 59 ++ ...plicaset-privileged-container-running.json | 24 + ...t-resources-without-defined-cpu-limit.json | 29 + ...aset-resources-without-defined-limits.json | 33 + ...esources-without-defined-memory-limit.json | 29 + .../findings/service-helm-tiller-in-use.json | 24 + ...unt-automounted-service-account-token.json | 28 + ...atefulset-apparmor-annotation-missing.json | 23 + ...set-automounted-service-account-token.json | 28 + ...ner-ability-to-modify-root-filesystem.json | 36 + ...ntainer-allowing-privilege-escalation.json | 35 + ...ulset-container-running-as-root-group.json | 41 + ...fulset-container-running-as-root-user.json | 41 + ...r-with-overly-permissive-capabilities.json | 40 + ...ntainer-with-possible-root-privileges.json | 41 + .../findings/statefulset-host-ipc-true.json | 24 + .../statefulset-host-network-true.json | 24 + .../findings/statefulset-host-pid-true.json | 24 + ...bernetes-container-manifest-hardening.json | 59 ++ ...tefulset-privileged-container-running.json | 24 + ...t-resources-without-defined-cpu-limit.json | 29 + ...lset-resources-without-defined-limits.json | 33 + ...esources-without-defined-memory-limit.json | 29 + .../kubernetes/rules/rulesets/aks.json | 870 ++++++++++++++++ .../kubernetes/rules/rulesets/default.json | 779 ++++++++++++++ .../kubernetes/rules/rulesets/eks.json | 797 +++++++++++++++ .../kubernetes/rules/rulesets/filters.json | 4 + .../kubernetes/rules/rulesets/gke.json | 947 ++++++++++++++++++ ScoutSuite/providers/kubernetes/services.py | 53 + ScoutSuite/providers/kubernetes/utils.py | 23 + ScoutSuite/utils.py | 4 +- requirements.txt | 2 + tools/format_findings.py | 2 +- tools/process_raw_response.py | 5 +- tools/sort-ruleset.py | 2 +- 241 files changed, 11150 insertions(+), 107 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/details_for_kubernetes_resource.html create mode 100755 ScoutSuite/output/data/html/partials/kubernetes/details_for_project.html create mode 100755 ScoutSuite/output/data/html/partials/kubernetes/details_for_subscription.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_code.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_container_security_context.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_data.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_object.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_pod_security_context.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_containers.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_host.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_limits.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_kubernetes_resource.html create mode 100755 ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_project.html create mode 100755 ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_subscription.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.eks.encryption.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.eks.logging.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.kubernetesengine.clusters.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_alerts.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_profiles.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.resources_logging.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/services.version.details.html create mode 100644 ScoutSuite/output/data/html/partials/kubernetes/utils.html create mode 100644 ScoutSuite/output/data/html/summaries/kubernetes/services.kubernetes_workload.images.html create mode 100644 ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dangerous_grants.html create mode 100644 ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dodgy_subjects.html create mode 100644 ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.permissive_bindings.html create mode 100755 ScoutSuite/providers/kubernetes/__init__.py create mode 100755 ScoutSuite/providers/kubernetes/authentication_strategy.py create mode 100644 ScoutSuite/providers/kubernetes/facade/__init__.py create mode 100644 ScoutSuite/providers/kubernetes/facade/base.py create mode 100644 ScoutSuite/providers/kubernetes/facade/core.py create mode 100644 ScoutSuite/providers/kubernetes/facade/eks.py create mode 100644 ScoutSuite/providers/kubernetes/facade/extra.py create mode 100644 ScoutSuite/providers/kubernetes/facade/version.py create mode 100755 ScoutSuite/providers/kubernetes/metadata.json create mode 100755 ScoutSuite/providers/kubernetes/provider.py create mode 100644 ScoutSuite/providers/kubernetes/resources/__init__.py create mode 100644 ScoutSuite/providers/kubernetes/resources/aks.py create mode 100755 ScoutSuite/providers/kubernetes/resources/base.py create mode 100644 ScoutSuite/providers/kubernetes/resources/eks.py create mode 100644 ScoutSuite/providers/kubernetes/resources/fake_network_policy.py create mode 100644 ScoutSuite/providers/kubernetes/resources/gke.py create mode 100644 ScoutSuite/providers/kubernetes/resources/rbac.py create mode 100644 ScoutSuite/providers/kubernetes/resources/version.py create mode 100644 ScoutSuite/providers/kubernetes/resources/workload.py create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/eks-insufficient-control-plane-logging.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-basic-authentication-enabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-certificate-authentication-enabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-has-no-labels.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-logging-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-monitoring-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-network-policy-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-dashboard-enabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-default-service-account-used.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-abac-enabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-repair-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-secure-boot-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-private-nodes-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-scopes-not-limited.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/rbac-dangerous-grants.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/rbac-dodgy-subjects.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/rbac-permissive-bindings.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json create mode 100755 ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json create mode 100644 ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json create mode 100755 ScoutSuite/providers/kubernetes/rules/rulesets/aks.json create mode 100755 ScoutSuite/providers/kubernetes/rules/rulesets/default.json create mode 100755 ScoutSuite/providers/kubernetes/rules/rulesets/eks.json create mode 100755 ScoutSuite/providers/kubernetes/rules/rulesets/filters.json create mode 100755 ScoutSuite/providers/kubernetes/rules/rulesets/gke.json create mode 100755 ScoutSuite/providers/kubernetes/services.py create mode 100644 ScoutSuite/providers/kubernetes/utils.py diff --git a/MANIFEST.in b/MANIFEST.in index 232ab0227..be2fab806 100755 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -13,3 +13,5 @@ recursive-include ScoutSuite/providers/aliyun * recursive-include ScoutSuite/providers/aliyun/rules * recursive-include ScoutSuite/providers/oci * recursive-include ScoutSuite/providers/oci/rules * +recursive-include ScoutSuite/providers/kubernetes * +recursive-include ScoutSuite/providers/kubernetes/rules * \ No newline at end of file diff --git a/README.md b/README.md index a890a8a0f..41dd1684d 100755 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ The following cloud providers are currently supported: - Google Cloud Platform - Alibaba Cloud (alpha) - Oracle Cloud Infrastructure (alpha) +- Kubernetes clusters on a cloud provider (alpha) ## Installation diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index ff1ca56e9..fa1bb63e3 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -52,6 +52,12 @@ def run_from_cli(): organization_id=args.get('organization_id'), all_projects=args.get('all_projects'), # Aliyun access_key_id=args.get('access_key_id'), access_key_secret=args.get('access_key_secret'), + # Kubernetes + kubernetes_cluster_provider=args.get('kubernetes_cluster_provider'), + kubernetes_config_file=args.get('kubernetes_config_file'), + kubernetes_context=args.get('kubernetes_context'), + kubernetes_persist_config=args.get('kubernetes_persist_config'), + kubernetes_azure_subscription_id=args.get('kubernetes_azure_subscription_id'), # General report_name=args.get('report_name'), report_dir=args.get('report_dir'), timestamp=args.get('timestamp'), @@ -98,6 +104,12 @@ def run(provider, project_id=None, folder_id=None, organization_id=None, all_projects=False, # Aliyun access_key_id=None, access_key_secret=None, + # Kubernetes + kubernetes_cluster_provider=None, + kubernetes_config_file=None, + kubernetes_context=None, + kubernetes_persist_config=True, + kubernetes_azure_subscription_id=None, # General report_name=None, report_dir=None, timestamp=False, @@ -150,6 +162,12 @@ async def _run(provider, project_id, folder_id, organization_id, all_projects, # Aliyun access_key_id, access_key_secret, + # Kubernetes + kubernetes_cluster_provider, + kubernetes_config_file, + kubernetes_context, + kubernetes_persist_config, + kubernetes_azure_subscription_id, # General report_name, report_dir, timestamp, @@ -198,7 +216,15 @@ async def _run(provider, username=username, password=password, access_key_id=access_key_id, - access_key_secret=access_key_secret) + access_key_secret=access_key_secret, + + # Kubernetes + kubernetes_cluster_provider=kubernetes_cluster_provider, + kubernetes_config_file=kubernetes_config_file, + kubernetes_context=kubernetes_context, + kubernetes_persist_config=kubernetes_persist_config, + kubernetes_azure_subscription_id=kubernetes_azure_subscription_id, + kubernetes_fetch_local=fetch_local) if not credentials: return 101 @@ -219,6 +245,10 @@ async def _run(provider, folder_id=folder_id, organization_id=organization_id, all_projects=all_projects, + # Kubernetes + kubernetes_config_file=kubernetes_config_file, + kubernetes_context=kubernetes_context, + kubernetes_cluster_provider=kubernetes_cluster_provider, # Other report_dir=report_dir, timestamp=timestamp, diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index db9563f0f..9a2d72fc9 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -29,6 +29,7 @@ def __init__(self): self._init_azure_parser() self._init_aliyun_parser() self._init_oci_parser() + self._init_kubernetes_parser() def _init_aws_parser(self): parser = self.subparsers.add_parser("aws", @@ -254,6 +255,37 @@ def _init_oci_parser(self): default=None, help='Name of the profile') + def _init_kubernetes_parser(self): + kubernetes_parser = self.subparsers.add_parser("kubernetes", + parents=[self.common_providers_args_parser], + help="Run Scout against a Kubernetes cluster") + + kubernetes_scope = kubernetes_parser.add_argument_group('Additional arguments') + + kubernetes_scope.add_argument('-c', + '--cluster-provider', + dest='kubernetes_cluster_provider', + default=None, + choices=['aks', 'eks', 'gke'], + help='Cluster contexts to scan. If no cloud provider is specified, ScoutSuite will use the default Kubernetes configuration.') + kubernetes_scope.add_argument('--config-file', + dest='kubernetes_config_file', + default=None, + help='Name of the kube-config file. By default, it will use Kubernetes\' default directory.') + kubernetes_scope.add_argument('--context', + dest='kubernetes_context', + default=None, + help='Cluster context to scan. By default, current_context from config file will be used.') + kubernetes_scope.add_argument('--do-not-persist-config', + dest='kubernetes_persist_config', + action='store_false', + default=True, + help='If specified, config file will NOT be updated when changed (e.g GCP token refresh).') + kubernetes_scope.add_argument('--subscription-id', + dest='kubernetes_azure_subscription_id', + action='store', + default=None, + help='If unspecified, the default subscription will be used.') def _init_common_args_parser(self): parser = self.common_providers_args_parser.add_argument_group('Scout Arguments') @@ -404,4 +436,15 @@ def parse_args(self, args=None): if v.get('subscription_ids') and v.get('all_subscriptions'): self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options') + # Kubernetes + elif v.get('provider') == 'kubernetes': + cluster_provider = v.get('kubernetes_cluster_provider') + # change ruleset based on cluster provider + if cluster_provider: + args.ruleset = f'{cluster_provider}.json' + + # only use subscription_id if kubernetes_cluster_provider is 'aks' + if cluster_provider != 'aks' and v.get('kubernetes_azure_subscription_id'): + self.parser.error('--subscription-id is only used when analyzing AKS clusters') + return args diff --git a/ScoutSuite/output/data/html/partials/kubernetes/details_for_kubernetes_resource.html b/ScoutSuite/output/data/html/partials/kubernetes/details_for_kubernetes_resource.html new file mode 100644 index 000000000..a6f98bf3b --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/details_for_kubernetes_resource.html @@ -0,0 +1,62 @@ + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/details_for_project.html b/ScoutSuite/output/data/html/partials/kubernetes/details_for_project.html new file mode 100755 index 000000000..f01e341ba --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/details_for_project.html @@ -0,0 +1,17 @@ + + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/details_for_subscription.html b/ScoutSuite/output/data/html/partials/kubernetes/details_for_subscription.html new file mode 100755 index 000000000..8401cc305 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/details_for_subscription.html @@ -0,0 +1,17 @@ + + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_code.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_code.html new file mode 100644 index 000000000..59de20f84 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_code.html @@ -0,0 +1,66 @@ + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_container_security_context.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_container_security_context.html new file mode 100644 index 000000000..b1e2bec5f --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_container_security_context.html @@ -0,0 +1,89 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_data.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_data.html new file mode 100644 index 000000000..4bedda547 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_data.html @@ -0,0 +1,23 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_object.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_object.html new file mode 100644 index 000000000..549ac48b5 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_object.html @@ -0,0 +1,45 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_pod_security_context.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_pod_security_context.html new file mode 100644 index 000000000..0418a5240 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_pod_security_context.html @@ -0,0 +1,62 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_containers.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_containers.html new file mode 100644 index 000000000..7a9009cf7 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_containers.html @@ -0,0 +1,26 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_host.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_host.html new file mode 100644 index 000000000..d5fa18a0f --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_host.html @@ -0,0 +1,30 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_limits.html b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_limits.html new file mode 100644 index 000000000..db50a3bec --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/kubernetes_resource_limits.html @@ -0,0 +1,22 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_kubernetes_resource.html b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_kubernetes_resource.html new file mode 100644 index 000000000..2d88c1e90 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_kubernetes_resource.html @@ -0,0 +1,52 @@ + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_project.html b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_project.html new file mode 100755 index 000000000..81c398ffb --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_project.html @@ -0,0 +1,33 @@ + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_subscription.html b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_subscription.html new file mode 100755 index 000000000..0f51f7716 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/left_menu_for_subscription.html @@ -0,0 +1,33 @@ + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.eks.encryption.html b/ScoutSuite/output/data/html/partials/kubernetes/services.eks.encryption.html new file mode 100644 index 000000000..c5064be5f --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.eks.encryption.html @@ -0,0 +1,21 @@ + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.eks.logging.html b/ScoutSuite/output/data/html/partials/kubernetes/services.eks.logging.html new file mode 100644 index 000000000..7c8cf3f93 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.eks.logging.html @@ -0,0 +1,19 @@ + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.kubernetesengine.clusters.html b/ScoutSuite/output/data/html/partials/kubernetes/services.kubernetesengine.clusters.html new file mode 100644 index 000000000..1c48ddb30 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.kubernetesengine.clusters.html @@ -0,0 +1,109 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html new file mode 100644 index 000000000..05f66bb72 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.diagnostic_settings.html @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_alerts.html b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_alerts.html new file mode 100644 index 000000000..37676ce00 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_alerts.html @@ -0,0 +1,29 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_profiles.html b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_profiles.html new file mode 100644 index 000000000..4bbd85121 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.log_profiles.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.resources_logging.html b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.resources_logging.html new file mode 100644 index 000000000..3d8462155 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.loggingmonitoring.subscriptions.id.resources_logging.html @@ -0,0 +1,22 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/kubernetes/services.version.details.html b/ScoutSuite/output/data/html/partials/kubernetes/services.version.details.html new file mode 100644 index 000000000..f3716a55c --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/services.version.details.html @@ -0,0 +1,9 @@ + + + diff --git a/ScoutSuite/output/data/html/partials/kubernetes/utils.html b/ScoutSuite/output/data/html/partials/kubernetes/utils.html new file mode 100644 index 000000000..588e9c68f --- /dev/null +++ b/ScoutSuite/output/data/html/partials/kubernetes/utils.html @@ -0,0 +1,83 @@ + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/resources_details.html b/ScoutSuite/output/data/html/partials/resources_details.html index db8518e53..2f163e6c9 100755 --- a/ScoutSuite/output/data/html/partials/resources_details.html +++ b/ScoutSuite/output/data/html/partials/resources_details.html @@ -41,5 +41,5 @@
    Resources Details diff --git a/ScoutSuite/output/data/html/summaries/kubernetes/services.kubernetes_workload.images.html b/ScoutSuite/output/data/html/summaries/kubernetes/services.kubernetes_workload.images.html new file mode 100644 index 000000000..a2727e6f1 --- /dev/null +++ b/ScoutSuite/output/data/html/summaries/kubernetes/services.kubernetes_workload.images.html @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dangerous_grants.html b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dangerous_grants.html new file mode 100644 index 000000000..5093ed2fe --- /dev/null +++ b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dangerous_grants.html @@ -0,0 +1,37 @@ + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dodgy_subjects.html b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dodgy_subjects.html new file mode 100644 index 000000000..cb4927c15 --- /dev/null +++ b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.dodgy_subjects.html @@ -0,0 +1,22 @@ + diff --git a/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.permissive_bindings.html b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.permissive_bindings.html new file mode 100644 index 000000000..d7cada1ac --- /dev/null +++ b/ScoutSuite/output/data/html/summaries/kubernetes/services.rbac.permissive_bindings.html @@ -0,0 +1,25 @@ + \ No newline at end of file diff --git a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js index f37596318..10b88dd86 100755 --- a/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js +++ b/ScoutSuite/output/data/inc-scoutsuite/scoutsuite.js @@ -177,8 +177,8 @@ function loadConfig(scriptId, cols, force) { let pathArray = scriptId.split('.id.')[0].split('.') for (let i in pathArray) { // Allows for creation of regions-filter etc... - if (i.endsWith('-filters')) { - i = i.replace('-filters', '') + if (pathArray[i].endsWith('-filters')) { + pathArray[i] = pathArray[i].replace('-filters', '') } list = list[pathArray[i]] // Filters @@ -969,12 +969,17 @@ function showMainDashboard() { function makeTitleAcl(resourcePath) { resourcePath = resourcePath.replace('service_groups.', '') let service = getService(resourcePath) - let resource = resourcePath.split('.').pop() - resource = resource.replace(/_/g, ' ').replace('<', '').replace('>', - '').replace(/\w\S*/g, function (txt) { - return txt.charAt(0).toUpperCase() + txt.substr(1).toLowerCase() - }).replace('Acl', 'ACL').replace('Findings', 'Dashboard') - return service + ' ' + resource + + const parts = resourcePath.split('.').pop().split('_').map(part => `${part.charAt(0).toUpperCase()}${part.substring(1).toLowerCase()}`) + let formatted = '' + do { + const part = parts.shift() + formatted += part.length > 1 ? ` ${part} ` : part + } while (parts.length > 0) + + formatted = formatted.replace(/Acl/g, 'ACL').replace('Findings', 'Dashboard').replace(//g, '').trim() + + return service + ' ' + formatted } /** @@ -1091,8 +1096,24 @@ function updateDOM(anchor) { updateNavbar(path) - // FIXME this is not a very good implementation - if (!path.endsWith('.findings') && !path.endsWith('.statistics') && !path.endsWith('.password_policy') && !path.endsWith('.security_policy') && !path.endsWith('.permissions') && !path.endsWith('.') && !path.endsWith('.external_attack_surface')) { + const pathSuffixes = [ + 'findings', + 'statistics', + 'password_policy', + 'security_policy', + 'permissions', + '', + 'external_attack_surface', + 'output', + ] + + let show = true + for (const suffix of pathSuffixes) { + if (!path.endsWith(`.${suffix}`)) continue + show = false + break + } + if (show) { $('#findings_download_button').show() $('#paging_buttons').show() } else { @@ -1210,97 +1231,65 @@ function makeTitle(title) { console.log('Error: received title ' + title + ' (string expected).') return title.toString() } + + const uppercaseTitles = [ + 'acm', 'aks', 'ec2', 'ecr', 'ecs', 'efs', 'eks', 'gke', 'iam', 'kms', 'rbac', + 'rds', 'sns', 'ses', 'sqs', 'vpc', 'elb', 'elbv2', 'emr', 'dns', 'oss', 'ram', + ] + + const formattedTitles = { + 'cloudtrail': 'CloudTrail', + 'cloudwatch': 'CloudWatch', + 'cloudformation': 'CloudFormation', + 'cloudfront': 'CloudFront', + 'awslambda': 'Lambda', + 'docdb': 'DocumentDB', + 'dynamodb': 'DynamoDB', + 'guardduty': 'GuardDuty', + 'secretsmanager': 'Secrets Manager', + 'ssm': 'Systems Manager', + 'elasticache': 'ElastiCache', + 'redshift': 'RedShift', + 'cloudstorage': 'Cloud Storage', + 'cloudsql': 'Cloud SQL', + 'stackdriverlogging': 'Stackdriver Logging', + 'stackdrivermonitoring': 'Stackdriver Monitoring', + 'computeengine': 'Compute Engine', + 'kubernetesengine': 'Kubernetes Engine', + 'cloudmemorystore': 'Cloud Memorystore', + 'aad': 'Azure Active Directory', + 'storageaccounts': 'Storage Accounts', + 'sqldatabase': 'SQL Database', + 'virtualmachines': 'Virtual Machines', + 'securitycenter': 'Security Center', + 'keyvault': 'Key Vault', + 'appgateway': 'Application Gateway', + 'rediscache': 'Redis Cache', + 'appservice': 'App Services', + 'loadbalancer': 'Load Balancer', + 'actiontrail': 'ActionTrail', + 'objectstorage': 'Object Storage', + + // Azure and Kubernetes + 'loggingmonitoring': 'Azure Monitor', + + // Kubernetes + 'kubernetesengine': 'GKE' + } + title = title.toLowerCase() - if (['acm', 'ec2', 'ecr', 'ecs', 'efs', 'eks', 'iam', 'kms', 'rds', 'sns', 'ses', 'sqs', 'vpc', 'elb', 'elbv2', 'emr','dns'].indexOf(title) !== -1) { + if (uppercaseTitles.indexOf(title) !== -1) { return title.toUpperCase() - } else if (title === 'cloudtrail') { - return 'CloudTrail' - } else if (title === 'cloudwatch') { - return 'CloudWatch' - } else if (title === 'cloudformation') { - return 'CloudFormation' - } else if (title === 'cloudfront') { - return 'CloudFront' - } else if (title === 'config') { - return 'Config' - } else if (title === 'cognito') { - return 'Cognito' - } else if (title === 'awslambda') { - return 'Lambda' - } else if (title === 'docdb') { - return 'DocumentDB' - } else if (title === 'dynamodb') { - return 'DynamoDB' - } else if (title === 'guardduty') { - return 'GuardDuty' - } else if (title === 'secretsmanager') { - return 'Secrets Manager' - } else if (title === 'ssm') { - return 'Systems Manager' - } else if (title === 'elasticache') { - return 'ElastiCache' - } else if (title === 'redshift') { - return 'RedShift' - } else if (title === 'cloudstorage') { - return 'Cloud Storage' - } else if (title === 'cloudsql') { - return 'Cloud SQL' - } else if (title === 'stackdriverlogging') { - return 'Stackdriver Logging' - } else if (title === 'stackdrivermonitoring') { - return 'Stackdriver Monitoring' - } else if (title === 'computeengine') { - return 'Compute Engine' - } else if (title === 'kubernetesengine') { - return 'Kubernetes Engine' - } else if (title === 'functions') { - return 'Cloud Functions' - } else if (title === 'cloudmemorystore') { - return 'Cloud Memorystore' - } else if (title === 'bigquery') { - return 'BigQuery' - } else if (title === 'aad') { - return 'Azure Active Directory' - } else if (title === 'rbac') { - return 'Azure RBAC' - } else if (title === 'storageaccounts') { - return 'Storage Accounts' - } else if (title === 'mysqldatabase') { - return 'MySQL Database' - } else if (title === 'sqldatabase') { - return 'SQL Database' - } else if (title === 'postgresqldatabase') { - return 'PostreSQL Database' - } else if (title === 'virtualmachines') { - return 'Virtual Machines' - } else if (title === 'securitycenter') { - return 'Security Center' - } else if (title === 'network') { - return 'Network' - } else if (title === 'keyvault') { - return 'Key Vault' - } else if (title === 'appgateway') { - return 'Application Gateway' - } else if (title === 'rediscache') { - return 'Redis Cache' - } else if (title === 'appservice') { - return 'App Services' - } else if (title === 'loggingmonitoring') { - return 'Logging Monitoring' - } else if (title === 'loadbalancer') { - return 'Load Balancer' - } else if (title === 'ram') { - return 'RAM' - } else if (title === 'actiontrail') { - return 'ActionTrail' - } else if (title === 'ecs') { - return 'ECS' - } else if (title === 'oss') { - return 'OSS' - } else if (title === 'objectstorage') { - return 'Object Storage' + } else if (formattedTitles[title.split('_')[0]]) { + return formattedTitles[title] } else { - return (title.charAt(0).toUpperCase() + title.substr(1).toLowerCase()).split('_').join(' ') + const parts = title.split('_').map(part => `${part.charAt(0).toUpperCase()}${part.substring(1).toLowerCase()}`) + let formatted = '' + do { + const part = parts.shift() + formatted += part.length > 1 ? ` ${part} ` : part + } while (parts.length > 0) + return formatted.trim() } } @@ -1363,6 +1352,10 @@ function addTemplate(group, service, section, resourceType, path, suffix) { partialName = 'left_menu_for_region' } else if (path.indexOf('.projects.id.') > 0) { partialName = 'left_menu_for_project' + } else if (group === '_scout_suite_aggregation' || group.length === 1 && resourceType.startsWith('v')) { + // no real way to categorize Kubernetes resources + // hopefully in the future this huge JavaScript file will be decoupled + partialName = 'left_menu_for_kubernetes_resource' } else { partialName = 'left_menu' } @@ -1379,6 +1372,10 @@ function addTemplate(group, service, section, resourceType, path, suffix) { partialName = 'details_for_region' } else if (path.indexOf('.projects.id.') > 0) { partialName = 'details_for_project' + } else if (group === '_scout_suite_aggregation' || group.length === 1 && resourceType.startsWith('v')) { + // no real way to categorize Kubernetes resources + // hopefully in the future this huge JavaScript file will be decoupled + partialName = 'details_for_kubernetes_resource' } else { partialName = 'details' } diff --git a/ScoutSuite/providers/__init__.py b/ScoutSuite/providers/__init__.py index 20d8de6cb..a00fe0a63 100755 --- a/ScoutSuite/providers/__init__.py +++ b/ScoutSuite/providers/__init__.py @@ -2,7 +2,8 @@ 'gcp': 'GCPProvider', 'azure': 'AzureProvider', 'aliyun': 'AliyunProvider', - 'oci': 'OracleProvider'} + 'oci': 'OracleProvider', + 'kubernetes': 'KubernetesProvider'} def get_provider_object(provider): diff --git a/ScoutSuite/providers/base/authentication_strategy_factory.py b/ScoutSuite/providers/base/authentication_strategy_factory.py index fddd16a0d..a6eee9bdf 100755 --- a/ScoutSuite/providers/base/authentication_strategy_factory.py +++ b/ScoutSuite/providers/base/authentication_strategy_factory.py @@ -3,7 +3,8 @@ 'gcp': 'GCPAuthenticationStrategy', 'azure': 'AzureAuthenticationStrategy', 'aliyun': 'AliyunAuthenticationStrategy', - 'oci': 'OracleAuthenticationStrategy' + 'oci': 'OracleAuthenticationStrategy', + 'kubernetes': 'KubernetesAuthenticationStrategy' } diff --git a/ScoutSuite/providers/base/services.py b/ScoutSuite/providers/base/services.py index 31c0005f8..19423b038 100755 --- a/ScoutSuite/providers/base/services.py +++ b/ScoutSuite/providers/base/services.py @@ -59,4 +59,5 @@ async def _fetch(self, service, regions=None, excluded_regions=None): else: print_debug(f'No method to fetch service {service}.') except Exception as e: + print(e) # for debugging print_exception(f'Could not fetch {format_service_name(service)} configuration: {e}') diff --git a/ScoutSuite/providers/kubernetes/__init__.py b/ScoutSuite/providers/kubernetes/__init__.py new file mode 100755 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/kubernetes/authentication_strategy.py b/ScoutSuite/providers/kubernetes/authentication_strategy.py new file mode 100755 index 000000000..7012e2cb9 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/authentication_strategy.py @@ -0,0 +1,69 @@ +import logging +import enum + +from google.auth.credentials import Credentials as GCPCredentials +from kubernetes import config, client +from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy +from ScoutSuite.providers.aws.authentication_strategy import AWSAuthenticationStrategy, AWSCredentials +from ScoutSuite.providers.azure.authentication_strategy import AzureAuthenticationStrategy, AzureCredentials +from ScoutSuite.providers.gcp.authentication_strategy import GCPAuthenticationStrategy + + +class KubernetesCredentials: + def __init__(self) -> None: + self.cluster_provider: str = None + self.cluster_context: str = None + self.api_client: client.ApiClient = None + self.fetch_local: bool = False + + self.aws: AWSCredentials = None + self.azure: AzureCredentials = None + self.gcp: GCPCredentials = None + +class ClusterProvider(enum.Enum): + # Azure + AKS = 'aks' + # AWS + EKS = 'eks' + # GCP + GKE = 'gke' + +class ResourceTemplates(enum.Enum): + RESOURCE_CONTAINERS = 'kubernetes_resource_containers' + RESOURCE_HOST = 'kubernetes_resource_host' + +class KubernetesAuthenticationStrategy(AuthenticationStrategy): + ''' + Implements authentication for the Kubernetes provider. + ''' + + def authenticate(self, **kwargs): + '''Obtain credentials to interact with the Kubernetes cluster''' + + logging.getLogger('kubernetes.client.rest').setLevel(logging.ERROR) + + cluster_provider = kwargs.get('kubernetes_cluster_provider') + config_file = kwargs.get('kubernetes_config_file') + context = kwargs.get('kubernetes_context') + persist_config = kwargs.get('kubernetes_persist_config') + fetch_local = kwargs.get('kubernetes_fetch_local') + + credentials = KubernetesCredentials() + if cluster_provider in [ClusterProvider.AKS.value]: + subscription_id = subscription_id=kwargs.get('kubernetes_azure_subscription_id') + credentials.azure = AzureAuthenticationStrategy().authenticate(cli=True, subscription_id=subscription_id) + + elif cluster_provider in [ClusterProvider.EKS.value]: + credentials.aws = AWSAuthenticationStrategy().authenticate() + + elif cluster_provider in [ClusterProvider.GKE.value]: + credentials.gcp = GCPAuthenticationStrategy().authenticate(user_account=True) + + config.load_kube_config(config_file, context, None, persist_config) + + credentials.cluster_provider = cluster_provider + credentials.cluster_context = context or config.list_kube_config_contexts(config_file)[1]['context']['cluster'] + credentials.api_client = config.new_client_from_config(config_file, context, persist_config) + credentials.fetch_local = fetch_local + + return credentials diff --git a/ScoutSuite/providers/kubernetes/facade/__init__.py b/ScoutSuite/providers/kubernetes/facade/__init__.py new file mode 100644 index 000000000..8d8bd4efe --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/__init__.py @@ -0,0 +1,27 @@ +from ScoutSuite.providers.azure.facade.loggingmonitoring import LoggingMonitoringFacade +from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials +from ScoutSuite.providers.kubernetes.facade.core import CoreFacade +from ScoutSuite.providers.kubernetes.facade.eks import EKSFacade +from ScoutSuite.providers.kubernetes.facade.extra import ExtraFacade +from ScoutSuite.providers.kubernetes.facade.version import VersionFacade + + +class KubernetesFacade: + def __init__(self, credentials: KubernetesCredentials): + self.eks = None + self.azure_monitoring = None + self.gcp = None + + self.core = CoreFacade(credentials) + self.extra = ExtraFacade(credentials) + self.version = VersionFacade(credentials) + + if credentials.cluster_provider == ClusterProvider.AKS.value: + self.azure_monitoring = LoggingMonitoringFacade(credentials) + + elif credentials.cluster_provider == ClusterProvider.EKS.value: + self.eks = EKSFacade(credentials) + + elif credentials.cluster_provider == ClusterProvider.GKE.value: + self.gcp = GCPFacade(credentials) diff --git a/ScoutSuite/providers/kubernetes/facade/base.py b/ScoutSuite/providers/kubernetes/facade/base.py new file mode 100644 index 000000000..8c220ae3b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/base.py @@ -0,0 +1,142 @@ +from json import dumps, loads +from typing import Callable +from yaml import safe_dump + +from google.auth.credentials import Credentials as GCPCredentials +from kubernetes.client.exceptions import ApiException + +from ScoutSuite.core.console import print_error, print_info +from ScoutSuite.providers.aws.authentication_strategy import AWSCredentials +from ScoutSuite.providers.azure.authentication_strategy import AzureCredentials +from ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials +from ScoutSuite.providers.kubernetes.utils import format_api_version, format_resource_id, format_resource_kind, format_resource_name + + +from ScoutSuite import __version__ + + +class KubernetesBaseFacade: + def continue_upon_exception(function: Callable): + def continue_upon_exception_callback(self, **kwargs): + try: + return function(self, **kwargs) + except ApiException as api_exception: + print(api_exception) + print_error(f'[{api_exception.__class__.__name__}] {function.__module__}.{function.__name__}: {api_exception.reason}') + return None + except Exception as exception: + print(exception) + print_error(f'[{exception.__class__.__name__}] {function.__module__}.{function.__name__}: {exception}') + return None + return continue_upon_exception_callback + + def __init__(self, credentials: KubernetesCredentials) -> None: + self.resource_definitions = None + self.data = None + self.cluster_provider = None + self.api_client = credentials.api_client + self.api_client.user_agent = f'Scout Suite {__version__}' + + if isinstance(credentials, AzureCredentials): + self.cluster_provider = ClusterProvider.AKS.value + elif isinstance(credentials, AWSCredentials): + self.cluster_provider = ClusterProvider.EKS.value + elif isinstance(credentials, GCPCredentials): + self.cluster_provider = ClusterProvider.GKE.value + + def get(self, path) -> dict: + if not path: + return {} + if path[0] != '/': + path = '/' + path + # url = f'{self.api_client.configuration.host}{path}' + print_info(f'GET {path}') + return loads(self.api_client.call_api(path, 'GET', auth_settings=['BearerToken'], response_type='json', _preload_content=False)[0].data) + + @classmethod + def parse_data(self, raw_resources): + parsed_output = {} + + for kind in raw_resources: + resources = {} + resource_exists = False + + for raw_version in raw_resources[kind]: + resource_items = raw_resources[kind][raw_version] + if len(resource_items) == 0: continue + + resource_exists = True + + version = format_api_version(raw_version) + resources[version] = { + 'namespaced': False, + 'namespaces': {}, + 'resources': {} + } + + for item in resource_items: + metadata: dict = item['metadata'] + name: str = metadata['name'] + namespace: str = metadata.get('namespace') + formatted_id: str = format_resource_id(name, namespace) + + formatted_data: dict = { + 'json': dumps(item, indent=2, separators=(',', ': ')), + 'yaml': safe_dump(item), + 'data': item, + 'metadata': metadata, + 'stringified_metadata': safe_dump(metadata), + 'stringified_data': {}, + 'stringified_annotations': safe_dump(metadata.get('annotations')) if metadata.get('annotations') else None, + 'version': raw_version, + 'kind': kind + } + + del formatted_data['data']['metadata'] + for key in formatted_data['data']: + formatted_data['stringified_data'][key] = safe_dump(formatted_data['data'][key]) + + owner_references = metadata.get('ownerReferences', []) + if len(owner_references) > 0: + formatted_data['ownerReferences'] = [] + for ref in owner_references: + formatted_kind = format_resource_kind(ref['kind']) + formatted_version = format_api_version(ref['apiVersion']) + formatted_name = format_resource_name(ref['name']) + + text = f'''{ref['apiVersion']}/{ref['kind']}/{ref['name']}''' + if namespace and ref['kind'] != 'Node': + formatted_name = format_resource_id(formatted_name, namespace) + text = f'''[{namespace}] ''' + text + + formatted_data['ownerReferences'].append({ + 'href': f'''#services.{formatted_kind}.{formatted_version}.{formatted_name}.view'''.replace('"', '\\"'), + 'text': text, + }) + + role_ref = item.get('roleRef') + if role_ref: + ref_api_group = role_ref.get('apiGroup') + ref_kind = role_ref.get('kind') + ref_name = role_ref.get('name') + + ref_text = f'''{ref_api_group}/{ref_kind}/{ref_name}''' + if namespace: + ref_text = f'[{namespace}] {ref_text}' + ref_name = f'[{namespace}] {ref_name}' + + ref_href = f'''#services.{format_resource_kind(ref_kind)}.{version}.{format_resource_id(ref_name, namespace)}.view''' + formatted_data['roleRef'] = { + 'href': ref_href, + 'text': ref_text, + } + + resources[version]['resources'][formatted_id] = formatted_data + if namespace: + resources[version]['namespaced'] = True + resources[version]['namespaces'][format_resource_name(namespace)] = namespace + + if resource_exists: + parsed_output[format_resource_kind(kind)] = resources + + return parsed_output \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/facade/core.py b/ScoutSuite/providers/kubernetes/facade/core.py new file mode 100644 index 000000000..2009d22f1 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/core.py @@ -0,0 +1,42 @@ +from ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade + + +class CoreFacade(KubernetesBaseFacade): + def __init__(self, credentials): + super().__init__(credentials) + + def get_resource_definitions(self) -> dict: + if self.resource_definitions != None: + return self.resource_definitions + + self.resource_definitions = {} + for version in self.get('/api')['versions']: + self.resource_definitions[version] = self.get(f'/api/{version}')['resources'] + + return self.resource_definitions + + def get_resources(self) -> dict: + if self.data != None: return self.data + + data = {} + core_resource_definitions = self.get_resource_definitions() + + for version in core_resource_definitions: + core_resources = core_resource_definitions[version] + for api_resource in core_resources: + if 'list' not in api_resource['verbs']: continue + endpoint = f'''/api/{version}/{api_resource['name']}''' + resources = self.get(endpoint)['items'] + kind = api_resource['kind'] + + # Redact sensitive resources + if kind in ['Secret']: + for i in range(len(resources)): + for key in resources[i]['data']: + resources[i]['data'][key] = 'REDACTED' + + data[kind] = data.get(kind, {}) + data[kind][version] = resources + + self.data = self.parse_data(data) + return self.data \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/facade/eks.py b/ScoutSuite/providers/kubernetes/facade/eks.py new file mode 100644 index 000000000..07cb627a7 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/eks.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.kubernetes.authentication_strategy import KubernetesCredentials +from ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade + + +class EKSFacade(KubernetesBaseFacade): + cluster = None + + def __init__(self, credentials: KubernetesCredentials, **kwargs): + super().__init__(credentials) + self.context = credentials.cluster_context + self.session = credentials.aws.session + self.region = self.session.region_name + self.eks_client = self.session.client('eks', self.region, **kwargs) + + @KubernetesBaseFacade.continue_upon_exception + def get_cluster(self, **kwargs): + if not self.cluster: + self.cluster = self.eks_client.describe_cluster(name=self.context.split('.')[0], **kwargs) + return self.cluster['cluster'] \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/facade/extra.py b/ScoutSuite/providers/kubernetes/facade/extra.py new file mode 100644 index 000000000..79efba711 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/extra.py @@ -0,0 +1,36 @@ +from ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade + + +class ExtraFacade(KubernetesBaseFacade): + def __init__(self, credentials): + super().__init__(credentials) + self.api_groups = None + + def get_resource_definitions(self) -> dict: + if self.resource_definitions != None: + return self.resource_definitions + + self.resource_definitions = self.get('/apis') + + return self.resource_definitions + + def get_resources(self) -> dict: + if self.data != None: return self.data + + data = {} + + extra_resources = self.get_resource_definitions() + for group in extra_resources['groups']: + for version in group['versions']: + endpoint = f'''/apis/{version['groupVersion']}''' + api_resources = self.get(endpoint) + for api_resource in api_resources['resources']: + if 'list' not in api_resource['verbs']: continue + endpoint = f'''/apis/{version['groupVersion']}/{api_resource['name']}''' + resources = self.get(endpoint)['items'] + key = api_resource['kind'] + data[key] = data.get(key, {}) + data[key][version['groupVersion']] = resources + + self.data = self.parse_data(data) + return self.data \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/facade/version.py b/ScoutSuite/providers/kubernetes/facade/version.py new file mode 100644 index 000000000..2ae014acb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/facade/version.py @@ -0,0 +1,15 @@ +from ScoutSuite.core.console import print_info +from ScoutSuite.providers.kubernetes.facade.base import KubernetesBaseFacade + + +class VersionFacade(KubernetesBaseFacade): + def __init__(self, credentials): + super().__init__(credentials) + + def get_versions(self) -> dict: + if self.data != None: + return self.data + + self.data = self.get('/version') + + return self.data diff --git a/ScoutSuite/providers/kubernetes/metadata.json b/ScoutSuite/providers/kubernetes/metadata.json new file mode 100755 index 000000000..2fe648808 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/metadata.json @@ -0,0 +1,81 @@ +{ + "_scout_suite_aggregation": { + "rbac": { + "resources": {}, + "summaries": { + "dangerous_grants": { + "path": "services.rbac.dangerous_grants" + }, + "dodgy_subjects": { + "path": "services.rbac.dodgy_subjects" + }, + "permissive_bindings": { + "path": "services.rbac.permissive_bindings" + } + } + }, + "workload": { + "resources": {}, + "summaries": { + "images": { + "path": "services.workload.images" + } + } + } + }, + "a": { + "loggingmonitoring": { + "resources": { + "diagnostic_settings": { + "path": "services.loggingmonitoring.subscriptions.id.diagnostic_settings" + }, + "log_alerts": { + "path": "services.loggingmonitoring.subscriptions.id.log_alerts" + }, + "log_profiles": { + "path": "services.loggingmonitoring.subscriptions.id.log_profiles" + }, + "resources_logging": { + "path": "services.loggingmonitoring.subscriptions.id.resources_logging" + } + } + } + }, + "e": { + "eks": { + "resources": { + "encryption": { + "path": "services.eks.encryption" + }, + "logging": { + "path": "services.eks.logging" + }, + "v_p_c": { + "path": "services.eks.v_p_c" + } + } + } + }, + "g": { + "kubernetesengine": { + "resources": { + "clusters": { + "path": "services.kubernetesengine.projects.id.clusters" + }, + "node_pools": { + "path": "services.kubernetesengine.projects.id.node_pools" + } + } + } + }, + "v": { + "version": { + "resources": { + "details": { + "cols": 1, + "path": "services.version.details" + } + } + } + } +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/provider.py b/ScoutSuite/providers/kubernetes/provider.py new file mode 100755 index 000000000..9f302853e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/provider.py @@ -0,0 +1,208 @@ +import os +import re + +from ScoutSuite.core.ruleset import Ruleset +from ScoutSuite.providers.base.provider import BaseProvider +from ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials +from ScoutSuite.providers.kubernetes.resources.workload import Workload +from ScoutSuite.providers.kubernetes.services import KubernetesServicesConfig +from ScoutSuite.utils import formatted_service_name + +class KubernetesProvider(BaseProvider): + """ + Implements provider for Kubernetes + """ + + services_requiring_finding_deduplication = { + 'daemon_set': True, + 'deployment': True, + 'replica_set': True, + 'stateful_set': True, + 'pod': True, + } + + composite_resources = { + 'loggingmonitoring': True, + 'eks': True, + 'kubernetesengine': True, + 'rbac': True, + 'version': True, + 'workload': True + } + + def __init__(self, **kwargs): + report_dir = kwargs.get('report_dir') + timestamp = kwargs.get('timestamp') + resources = kwargs.get('resources') or [] + skipped_resources = kwargs.get('skipped_resources') or [] + result_format = kwargs.get('result_format', 'json') + + self.credentials: KubernetesCredentials = kwargs.get('credentials') + self.metadata_path = f'{os.path.split(os.path.abspath(__file__))[0]}/metadata.json' + self.environment = 'kubernetes' + self.provider_code = 'kubernetes' + self.result_format = result_format + self.services_config = KubernetesServicesConfig + self.account_id = self.credentials.cluster_context + self.provider_name = formatted_service_name.get(self.credentials.cluster_provider) or 'Kubernetes' + + self.original_containers = { + 'cron_job': [], + 'deployment': [], + 'job': [], + 'pod': [], + 'pod_template': [], + 'replica_set': [], + 'stateful_set': [], + } + + super().__init__(report_dir, timestamp, resources, skipped_resources, result_format) + + def get_report_name(self): + """ + Returns the name of the report using the provider's configuration + """ + return f'''kubernetes-{self.credentials.cluster_context.replace(':', '-')}''' + + def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): + provider = self.credentials.cluster_provider + + # delete cloud-specific services if necessary + if provider != ClusterProvider.AKS.value: + # TODO: have actual AKS findings + if self.metadata.get(ClusterProvider.AKS.value[0]) and self.metadata[ClusterProvider.AKS.value[0]].get('loggingmonitoring'): + del self.metadata[ClusterProvider.AKS.value[0]]['loggingmonitoring'] + if provider != ClusterProvider.EKS.value: + if self.metadata.get(ClusterProvider.EKS.value[0]) and self.metadata[ClusterProvider.EKS.value[0]].get(ClusterProvider.EKS.value): + del self.metadata[ClusterProvider.EKS.value[0]][ClusterProvider.EKS.value] + if provider != ClusterProvider.GKE.value: + if self.metadata.get(ClusterProvider.GKE.value[0]) and self.metadata[ClusterProvider.GKE.value[0]].get('kubernetesengine'): + del self.metadata[ClusterProvider.GKE.value[0]]['kubernetesengine'] + + # delete empty service groups + service_groups_to_delete = [] + for service_group_name in self.metadata: + if len(self.metadata[service_group_name]) == 0: + service_groups_to_delete.append(service_group_name) + + for group_name in service_groups_to_delete: + del self.metadata[group_name] + + for service_name in Workload.container_path_prefixes: + keys = Workload.container_path_prefixes[service_name] + service = self.services.get(service_name) + if not service: continue + versions = self._get_resource_versions(service) + for version in versions: + resources = service[version]['resources'] + for resource_id in resources: + spec = resources[resource_id] + for key in keys: + spec = spec[key] + + containers = spec['containers'] + self.original_containers[service_name] = list(containers) + init_containers = spec.get('initContainers', []) + ephemeral_containers = spec.get('ephemeralContainers', []) + + containers.extend(init_containers) + containers.extend(ephemeral_containers) + + return super().preprocessing(ip_ranges, ip_ranges_name_key) + + def postprocessing(self, current_time, ruleset: Ruleset, run_parameters): + self._postprocess_regular_resources() + self._postprocess_composite_resource('workload') + self._postprocess_composite_resource('rbac') + + for service_name in Workload.container_path_prefixes: + keys = Workload.container_path_prefixes[service_name] + service = self.services.get(service_name) + if not service: continue + versions = self._get_resource_versions(service) + for version in versions: + resources = service[version]['resources'] + for resource_id in resources: + spec = resources[resource_id] + for key in keys: + spec = spec[key] + + spec['containers'] = self.original_containers[service_name] + + ## TODO: This needs to look better. + # service_names = self._get_resource_versions(self.services['workload']) + # for service_name in service_names: + # for finding_name in self.services[service_name]['findings']: + # self.services['workload']['findings'][finding_name] = self.services[service_name]['findings'][finding_name] + + return super().postprocessing(current_time, ruleset, run_parameters) + + def _get_resource_versions(self, service: dict): + versions = filter(lambda key: service.get(f'{key}_count') != None, service) + return list(versions) + + def _load_resource_metadata(self, service_group, service_name, versions): + self.metadata[service_group] = self.metadata.get(service_group, {}) + self.metadata[service_group][service_name] = self.metadata[service_group].get(service_name, {}) + self.metadata[service_group][service_name]['resources'] = self.metadata[service_group][service_name].get('resources', {}) + self.metadata[service_group][service_name]['summaries'] = self.metadata[service_group][service_name].get('summaries', {}) + + for version in versions: + self.metadata[service_group][service_name]['resources'][version] = { + 'path': f'services.{service_name}.{version}' + } + + def _postprocess_regular_resources(self): + for service_name in self.services: + service_group = service_name[0] + service = self.services[service_name] + + if self.composite_resources.get(service_name): continue + + service_requires_finding_deduplication = self.services_requiring_finding_deduplication.get(service_name, False) + + versions = self._get_resource_versions(service) + self._load_resource_metadata(service_group, service_name, versions) + + # post-process findings + standalone_resources = {} + standalone_resources_tampered = False + + for version in versions: + # finding de-duplication + if not service_requires_finding_deduplication: continue + service_resources = self.services[service_name][version]['resources'] + for name in service_resources: + if not service_resources[name].get('ownerReferences'): + standalone_resources[f'''{service_name}.{version}.resources.{name}'''] = True + standalone_resources_tampered = True + + # remove resources that have owner references from findings + findings = self.services[service_name]['findings'] + for finding_name in findings: + finding = findings[finding_name] + + actual_finding_items = [] + for finding_item in finding['items']: + # e.g. pod.v1.resources.pod-name + if '.'.join(finding_item.split('.')[:4]) in standalone_resources: + actual_finding_items.append(finding_item) + + if standalone_resources_tampered: + finding['items'] = actual_finding_items + finding['checked_items'] = len(standalone_resources) + finding['flagged_items'] = min(finding['checked_items'], len(finding['items'])) + + for version in versions: + items = finding['items'] + for i in range(len(items)): + expression = f'^{service_name}\.{version}\.resources' + items[i] = re.sub(expression, f'{service_name}.{version}', items[i]) + + def _postprocess_composite_resource(self, composite_resource_name): + service_group = '_scout_suite_aggregation' + self.metadata[service_group] = self.metadata.get(service_group, {}) + + service = self.services[composite_resource_name] + versions = self._get_resource_versions(service) + self._load_resource_metadata(service_group, composite_resource_name, versions) \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/resources/__init__.py b/ScoutSuite/providers/kubernetes/resources/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/kubernetes/resources/aks.py b/ScoutSuite/providers/kubernetes/resources/aks.py new file mode 100644 index 000000000..bcbfa6c12 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/aks.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.azure.resources.subscriptions import Subscriptions +from ScoutSuite.providers.azure.resources.loggingmonitoring.log_profiles import LogProfiles +from ScoutSuite.providers.azure.resources.loggingmonitoring.diagnostic_settings import DiagnosticSettings +from ScoutSuite.providers.azure.resources.loggingmonitoring.activity_log_alerts import ActivityLogAlerts +from ScoutSuite.providers.azure.resources.loggingmonitoring.resources import Resources + + +class AKS(Subscriptions): + _children = [ + (LogProfiles, 'log_profiles'), + (DiagnosticSettings, 'diagnostic_settings'), + (ActivityLogAlerts, 'log_alerts'), + (Resources, 'resources_logging') + ] diff --git a/ScoutSuite/providers/kubernetes/resources/base.py b/ScoutSuite/providers/kubernetes/resources/base.py new file mode 100755 index 000000000..9331f0174 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/base.py @@ -0,0 +1,47 @@ +"""This module provides implementations for Resources for Kubernetes.""" + +from ScoutSuite.providers.kubernetes.facade import KubernetesFacade +from ScoutSuite.providers.base.resources.base import CompositeResources, Resources + + +class KubernetesResources(Resources): + """This is the base class for Kubernetes resources.""" + + def __init__(self, resources): + self.resources = resources + + async def fetch_all(self): + for version in self.resources: + data = self.resources[version] + self[version] = data + self[f'''{version}_count'''] = len(data['resources']) + +class KubernetesResourcesWithFacade(Resources): + """This is the base class for Kubernetes resources.""" + + def __init__(self, facade: KubernetesFacade): + super().__init__(facade) + self.facade = facade + + def save(self, data): + if not data: return + for version in data: + self[version] = data[version] + +class KubernetesCompositeResources(KubernetesResourcesWithFacade, CompositeResources): + """This class represents a collection of KubernetesResources. Classes extending KubernetesResourcesWithFacade should define a + "_children" attribute which consists of a list of tuples describing the children. The tuples are expected to + respect the following format: (, ). The child_name is used by indicates the name under + which the child will be stored in the parent object. + """ + + async def fetch_all(self): + for child_class, child_name in self._children: + data: KubernetesResourcesWithFacade = child_class(self.facade) + await data.fetch_all() + + self[child_name] = {} + for version in data: + self[child_name][version] = 1 + self[f'{child_name}_{version}'] = data[version] + self[f'{child_name}_{version}_count'] = len(data[version]['resources']) \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/resources/eks.py b/ScoutSuite/providers/kubernetes/resources/eks.py new file mode 100644 index 000000000..e0312a09e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/eks.py @@ -0,0 +1,60 @@ +from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade + + +class ControlPlaneLogging(KubernetesResourcesWithFacade): + async def fetch_all(self): + if not self.facade.eks: + return + + cluster = self.facade.eks.get_cluster() + + ''' + Example output of `logging_configs`: + [ + {'types': ['controllerManager', 'scheduler'], 'enabled': True}, + {'types': ['api', 'audit', 'authenticator'], 'enabled': False} + ] + ''' + logging_config = cluster['logging']['clusterLogging'] + for item in logging_config: + for log_type in item['types']: + item['name'] = log_type + item['id'] = log_type + self[log_type] = { + 'name': log_type, + 'id': log_type, + 'enabled': item['enabled'] + } + +class KMSEncryption(KubernetesResourcesWithFacade): + async def fetch_all(self): + if not self.facade.eks: + return + + cluster = self.facade.eks.get_cluster() + encryption_config = cluster.get('encryptionConfig') or [] + + for item in encryption_config: + arn = item['provider']['keyArn'] + item['name'] = arn + item['id'] = arn + self[arn] = item + +class ResourcesVPCConfig(KubernetesResourcesWithFacade): + async def fetch_all(self): + if not self.facade.eks: + return + + cluster = self.facade.eks.get_cluster() + vpc_config = cluster['resourcesVpcConfig'] + + self[vpc_config['vpcId']] = cluster['resourcesVpcConfig'] + self[vpc_config['vpcId']]['id'] = vpc_config['vpcId'] + self[vpc_config['vpcId']]['name'] = vpc_config['vpcId'] + +class EKS(KubernetesCompositeResources): + _children = [ + (ControlPlaneLogging, 'logging'), + (KMSEncryption, 'encryption'), + (ResourcesVPCConfig, 'v_p_c'), + ] diff --git a/ScoutSuite/providers/kubernetes/resources/fake_network_policy.py b/ScoutSuite/providers/kubernetes/resources/fake_network_policy.py new file mode 100644 index 000000000..1eb5a1634 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/fake_network_policy.py @@ -0,0 +1,9 @@ +from ScoutSuite.providers.kubernetes.resources.base import KubernetesResourcesWithFacade + + +class FakeNetworkPolicy(KubernetesResourcesWithFacade): + '''Created to display network policy findings in the event that the cluster has no network policies.''' + + async def fetch_all(self): + self['v1'] = {} + self['v1_count'] = 0 \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/resources/gke.py b/ScoutSuite/providers/kubernetes/resources/gke.py new file mode 100644 index 000000000..52c5a6de6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/gke.py @@ -0,0 +1,8 @@ +from ScoutSuite.providers.gcp.resources.gke.clusters import Clusters +from ScoutSuite.providers.gcp.resources.projects import Projects + + +class GKE(Projects): + _children = [ + (Clusters, 'clusters') + ] \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/resources/rbac.py b/ScoutSuite/providers/kubernetes/resources/rbac.py new file mode 100644 index 000000000..1f053c1ba --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/rbac.py @@ -0,0 +1,124 @@ +from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade + + +class ClusterRoles(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('cluster_role') + self.save(data) + +class ClusterRoleBindings(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('cluster_role_binding') + self.save(data) + +class Roles(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('role') + self.save(data) + +class RoleBindings(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('role_binding') + self.save(data) + +class RBAC(KubernetesCompositeResources): + _children = [ + (ClusterRoles, 'cluster_role'), + (ClusterRoleBindings, 'cluster_role_binding'), + (Roles, 'role'), + (RoleBindings, 'role_binding'), + ] + + PERMISSIVE_BINDING_KEYWORDS = ['admin', 'secret', 'manage', 'root'] + DODGY_SUBJECTS = ['system:unauthenticated', 'system:authenticated', 'system:anonymous'] + DANGEROUS_GRANTS = [ + ('create', 'pods'), + ('create', 'pods/exec'), + ('get', 'secrets'), + ('get', 'configmaps'), + ('escalate', ''), + ('impersonate', ''), + ] + + KEY_PERMISSIVE_BINDINGS = 'permissive_bindings' + KEY_DODGY_SUBJECTS = 'dodgy_subjects' + KEY_DANGEROUS_GRANTS = 'dangerous_grants' + + async def finalize(self): + self[self.KEY_PERMISSIVE_BINDINGS] = {} + self[self.KEY_DODGY_SUBJECTS] = {} + self[self.KEY_DANGEROUS_GRANTS] = {} + + for child_name in ['cluster_role_binding', 'role_binding']: + for version in self[child_name]: + resources = self[f'{child_name}_{version}']['resources'] + for binding_name in resources: + binding = resources[binding_name] + role_name: str = binding['metadata']['name'] + + # set permissive bindings for cluster roles and roles + for keyword in self.PERMISSIVE_BINDING_KEYWORDS: + if keyword.lower() in role_name.lower(): + self[self.KEY_PERMISSIVE_BINDINGS][f'''{binding['kind']}/{role_name}'''] = binding + + # set dodgy subjects + for subject in binding['data'].get('subjects') or []: + if subject['name'] in self.DODGY_SUBJECTS: + subject_namespace = f'''[{subject['namespace']}] ''' if subject.get('namespace') else '' + action = f'''{subject_namespace}{binding['version']}/{subject['kind']}/{subject['name']}''' + dodgy_subjects = self[self.KEY_DODGY_SUBJECTS].get(action, []) + dodgy_subjects.append(binding) + self[self.KEY_DODGY_SUBJECTS][action] = dodgy_subjects + + for dangerous_verb, dangerous_resource in self.DANGEROUS_GRANTS: + action = f'{dangerous_verb} {dangerous_resource}' if dangerous_resource else dangerous_verb + self[self.KEY_DANGEROUS_GRANTS][action] = [] + + child_name = 'cluster_role' + for version in self[child_name]: + resources = self[f'{child_name}_{version}']['resources'] + for role_name in resources: + role = resources[role_name] + + for rule in role['data'].get('rules') or []: + + verb_is_dangerous = False + resource_is_dangerous = False + + for verb in rule['verbs']: + if verb in ['*', dangerous_verb]: + verb_is_dangerous = True + break + + for _resources in rule.get('resources') or []: + if _resources in ['*', dangerous_resource] or dangerous_resource == '': + dangerous_resource = _resources + resource_is_dangerous = True + break + + if not (verb_is_dangerous and resource_is_dangerous): + continue + + binding_child_name = 'cluster_role_binding' + for binding_version in self[binding_child_name]: + binding_resources = self[f'{binding_child_name}_{binding_version}']['resources'] + for binding_name in binding_resources: + binding = binding_resources[binding_name] + + if binding['data']['roleRef']['name'] != role_name.split('_')[-1]: + continue + + subjects = binding['data']['subjects'] or [] + if len(subjects) == 0: + continue + + for subject in subjects: + self[self.KEY_DANGEROUS_GRANTS][action].append({ + 'kind': subject['kind'], + 'name': subject['name'], + 'verb': dangerous_verb, + 'resource': dangerous_resource or '-', + 'binding_kind': binding['data']['roleRef']['kind'], + 'binding_name': binding['metadata']['name'], + 'namespace': subject.get('namespace') or '-' + }) diff --git a/ScoutSuite/providers/kubernetes/resources/version.py b/ScoutSuite/providers/kubernetes/resources/version.py new file mode 100644 index 000000000..8082e22d4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/version.py @@ -0,0 +1,10 @@ +from ScoutSuite.providers.kubernetes.resources.base import KubernetesResourcesWithFacade + + +class KubernetesVersions(KubernetesResourcesWithFacade): + async def fetch_all(self): + details = self.facade.version.get_versions() + self['details'] = { + 'v1': details + } + self['details_count'] = len(details) diff --git a/ScoutSuite/providers/kubernetes/resources/workload.py b/ScoutSuite/providers/kubernetes/resources/workload.py new file mode 100644 index 000000000..92fed5196 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/resources/workload.py @@ -0,0 +1,90 @@ +from ScoutSuite.providers.kubernetes.resources.base import KubernetesCompositeResources, KubernetesResourcesWithFacade + +class Pod(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.core.get_resources().get('pod') + self.save(data) + +class PodTemplate(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.core.get_resources().get('pod_template') + self.save(data) + +class CronJob(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('cron_job') + self.save(data) + +class DaemonSet(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('daemon_set') + self.save(data) + +class Deployment(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('deployment') + self.save(data) + +class Job(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('job') + self.save(data) + +class ReplicaSet(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('replica_set') + self.save(data) + +class StatefulSet(KubernetesResourcesWithFacade): + async def fetch_all(self): + data = self.facade.extra.get_resources().get('stateful_set') + self.save(data) + +class Workload(KubernetesCompositeResources): + _children = [ + (Pod, 'pod'), + (PodTemplate, 'pod_template'), + (CronJob, 'cron_job'), + (DaemonSet, 'daemon_set'), + (Deployment, 'deployment'), + (Job, 'job'), + (ReplicaSet, 'replica_set'), + (StatefulSet, 'stateful_set') + ] + + container_path_prefixes = { + 'pod': ['data', 'spec'], + 'daemon_set': ['data', 'spec', 'template', 'spec'], + 'deployment': ['data', 'spec', 'template', 'spec'], + 'replica_set': ['data', 'spec', 'template', 'spec'], + 'pod_template': ['data', 'spec', 'template', 'spec'], + 'stateful_set': ['data', 'spec', 'template', 'spec'], + 'job': ['data', 'spec', 'template', 'spec'], + 'cron_job': ['data', 'spec', 'jobTemplate', 'spec', 'template', 'spec'] + } + + async def finalize(self): + self['images'] = [] + + for _, child_name in self._children: + for version in self[child_name]: + resources = self[f'{child_name}_{version}']['resources'] + for resource_name in resources: + spec = resources[resource_name] + for key in self.container_path_prefixes[child_name]: + spec = spec[key] + + containers = spec['containers'] + for container in containers: + self['images'].append(container['image']) + + init_containers = spec.get('initContainers', []) + for container in init_containers: + self['images'].append(container['image']) + + ephemeral_containers = spec.get('ephemeralContainers', []) + for container in ephemeral_containers: + self['images'].append(container['image']) + + self['images'] = list(set(self['images'])) + self['images'].sort() \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json b/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json new file mode 100644 index 000000000..e9043c763 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json @@ -0,0 +1,18 @@ +{ + "description": "Unnecessary Secrets in ConfigMap", + "rationale": "Kubernetes administrators are encouraged to review secrets in ConfigMap manifests and remove the unnecessary ones.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/configmap/" + ], + "dashboard_name": "ConfigMaps", + "path": "config_map.v1.resources.id", + "display_path": "config_map.v1.id", + "conditions": [ + "or", + [ + "data", + "notNull", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json new file mode 100644 index 000000000..90cda9420 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "cron_job.v1-batch.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json new file mode 100755 index 000000000..2526d6108 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..1e77c6b57 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.jobTemplate.spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..b50fe6aeb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json new file mode 100644 index 000000000..ea0e30305 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json new file mode 100644 index 000000000..b111b7394 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..9f26cb4ec --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json new file mode 100644 index 000000000..f126cd9de --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json new file mode 100644 index 000000000..bcc0c37c2 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "CronJobs Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json new file mode 100644 index 000000000..ef021411a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "CronJobs Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "withKey", + "host_network" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json new file mode 100644 index 000000000..460e00005 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "CronJobs Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..53c110df6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json @@ -0,0 +1,59 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json new file mode 100644 index 000000000..b646d0eb1 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "and", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..4d96c5464 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json new file mode 100644 index 000000000..9f2211ef9 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json @@ -0,0 +1,33 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources", + "display_path": "cron_job.v1-batch.id", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..d1ec6fa19 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "CronJobs", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", + "display_path": "cron_job.v1-batch.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json new file mode 100644 index 000000000..e08e509a4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "daemon_set.v1-apps.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json new file mode 100755 index 000000000..216ed95b8 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..cd9d0b653 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,31 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.readOnlyRootFilesystem", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..0621aea4e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json @@ -0,0 +1,30 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "null", + "" + ], + [ + "daemonset.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "daemonset.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json new file mode 100644 index 000000000..5ab9e1b96 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json @@ -0,0 +1,25 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "runAsGroup", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "notNull", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json new file mode 100644 index 000000000..c3feb2a0d --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json @@ -0,0 +1,25 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "runAsUser", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "notNull", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..54c0fa9fa --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "capabilities" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json new file mode 100644 index 000000000..39d2fa8d6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json @@ -0,0 +1,30 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.runAsNonRoot", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.runAsNonRoot", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json new file mode 100644 index 000000000..1ca2e9156 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "DaemonSets Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json new file mode 100644 index 000000000..3bd2c9328 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "DaemonSets Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json new file mode 100644 index 000000000..89c5716fa --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "DaemonSets Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..86e28c297 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json @@ -0,0 +1,54 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "capabilities" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json new file mode 100644 index 000000000..c70f61811 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..0a2449771 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json new file mode 100644 index 000000000..ae69428aa --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json @@ -0,0 +1,36 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "display_path": "daemon_set.v1-apps.id", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "and", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..d938fc7e4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "DaemonSets", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "daemon_set.v1-apps.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json new file mode 100644 index 000000000..8a97fff7c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "deployment.v1-apps.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json new file mode 100755 index 000000000..4d55af24a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "deployment.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..0fb483c99 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..64bb55d30 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json new file mode 100644 index 000000000..f16ff2519 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json new file mode 100644 index 000000000..2adbf94ee --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..477c6ff56 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json new file mode 100644 index 000000000..908694e4e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json new file mode 100644 index 000000000..885f3b527 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "Deployments Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json new file mode 100644 index 000000000..bdb2bd1f9 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "Deployments Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json new file mode 100644 index 000000000..9b41ae269 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "Deployments Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..ca878bbf7 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json @@ -0,0 +1,59 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json new file mode 100644 index 000000000..012f86e78 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "and", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..d201c4406 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json new file mode 100644 index 000000000..129ece4f5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json @@ -0,0 +1,33 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "display_path": "deployment.v1-apps.id", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..aa83ce4fb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Deployments", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "deployment.v1-apps.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-insufficient-control-plane-logging.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-insufficient-control-plane-logging.json new file mode 100644 index 000000000..89b6b7221 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-insufficient-control-plane-logging.json @@ -0,0 +1,18 @@ +{ + "description": "Insufficient Control Plane Logging", + "rationale": "Certain logging options are disabled in the EKS control plane, creating difficulties in asserting accountability.", + "references": [ + "https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html" + ], + "dashboard_name": "Configurations", + "path": "eks.logging.id", + "conditions": [ + "or", + [ + "enabled", + "false", + "" + ] + ], + "id_suffix": "enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json new file mode 100644 index 000000000..373153b40 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json @@ -0,0 +1,22 @@ +{ + "description": "KMS Encryption Disabled", + "rationale": "Without KMS encryption, it may be easier to obtain Kubernetes cluster secrets unauthorized.", + "references": [ + "https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html", + "https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/", + "https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html", + "https://docs.aws.amazon.com/kms/latest/developerguide/overview.html", + "https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" + ], + "dashboard_name": "Configurations", + "path": "eks", + "display_path": "eks.encryption.id", + "conditions": [ + "or", + [ + "eks.encryption_count", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json new file mode 100644 index 000000000..0340d4ffd --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json @@ -0,0 +1,24 @@ + +{ + "description": "Publically Accessible API Server", + "rationale": " A publically accessible Kubernetes API server may enable arbitrary view or modification of cluster data.", + "references": [ + "https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/", + "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html" + ], + "dashboard_name": "VPC Configs", + "path": "eks.vpc.config", + "conditions": [ + "and", + [ + "eks.vpc.config.endpointPublicAccess", + "true", + "" + ], + [ + "eks.vpc.config.publicAccessCidrs", + "containAtLeastOneOf", + "0.0.0.0/0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json new file mode 100644 index 000000000..d932aa696 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id", + "display_path": "job.v1-batch.id", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "job.v1-batch.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json new file mode 100755 index 000000000..376098384 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id", + "display_path": "job.v1-batch.id", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "job.v1-batch.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..cea75abc2 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..955ea53dd --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json new file mode 100644 index 000000000..d2fd43159 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json new file mode 100644 index 000000000..152870732 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..4913f5ce2 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json new file mode 100644 index 000000000..5f195473a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json new file mode 100644 index 000000000..d10777fb1 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "Jobs Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec", + "display_path": "job.v1-batch.id", + "conditions": [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json new file mode 100644 index 000000000..f0a0bdd14 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "Jobs Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec", + "display_path": "job.v1-batch.id", + "conditions": [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json new file mode 100644 index 000000000..6eeaaca63 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "Jobs Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec", + "display_path": "job.v1-batch.id", + "conditions": [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..bd299216c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json @@ -0,0 +1,59 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json new file mode 100644 index 000000000..bd67d653e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "conditions": [ + "and", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..e562e067a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json new file mode 100644 index 000000000..2cca82304 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json @@ -0,0 +1,33 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources", + "display_path": "job.v1-batch.id", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..95aa99833 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Jobs", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", + "display_path": "job.v1-batch.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-basic-authentication-enabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-basic-authentication-enabled.json new file mode 100644 index 000000000..07a48f83b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-basic-authentication-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "Basic Authentication Enabled", + "rationale": "Basic authentication allows a user to authenticate to the cluster with a username and password and it is stored in plain text without any encryption. Disabling Basic authentication will prevent attacks like brute force. Its recommended to use either client certificate or IAM for authentication.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.10" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.basic_authentication_enabled", + "true", + "" + ] + ], + "id_suffix": "basic_authentication_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-certificate-authentication-enabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-certificate-authentication-enabled.json new file mode 100644 index 000000000..6a86c2513 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-certificate-authentication-enabled.json @@ -0,0 +1,27 @@ +{ + "description": "Certificate Authentication Enabled", + "rationale": "Unless applications use the client certificate authentication method, it should be disabled.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#evaluation_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.client_certificate_enabled", + "true", + "" + ] + ], + "id_suffix": "client_certificate_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json new file mode 100644 index 000000000..b066f9363 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-alias-ip-disabled.json @@ -0,0 +1,32 @@ +{ + "description": "Alias IP Disabled", + "rationale": "With Alias IPs ranges enabled, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform. This makes your cluster more scalable and allows your cluster to better interact with other GCP products and entities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.13" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.alias_ip_enabled", + "false", + "" + ] + ], + "id_suffix": "alias_ip_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json new file mode 100644 index 000000000..994d3496f --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-application-layer-encryption-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Application-Layer Secrets Encryption Disabled", + "rationale": "By default, GKE encrypts customer content stored at rest, including Secrets. GKE handles and manages this default encryption without any additional action.
    Application-layer Secrets Encryption provides an additional layer of security for sensitive data, such as user defined Secrets and Secrets required for the operation of the cluster, such as service account keys, which are all stored in etcd.
    Using this functionality, you can use a key, that you manage in Cloud KMS, to encrypt data at the application layer. This protects against attackers in the event that they manage to gain access to etcd.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.3.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "application_layer_encryption_enabled", + "false", + "" + ] + ], + "id_suffix": "application_layer_encryption_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json new file mode 100644 index 000000000..01548ced5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-binary-authorization-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Binary Authorization Disabled", + "rationale": "Binary Authorization provides software supply-chain security for images that you deploy to GKE from Google Container Registry (GCR) or another container image registry.
    Binary Authorization requires images to be signed by trusted authorities during the development process. These signatures are then validated at deployment time. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/binary-authorization/" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.binary_authorization_enabled", + "false", + "" + ] + ], + "id_suffix": "binary_authorization_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-has-no-labels.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-has-no-labels.json new file mode 100644 index 000000000..893ce41df --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-has-no-labels.json @@ -0,0 +1,25 @@ +{ + "description": "Clusters Lacking Labels", + "rationale": "Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings. Labels can also be used to apply specific security settings and auto configure objects at creation.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.5" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_namespaces_and_rbac_to_restrict_access_to_cluster_resources" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.has_labels", + "false", + "" + ] + ], + "id_suffix": "has_no_labels" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-logging-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-logging-disabled.json new file mode 100644 index 000000000..3e9bd708c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-logging-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Cluster Logging Disabled", + "rationale": "You should enable cluster logging and use a logging service so your cluster can export logs about its activities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.1" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.7.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://kubernetes.io/docs/tasks/debug-application-cluster/audit/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.logging_enabled", + "false", + "" + ] + ], + "id_suffix": "logging_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json new file mode 100644 index 000000000..9877923eb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-master-authorized-networks-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Master Authorized Networks Disabled", + "rationale": "Master authorized networks blocks untrusted IP addresses from outside Google Cloud Platform. Addresses from inside GCP can still reach your master through HTTPS provided that they have the necessary Kubernetes credentials.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.4" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.master_authorized_networks_enabled", + "false", + "" + ] + ], + "id_suffix": "master_authorized_networks_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json new file mode 100644 index 000000000..50562a2f3 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-metadata-server-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "GKE Metadata Server Disabled", + "rationale": "Every GKE node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM instance identity token, is sensitive and should not be exposed to a Kubernetes workload.
    Enabling the GKE Metadata server prevents pods (that are not running on the host network) from accessing this metadata and facilitates Workload Identity.
    When unspecified, the default setting allows running pods to have full access to the node's underlying metadata server.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.4.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata#concealment" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "metadata_server_enabled", + "false", + "" + ] + ], + "id_suffix": "metadata_server_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-monitoring-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-monitoring-disabled.json new file mode 100644 index 000000000..e0c63928e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-monitoring-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Cluster Monitoring Disabled", + "rationale": "You should enable cluster monitoring and use a monitoring service so your cluster can export metrics about its activities.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.2" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.7.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#stackdriver_logging", + "https://cloud.google.com/monitoring/kubernetes-engine#about-skm", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.monitoring_enabled", + "false", + "" + ] + ], + "id_suffix": "monitoring_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-network-policy-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-network-policy-disabled.json new file mode 100644 index 000000000..b27dd6091 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-network-policy-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Network Policy Disabled", + "rationale": "By default, pods are non-isolated; they accept traffic from any source. Pods become isolated by having a NetworkPolicy that selects them. Once there is any NetworkPolicy in a namespace selecting a particular pod, that pod will reject any connections that are not allowed by any NetworkPolicy.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.11" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.7" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_with_network_policy", + "https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#network_security", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.network_policy_enabled", + "false", + "" + ] + ], + "id_suffix": "network_policy_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json new file mode 100644 index 000000000..1539bef66 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-pod-security-policy-config-disabled.json @@ -0,0 +1,34 @@ +{ + "description": "Pod Security Policy Disabled", + "rationale": "A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields.", + "remediation": "Enable the Pod Security Policy. By default, Pod Security Policy is disabled when you create a new cluster.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.14" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.pod_security_policy_enabled", + "false", + "" + ] + ], + "id_suffix": "pod_security_policy_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json new file mode 100644 index 000000000..c9e380b03 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-endpoint-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Private Cluster Endpoint Disabled", + "rationale": "In a private cluster, the master node has two endpoints, a private and public endpoint. The private endpoint is the internal IP address of the master, behind an internal load balancer in the master's VPC network. Nodes communicate with the master using the private endpoint. The public endpoint enables the Kubernetes API to be accessed from outside the master's VPC network.
    Although Kubernetes API requires an authorized token to perform sensitive actions, a vulnerability could potentially expose the Kubernetes publicly with unrestricted access. Additionally, an attacker may be able to identify the current cluster and Kubernetes API version and determine whether it is vulnerable to an attack.
    Unless required, disabling public endpoint will help prevent such threats, and require the attacker to be on the master's VPC network to perform any attack on the Kubernetes API.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.15" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on", + "https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.private_endpoint_enabled", + "false", + "" + ] + ], + "id_suffix": "private_endpoint_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json new file mode 100644 index 000000000..27c016149 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-private-google-access-disabled.json @@ -0,0 +1,25 @@ +{ + "description": "Private Google Access Disabled", + "rationale": "Enabling Private Google Access allows hosts on a subnetwork to use a private IP address to reach Google APIs rather than an external IP address.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.16" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.private_ip_google_access_enabled", + "false", + "" + ] + ], + "id_suffix": "private_ip_google_access_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json new file mode 100644 index 000000000..cb0ed50bb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json @@ -0,0 +1,29 @@ +{ + "description": "Cluster not Subscribed to Release Channel", + "rationale": "Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.
    The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.
    The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.
    Critical security patches are delivered to all release channels.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.release_channel", + "containNoneOf", + [ + "REGULAR", + "STABLE" + ] + ] + ], + "id_suffix": "release_channel" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json new file mode 100644 index 000000000..bc1c95641 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-shielded-nodes-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Shielded GKE Nodes Disabled", + "rationale": "Shielded GKE nodes protects clusters against boot- or kernel-level malware or rootkits which persist beyond infected OS.
    Shielded GKE nodes run firmware which is signed and verified using Google's Certificate Authority, ensuring that the nodes' firmware is unmodified and establishing the root of trust for Secure Boot. GKE node identity is strongly protected via virtual Trusted Platform Module (vTPM) and verified remotely by the master node before the node joins the cluster.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.shielded_nodes_enabled", + "false", + "" + ] + ], + "id_suffix": "shielded_nodes_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json new file mode 100644 index 000000000..d1a787aab --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json @@ -0,0 +1,26 @@ +{ + "description": "Workload Identity Disabled", + "rationale": "Enabling Workload Identity manages the distribution and rotation of Service account keys for the workloads to use.
    Kubernetes workloads should not use cluster node service accounts to authenticate to Google Cloud APIs. Each Kubernetes Workload that needs to authenticate to other Google services using Cloud IAM should be provisioned a dedicated Service account.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.2.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "workload_identity_enabled", + "true", + "" + ] + ], + "id_suffix": "workload_identity_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-dashboard-enabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-dashboard-enabled.json new file mode 100644 index 000000000..14d4fe202 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-dashboard-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "Kubernetes Dashboard Enabled", + "rationale": "You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account. The Cloud Console provides much of the same functionality, so you don't need this functionality.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.6" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.10.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.dashboard_status", + "equal", + "Enabled" + ] + ], + "id_suffix": "dashboard_status" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-default-service-account-used.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-default-service-account-used.json new file mode 100644 index 000000000..57ed6df29 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-default-service-account-used.json @@ -0,0 +1,32 @@ +{ + "description": "Default Service Account in Use", + "rationale": "Each GKE node has a Service Account associated with it. By default, nodes are given the Compute Engine default service account. This account has broad access by default, making it useful to wide variety of applications, but it has more permissions than are required to run your Kubernetes Engine cluster. You should create and use a minimally privileged service account to run your GKE cluster instead of using the Compute Engine default service account.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.17" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.2.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.service_account", + "equal", + "default" + ] + ], + "id_suffix": "default_service_account_used" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-abac-enabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-abac-enabled.json new file mode 100644 index 000000000..9e20d8383 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-abac-enabled.json @@ -0,0 +1,32 @@ +{ + "description": "Legacy Authorization (ABAC) Enabled", + "rationale": "The legacy authorizer in Kubernetes grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.3" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.8.4" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#leave_abac_disabled_default_for_110", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.legacy_abac_enabled", + "true", + "" + ] + ], + "id_suffix": "legacy_abac_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json new file mode 100644 index 000000000..9867864b8 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-legacy-metadata-endpoints-enabled.json @@ -0,0 +1,28 @@ +{ + "description": "Legacy Metadata Endpoints Enabled", + "rationale": "The instance metadata server exposed legacy v0.1 and v1beta1 endpoints, which do not enforce metadata query headers. This is a feature in the v1 APIs that makes it more difficult for a potential attacker to retrieve instance metadata, such as Server-Side Request Forgery (SSRF). Unless specifically required, we recommend you disable these legacy APIs.", + "compliance": [ + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.4.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#protect_node_metadata_default_for_112", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.legacy_metadata_endpoints_enabled", + "true", + "" + ] + ], + "id_suffix": "legacy_metadata_endpoints_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-repair-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-repair-disabled.json new file mode 100644 index 000000000..951f2a196 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-repair-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Nodes with Auto-Repair Disabled", + "rationale": "Auto-repair helps maintain the cluster nodes in a healthy, running state.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.7" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.2" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.auto_repair_enabled", + "false", + "" + ] + ], + "id_suffix": "auto_repair_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json new file mode 100644 index 000000000..b0af4d824 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-auto-upgrade-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Nodes with Auto-Upgrade Disabled", + "rationale": "Auto-upgrades automatically ensures that security updates are applied and kept up to date.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.8" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.3" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.auto_upgrade_enabled", + "false", + "" + ] + ], + "id_suffix": "auto_upgrade_disabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json new file mode 100644 index 000000000..ea62af734 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-container-optimized-os-not-used.json @@ -0,0 +1,36 @@ +{ + "description": "Lack of Container-Optimized OS Node Images", + "rationale": "It is recommended to use container-optimized OS images, as they provide improved support, security and stability.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.9" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.5.1" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on", + "https://cloud.google.com/kubernetes-engine/docs/concepts/node-images" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.image_type", + "containNoneOf", + [ + "COS", + "COS_CONTAINERD" + ] + ] + ], + "id_suffix": "container_optimized_os_not_used" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json new file mode 100644 index 000000000..56cc0b1b5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-integrity-monitoring-disabled.json @@ -0,0 +1,21 @@ +{ + "description": "Nodes with Integrity Monitoring Disabled", + "rationale": "The Integrity Monitoring feature should be enabled for GKE cluster nodes in order to monitor and automatically check the runtime boot integrity of shielded cluster nodes using Cloud Monitoring service.", + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.integrity_monitoring_enabled", + "false", + "" + ] + ], + "id_suffix": "integrity_monitoring_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-secure-boot-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-secure-boot-disabled.json new file mode 100644 index 000000000..9f93187d3 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-node-secure-boot-disabled.json @@ -0,0 +1,21 @@ +{ + "description": "Nodes with Secure Boot Disabled", + "rationale": "The Secure Boot feature should be enabled for GKE cluster nodes in order to protect them against malware and rootkits. Secure Boot helps ensure that the system runs only authentic software by verifying the digital signature of all boot components, and halting the boot process if the signature verification fails.", + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster", + "https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes" + ], + "dashboard_name": "Clusters", + "display_path": "kubernetesengine.projects.id.clusters.id", + "path": "kubernetesengine.projects.id.clusters.id.node_pools.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.node_pools.id.secure_boot_enabled", + "false", + "" + ] + ], + "id_suffix": "secure_boot_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-private-nodes-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-private-nodes-disabled.json new file mode 100644 index 000000000..cad008ad9 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-private-nodes-disabled.json @@ -0,0 +1,33 @@ +{ + "description": "Private Cluster Nodes Disabled", + "rationale": "Private Nodes are nodes with no public IP addresses. Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.15" + }, + { + "name": "CIS GKE Benchmark", + "version": "1.0.0", + "reference": "6.6.5" + } + ], + "references": [ + "https://www.cisecurity.org/benchmark/kubernetes/", + "https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_network_access_to_the_control_plane_and_nodes", + "https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default_values_on", + "https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.private_nodes_enabled", + "false", + "" + ] + ], + "id_suffix": "private_nodes_enabled" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-scopes-not-limited.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-scopes-not-limited.json new file mode 100644 index 000000000..d8e709582 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-scopes-not-limited.json @@ -0,0 +1,25 @@ +{ + "description": "Lack of Access Scope Limitation", + "rationale": "If you are not creating a separate service account for your nodes, you should limit the scopes of the node service account to reduce the oportunity for privilege escalation. This ensures that the default service account does not have permissions beyond those necessary to run your cluster. While the default scopes are limited, they may include scopes beyond the minimally required ones needed to run your cluster. If you are accessing private images in Google Container Registry, the minimally required scopes are only logging.write, monitoring, and devstorage.read_only.", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.0.0", + "reference": "7.18" + } + ], + "references": [ + "https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes" + ], + "dashboard_name": "Clusters", + "path": "kubernetesengine.projects.id.clusters.id", + "conditions": [ + "and", + [ + "kubernetesengine.projects.id.clusters.id.has_limited_scopes", + "false", + "" + ] + ], + "id_suffix": "scopes_not_limited" +} diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json new file mode 100644 index 000000000..4b0d72a96 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json @@ -0,0 +1,28 @@ +{ + "description": "Diagnostic Setting Does Not Exist", + "rationale": "A diagnostic setting controls how a diagnostic log is exported. By default, logs are retained only for 90 days. Diagnostic settings should be defined so that logs can be exported and stored for a longer duration in order to analyze security activities within an Azure subscription.", + "remediation": "In the Azure console:
    1. Go to Diagnostic settings
    2. Click on Add diagnostic setting.
    4. Add rules to allow traffic from specific network.
      5. Configure the setting including the export location (This may be Log Analytics/Storage account or Event Hub)
    5. Click on Save
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.1" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" + ], + "dashboard_name": "Diagnostic Settings", + "path": "loggingmonitoring.subscriptions.id.diagnostic_settings.id", + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.diagnostic_settings.id.diagnostic_exist", + "false", + "" + ] + ], + "id_suffix": "diagnostic_exist" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json new file mode 100644 index 000000000..6bd4127c2 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json @@ -0,0 +1,35 @@ +{ + "description": "Activity Log Alert Does Not Exist For Create Policy Assignment", + "rationale": "Monitoring for \"Create Policy Assignment\" events gives insight into changes done in \"azure policy -assignments\" and can reduce the time it takes to detect unsolicited changes.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.2.1" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id.create_policy_assignment_exist", + "null", + "" + ] + ], + "id_suffix": "create_policy_assignment_exist" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json new file mode 100644 index 000000000..49677b50f --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json @@ -0,0 +1,41 @@ +{ + "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "rationale": "Monitoring for \"_ARG_0_\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "_ARG_1_" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "null", + "" + ] + ], + "id_suffix": "_ARG_2_", + "key": "_ARG_2_", + "arg_names": [ + "Event", + "Associated CIS rule", + "Dictionary Value" + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json new file mode 100644 index 000000000..5349eb7de --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json @@ -0,0 +1,41 @@ +{ + "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "rationale": "Monitoring for \"_ARG_0_\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", + "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "_ARG_1_" + } + ], + "references": [ + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Alert Rules", + "path": "loggingmonitoring.subscriptions.id.log_alerts.id", + "conditions": [ + "or", + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "false", + "" + ], + [ + "loggingmonitoring.subscriptions.id.log_alerts.id._ARG_2_", + "null", + "" + ] + ], + "id_suffix": "_ARG_2_", + "key": "_ARG_2_", + "arg_names": [ + "Event", + "Associated CIS rule", + "Dictionary Value" + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json new file mode 100644 index 000000000..4823f8b89 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json @@ -0,0 +1,27 @@ +{ + "description": "Logging For Azure Key Vault Is Disabled", + "rationale": "Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.", + "remediation": "Follow Microsoft Azure documentation and setup Azure Key Vault Logging.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.5" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Key Vaults", + "path": "loggingmonitoring.subscriptions.id.resources_logging.id" , + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.resources_logging.id.diagnostic_key_vault.audit_event_enabled", + "false", + "" + ] + ], + "id_suffix": "diagnostic_key_vault_audit_event_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json new file mode 100644 index 000000000..9ec1e3d1c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json @@ -0,0 +1,27 @@ +{ + "description": "Audit Profile Does Not Capture All Activities", + "rationale": "A log profile controls how the activity log is exported. Configuring the log profile to collect logs for the categories \"write\", \"delete\" and \"action\" ensures that all the control/management plane activities performed on the subscription are exported.", + "remediation": "On Azure portal there is no provision to check or set categories.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "5.1.2" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "Profile", + "path": "loggingmonitoring.subscriptions.id.log_profiles.id" , + "conditions": [ + "and", + [ + "loggingmonitoring.subscriptions.id.log_profiles.id.captures_all_activities", + "false", + "" + ] + ], + "id_suffix": "captures_all_activities" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json new file mode 100755 index 000000000..b75e339d5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json @@ -0,0 +1,19 @@ +{ + "description": "Unrestricted Cluster Network Access", + "rationale": "Unrestricted cluster networks allow any compromised pod to interact with any other pods.", + "references": [ + "https://kubernetes.io/docs/concepts/cluster-administration/networking/", + "https://kubernetes.io/docs/concepts/services-networking/network-policies/" + ], + "dashboard_name": "Network Policies", + "path": "network_policy", + "display_path": "network_policy.v1.id", + "conditions": [ + "or", + [ + "network_policy.v1_count", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json new file mode 100755 index 000000000..58d23886e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json @@ -0,0 +1,29 @@ +{ + "description": "Unrestricted Cluster Network Egress", + "rationale": "Unrestricted cluster egress controls allow any compromised pod to interact with any other pods.", + "references": [ + "https://kubernetes.io/docs/concepts/cluster-administration/networking/", + "https://kubernetes.io/docs/concepts/services-networking/network-policies/" + ], + "dashboard_name": "Network Policies", + "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.data", + "display_path": "network_policy.v1-networking-k8s-io.id", + "conditions": [ + "and", + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress", + "notNull", + "" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.ports", + "null", + "" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.to", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json new file mode 100755 index 000000000..1b15562b8 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json @@ -0,0 +1,50 @@ +{ + "description": "Unrestricted Cluster Network Ingress", + "rationale": "Unrestricted cluster ingress controls allow any compromised pod to interact with any other pods.", + "references": [ + "https://kubernetes.io/docs/concepts/cluster-administration/networking/", + "https://kubernetes.io/docs/concepts/services-networking/network-policies/" + ], + "dashboard_name": "Network Policies", + "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec", + "display_path": "network_policy.v1-networking-k8s-io.id", + "conditions": [ + "or", + [ + "and", + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec", + "withKey", + "policy_types" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.policy_types", + "notNull", + "" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.policy_types", + "notContainString", + "Ingress" + ] + ], + [ + "and", + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress", + "notNull", + "" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress.id.ports", + "null", + "" + ], + [ + "network_policy.v1-networking-k8s-io.resources.id.data.spec.ingress.id.from", + "null", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json new file mode 100644 index 000000000..32e194ff3 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id", + "display_path": "pod.v1.id", + "conditions": [ + "or", + [ + "pod.v1.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "pod.v1.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json new file mode 100755 index 000000000..51c06ddb0 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id", + "display_path": "pod.v1.id", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "pod.v1.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..6a64aec53 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..10b0c56ad --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json new file mode 100644 index 000000000..b33de2f3a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "pod.v1.resources.id.data.spec.securityContext", + "notNull", + "" + ], + [ + "pod.v1.resources.id.data.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json new file mode 100644 index 000000000..2b588aecf --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "pod.v1.resources.id.data.spec.securityContext", + "notNull", + "" + ], + [ + "pod.v1.resources.id.data.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..ea7382d80 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json new file mode 100644 index 000000000..38a40d448 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "pod.v1.resources.id.data.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json new file mode 100644 index 000000000..bbaaee9eb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json @@ -0,0 +1,24 @@ +{ + "description": "Helm/Tiller in Use", + "rationale": "Helm 2 and Tiller have been deprecated since 2020.", + "references": [ + "https://helm.sh/blog/helm-v2-deprecation-timeline/", + "https://github.com/markround/tiller#status" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id", + "display_path": "pod.v1.id", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.name", + "containString", + "tiller" + ], + [ + "pod.v1.resources.id.data.name", + "containString", + "tiller-deploy" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json new file mode 100644 index 000000000..e9c69f920 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "Pods Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec", + "display_path": "pod.v1.id", + "conditions": [ + "and", + [ + "pod.v1.resources.id.data.spec", + "withKey", + "host_ipc" + ], + [ + "pod.v1.resources.id.data.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json new file mode 100644 index 000000000..5af4a3257 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "Pods Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec", + "display_path": "pod.v1.id", + "conditions": [ + "and", + [ + "pod.v1.resources.id.data.spec", + "withKey", + "host_network" + ], + [ + "host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json new file mode 100644 index 000000000..99fdac799 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "Pods Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec", + "display_path": "pod.v1.id", + "conditions": [ + "and", + [ + "pod.v1.resources.id.data.spec", + "withKey", + "host_pid" + ], + [ + "pod.v1.resources.id.data.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..8a08a634c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json @@ -0,0 +1,60 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "hardening_required", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json new file mode 100644 index 000000000..49de6a7ac --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary. privileged should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "conditions": [ + "and", + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..7d450dec7 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json new file mode 100644 index 000000000..7a861c12d --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json @@ -0,0 +1,38 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits.cpu", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..66e870812 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Pods", + "path": "pod.v1.resources.id.data.spec.containers.id", + "display_path": "pod.v1.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "pod.v1.resources.id.data.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json new file mode 100644 index 000000000..ff21e45d1 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1-apps.resources.id", + "display_path": "pod_template.v1-apps.id", + "conditions": [ + "or", + [ + "pod_template.v1-apps.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "pod_template.v1-apps.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json new file mode 100755 index 000000000..054054aad --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id", + "display_path": "pod_template.v1.id", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "pod_template.v1.resources.id.data.sspec.automountServiceAccountToken", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.sspec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..1b10764b5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..b1ec47a12 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json new file mode 100644 index 000000000..431d6c5ff --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json new file mode 100644 index 000000000..8894466bb --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..ae121c56b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json new file mode 100644 index 000000000..fc79c1cc6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json new file mode 100644 index 000000000..f3ae827b7 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "PodTemplates Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec", + "display_path": "pod_template.v1.id", + "conditions": [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json new file mode 100644 index 000000000..0d4039e88 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "PodTemplates Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec", + "display_path": "pod_template.v1.id", + "conditions": [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json new file mode 100644 index 000000000..4d00be918 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "PodTemplates Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec", + "display_path": "pod_template.v1.id", + "conditions": [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json new file mode 100644 index 000000000..55c70562f --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "conditions": [ + "and", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..7890dd4de --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json new file mode 100644 index 000000000..bc781bf1e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json @@ -0,0 +1,38 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "Pods", + "path": "pod_template.v1.resources.id.data.spec.containers.id", + "display_path": "pod_template.v1.id", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "pod_template.v1.resources.id.data.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "pod_template.v1.resources.id.data.spec.containers.id.resources.limits.cpu", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..012634e99 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "PodTemplates", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", + "display_path": "pod_template.v1.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "pod_template.v1.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/rbac-dangerous-grants.json b/ScoutSuite/providers/kubernetes/rules/findings/rbac-dangerous-grants.json new file mode 100644 index 000000000..94ac60789 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/rbac-dangerous-grants.json @@ -0,0 +1,17 @@ +{ + "description": "Dangerous Grants in Role-based Access Control (RBAC) Definition", + "rationale": "Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the dangerous grants under RBAC.", + "references": [ + "https://kubernetes.io/docs/reference/access-authn-authz/rbac/" + ], + "dashboard_name": "RBAC grants", + "path": "rbac.dangerous_grants", + "conditions": [ + "not", + [ + "rbac.dangerous_grants_count", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/rbac-dodgy-subjects.json b/ScoutSuite/providers/kubernetes/rules/findings/rbac-dodgy-subjects.json new file mode 100644 index 000000000..5759c1f76 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/rbac-dodgy-subjects.json @@ -0,0 +1,17 @@ +{ + "description": "Dodgy Subkects in Role-based Access Control (RBAC) Definition", + "rationale": "Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the dodgy subjects under RBAC.", + "references": [ + "https://kubernetes.io/docs/reference/access-authn-authz/rbac/" + ], + "dashboard_name": "RBAC subjects", + "path": "rbac.dodgy_subjects", + "conditions": [ + "not", + [ + "rbac.dodgy_subjects_count", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/rbac-permissive-bindings.json b/ScoutSuite/providers/kubernetes/rules/findings/rbac-permissive-bindings.json new file mode 100644 index 000000000..2b8699458 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/rbac-permissive-bindings.json @@ -0,0 +1,17 @@ +{ + "description": "Permissive Bindings in Role-based Access Control (RBAC) Definition", + "rationale": "Insufficient RBAC restrictions could enable unauthorized privilege escalation. The administrator should review the permissive bindings under RBAC.", + "references": [ + "https://kubernetes.io/docs/reference/access-authn-authz/rbac/" + ], + "dashboard_name": "RBAC bindings", + "path": "rbac.permissive_bindings", + "conditions": [ + "not", + [ + "rbac.permissive_bindings_count", + "equal", + "0" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json new file mode 100644 index 000000000..9c589cc7c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "replica_set.v1-apps.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json new file mode 100755 index 000000000..d81f9b1ec --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..75a893367 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..11fd1a485 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json new file mode 100644 index 000000000..2fcb684e5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json new file mode 100644 index 000000000..85d7fdffe --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..e6fd0dd88 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json new file mode 100644 index 000000000..1377c35dc --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json new file mode 100644 index 000000000..599978d3b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "ReplicaSets Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json new file mode 100644 index 000000000..920ab7aa0 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "ReplicaSets Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json new file mode 100644 index 000000000..757638c0b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "ReplicaSets Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..4bef33ebc --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json @@ -0,0 +1,59 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json new file mode 100644 index 000000000..d2b9ab3b5 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "and", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..c8779e736 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json new file mode 100644 index 000000000..1cd63180b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json @@ -0,0 +1,33 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "display_path": "replica_set.v1-apps.id", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..a6152eb8c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "ReplicaSets", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "replica_set.v1-apps.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json b/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json new file mode 100644 index 000000000..1c1b0dc54 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json @@ -0,0 +1,24 @@ +{ + "description": "Helm/Tiller in Use", + "rationale": "Helm 2 and Tiller have been deprecated since 2020.", + "references": [ + "https://helm.sh/blog/helm-v2-deprecation-timeline/", + "https://github.com/markround/tiller#status" + ], + "dashboard_name": "Services", + "path": "service.v1.resources.id", + "display_path": "service.v1.id", + "conditions": [ + "or", + [ + "service.v1.resources.id.data.name", + "containString", + "tiller" + ], + [ + "service.v1.resources.id.data.name", + "containString", + "tiller-deploy" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json new file mode 100755 index 000000000..27794872c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "Service Accounts", + "path": "service_account.v1.resources.id", + "display_path": "service_account.v1.id", + "conditions": [ + "or", + [ + "service_account.v1.resources.id.data", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "service_account.v1.resources.id.data.automountServiceAccountToken", + "null", + "" + ], + [ + "service_account.v1.resources.id.data.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json new file mode 100644 index 000000000..99ce1d9ab --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json @@ -0,0 +1,23 @@ +{ + "description": "AppArmor Annotation Missing", + "rationale": "The container.apparmor.security.beta.kubernetes.io annotation is missing. A compromised container with AppArmor disabled makes privilege escalation easier.", + "references": [ + "https://kubernetes.io/docs/tutorials/security/apparmor/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.metadata", + "withoutKey", + "annotations" + ], + [ + "stateful_set.v1-apps.resources.id.metadata.annotations", + "withoutKey", + "container.apparmor.security.beta.kubernetes.io" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json new file mode 100755 index 000000000..f333bb52d --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json @@ -0,0 +1,28 @@ +{ + "description": "Automounted Service Account Token", + "rationale": "Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec", + "withoutKey", + "automountServiceAccountToken" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.automountServiceAccountToken", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json new file mode 100644 index 000000000..81e8056f6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json @@ -0,0 +1,36 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Ability to Modify Root Filesystem", + "rationale": "Root filesystems should be read-only where possible.", + "remediation": "spec.template.spec.(c|initC|ephemeralC)ontainers[].securityContext.readOnlyRootFilesystem should be explicitly set to true for the affected containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "readOnlyRootFilesystem", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json new file mode 100644 index 000000000..e5362227b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json @@ -0,0 +1,35 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Allowing Privilege Escalation", + "rationale": "A container should disallow privilege escalation where possible. allowPrivilegeEscalation should be explicitly set to false.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "allowPrivilegeEscalation", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "true", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json new file mode 100644 index 000000000..5870ad30f --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "runAsGroup", + "conditions": [ + "or", + [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsGroup", + "equal", + "0" + ] + ], + [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsGroup", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json new file mode 100644 index 000000000..a552c8e66 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "rationale": "Where possible, runAsUser should be set to a value greater than 0.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "runAsUser", + "conditions": [ + "or", + [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext", + "notNull", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsUser", + "equal", + "0" + ] + ], + [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsUser", + "equal", + "0" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json new file mode 100644 index 000000000..a88a23299 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json @@ -0,0 +1,40 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "rationale": "A container should drop all and add the necessary capabilities by default.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "capabilities.drop", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json new file mode 100644 index 000000000..a6dc8505e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json @@ -0,0 +1,41 @@ +{ + "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "runAsNonRoot", + "conditions": [ + "and", + [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.securityContext.runAsNonRoot", + "false", + "" + ] + ], + [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.runAsNonRoot", + "false", + "" + ] + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json new file mode 100644 index 000000000..aaa62581c --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json @@ -0,0 +1,24 @@ +{ + "description": "StatefulSets Using Host IPC", + "rationale": "A compromised pod with hostIPC set to true in PodSpec can be used as a pivot to the host IPC.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_ipc" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.host_ipc", + "true", + "" + ] + ], + "id_suffix": "host_ipc" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json new file mode 100644 index 000000000..5204e5513 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json @@ -0,0 +1,24 @@ +{ + "description": "StatefulSets Using Host Networking", + "rationale": "A compromised pod with hostNetwork set to true in PodSpec can be used as a pivot to the host network.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_network" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.host_network", + "true", + "" + ] + ], + "id_suffix": "host_network" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json new file mode 100644 index 000000000..98fc47f39 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json @@ -0,0 +1,24 @@ +{ + "description": "StatefulSets Using Host PID", + "rationale": "A compromised pod with hostPID set to true in PodSpec can be used as a pivot to the host PID.", + "references": [ + "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec", + "withKey", + "host_pid" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.host_pid", + "true", + "" + ] + ], + "id_suffix": "host_pid" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json new file mode 100644 index 000000000..9ea63fa8f --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json @@ -0,0 +1,59 @@ +{ + "description": "Kubernetes Container/InitContainer/EphemeralContainer Manifest Hardening", + "rationale": "Several security options in the affected resources could be enabled to harden assocated containers.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://www.cisecurity.org/benchmark/docker/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "withoutKey", + "securityContext" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "allowPrivilegeEscalation" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "readOnlyRootFilesystem" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "withoutKey", + "capabilities" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.allowPrivilegeEscalation", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.readOnlyRootFilesystem", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.capabilities.drop", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json new file mode 100644 index 000000000..35d02c99a --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json @@ -0,0 +1,24 @@ +{ + "description": "Privileged Container/InitContainer/EphemeralContainer Running", + "rationale": "Access to privileged container may result in privilege escalation. Administrators are encouraged to remove the privileged status of a pod if unncessary.", + "references": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "and", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext", + "notNull", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.securityContext.privileged", + "true", + "" + ] + ], + "id_suffix": "privileged" +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json new file mode 100644 index 000000000..e4b0c7f1b --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined CPU Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "cpu", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.cpu", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json new file mode 100644 index 000000000..8d53ce65e --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json @@ -0,0 +1,33 @@ +{ + "description": "Resources Without Defined Limits", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "display_path": "stateful_set.v1-apps.id", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", + "withoutKey", + "limits" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "cpu" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json new file mode 100644 index 000000000..3abe22e34 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json @@ -0,0 +1,29 @@ +{ + "description": "Resources Without Defined Memory Limit", + "rationale": "Unset resource limits could result in service denial through resource exhaustion.", + "references": [ + "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + ], + "dashboard_name": "StatefulSets", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", + "display_path": "stateful_set.v1-apps.id", + "id_suffix": "memory", + "conditions": [ + "or", + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "null", + "" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits", + "withoutKey", + "memory" + ], + [ + "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources.limits.memory", + "null", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json b/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json new file mode 100755 index 000000000..af6292ce4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json @@ -0,0 +1,870 @@ +{ + "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", + "rules": { + "configmap-unnecessary-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-diagnostic-setting-does-not-exist.json": [ + { + "enabled": false, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-create-policy-assignment.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-nsg.json": [ + { + "args": [ + "Create/Update Network Security Group", + "5.2.2", + "create_update_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group", + "5.2.3", + "delete_NSG_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update Network Security Group Rule", + "5.2.4", + "create_update_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Network Security Group Rule", + "5.2.5", + "delete_NSG_rule_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Create/Update/Delete SQL Server Firewall Rule", + "5.2.8", + "create_delete_firewall_rule_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-log-alert-not-exist-security-solution.json": [ + { + "args": [ + "Create/Update Security Solution", + "5.2.6", + "create_update_security_solution_exist" + ], + "enabled": true, + "level": "warning" + }, + { + "args": [ + "Delete Security Solution", + "5.2.7", + "delete_security_solution_exist" + ], + "enabled": true, + "level": "warning" + } + ], + "logging-monitoring-logging-key-vault-disabled.json": [ + { + "enabled": false, + "level": "warning" + } + ], + "logging-monitoring-profile-does-not-capture-all-activities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networkpolicy-unrestricted-cluster-network-access.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-egress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-ingress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dangerous-grants.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dodgy-subjects.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-permissive-bindings.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "service-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "serviceaccount-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/default.json b/ScoutSuite/providers/kubernetes/rules/rulesets/default.json new file mode 100755 index 000000000..be785eca6 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/default.json @@ -0,0 +1,779 @@ +{ + "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", + "rules": { + "configmap-unnecessary-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networkpolicy-unrestricted-cluster-network-access.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-egress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-ingress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dangerous-grants.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dodgy-subjects.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-permissive-bindings.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "service-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "serviceaccount-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json b/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json new file mode 100755 index 000000000..98c3fbaa4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json @@ -0,0 +1,797 @@ +{ + "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", + "rules": { + "configmap-unnecessary-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "eks-insufficient-control-plane-logging.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "eks-kms-encryption-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "eks-publically-accessible-apiserver.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networkpolicy-unrestricted-cluster-network-access.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-egress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-ingress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dangerous-grants.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dodgy-subjects.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-permissive-bindings.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "service-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "serviceaccount-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/filters.json b/ScoutSuite/providers/kubernetes/rules/rulesets/filters.json new file mode 100755 index 000000000..d6a73a987 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/filters.json @@ -0,0 +1,4 @@ +{ + "about": "Default set of filters for Scout", + "rules": {} +} diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json b/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json new file mode 100755 index 000000000..0a308b1e4 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json @@ -0,0 +1,947 @@ +{ + "about": "This ruleset consists of numerous rules that are considered standard by NCC Group. The rules enabled range from violations of well-known security best practices to gaps resulting from less-known security implications of provider-specific mechanisms. Additional rules exist, some of them requiring extra-parameters to be configured, and some of them being applicable to a limited number of users.", + "rules": { + "configmap-unnecessary-secrets.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "cron-job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "cron-job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "daemonset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "daemonset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "deployment-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "deployment-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "job-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "job-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-basic-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-certificate-authentication-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-alias-ip-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-application-layer-encryption-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-binary-authorization-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-has-no-labels.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-logging-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-master-authorized-networks-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-metadata-server-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-monitoring-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-network-policy-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-pod-security-policy-config-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-private-endpoint-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-private-google-access-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-release-channel.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-shielded-nodes-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-cluster-workload-identity-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-dashboard-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-default-service-account-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-abac-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-legacy-metadata-endpoints-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-repair-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-auto-upgrade-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-container-optimized-os-not-used.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-integrity-monitoring-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-node-secure-boot-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-private-nodes-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetesengine-scopes-not-limited.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networkpolicy-unrestricted-cluster-network-access.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-egress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networkpolicy-unrestricted-cluster-network-ingress.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "pod-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "pod-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "podtemplate-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "podtemplate-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dangerous-grants.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-dodgy-subjects.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "rbac-permissive-bindings.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "replicaset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "replicaset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "service-helm-tiller-in-use.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "serviceaccount-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-apparmor-annotation-missing.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-automounted-service-account-token.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-ability-to-modify-root-filesystem.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-allowing-privilege-escalation.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-running-as-root-group.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-running-as-root-user.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-container-with-overly-permissive-capabilities.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-container-with-possible-root-privileges.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-host-ipc-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-network-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-host-pid-true.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-privileged-container-running.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "statefulset-resources-without-defined-cpu-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-limits.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "statefulset-resources-without-defined-memory-limit.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/services.py b/ScoutSuite/providers/kubernetes/services.py new file mode 100755 index 000000000..e4db2be20 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/services.py @@ -0,0 +1,53 @@ +from ScoutSuite.providers.azure.facade.base import AzureFacade +from ScoutSuite.providers.base.services import BaseServicesConfig +from ScoutSuite.providers.gcp.facade.base import GCPFacade +from ScoutSuite.providers.kubernetes.authentication_strategy import ClusterProvider, KubernetesCredentials +from ScoutSuite.providers.kubernetes.facade import KubernetesFacade +from ScoutSuite.providers.kubernetes.resources.aks import AKS +from ScoutSuite.providers.kubernetes.resources.base import KubernetesResources +from ScoutSuite.providers.kubernetes.resources.eks import EKS +from ScoutSuite.providers.kubernetes.resources.gke import GKE +from ScoutSuite.providers.kubernetes.resources.workload import Workload +from ScoutSuite.providers.kubernetes.resources.fake_network_policy import FakeNetworkPolicy +from ScoutSuite.providers.kubernetes.resources.rbac import RBAC +from ScoutSuite.providers.kubernetes.resources.version import KubernetesVersions +from ScoutSuite.providers.kubernetes.utils import format_resource_kind + +class KubernetesServicesConfig(BaseServicesConfig): + """Object that holds the necessary Kubernetes configuration for all services in scope.""" + + def __init__(self, credentials: KubernetesCredentials): + super().__init__(credentials) + + if credentials.fetch_local: return + + facade = KubernetesFacade(credentials) + + facade.version.get_versions() # this is here to make sure the cluster is up and running + self.version = KubernetesVersions(facade) + + core_resources = facade.core.get_resources() + for name in core_resources: + _resource = core_resources[name] + setattr(self, format_resource_kind(name), KubernetesResources(_resource)) + + extra_resources = facade.extra.get_resources() + for name in extra_resources: + _resource = extra_resources[name] + setattr(self, format_resource_kind(name), KubernetesResources(_resource)) + + self.rbac = RBAC(facade) + self.workload = Workload(facade) + + if not hasattr(self, 'network_policy'): + self.network_policy = FakeNetworkPolicy(facade) + + if credentials.cluster_provider == ClusterProvider.AKS.value: + self.loggingmonitoring = AKS(AzureFacade(credentials.azure)) + elif credentials.cluster_provider == ClusterProvider.EKS.value: + self.eks = EKS(facade) + elif credentials.cluster_provider == ClusterProvider.GKE.value: + self.kubernetesengine = GKE(GCPFacade(credentials.gcp.default_project_id)) + + def _is_provider(self, provider_name): + return provider_name == 'kubernetes' \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/utils.py b/ScoutSuite/providers/kubernetes/utils.py new file mode 100644 index 000000000..2915a4ae3 --- /dev/null +++ b/ScoutSuite/providers/kubernetes/utils.py @@ -0,0 +1,23 @@ +from re import sub + + +def format_resource_kind(kind: str): + return (kind[0] + sub('([A-Z])', '_\\1', kind[1:])).lower() + +def format_api_version(api_version: str): + parts = api_version.split('/') + if len(parts) < 2: + return api_version + formatted_version = f'''{parts[1]}-{parts[0]}'''.replace('.', '-') + return formatted_version + +def format_resource_name(name: str): + if not name: return '' + return sub('[^a-zA-Z0-9]', '-', name) + +def format_resource_id(name: str, namespace: str = ''): + formatted_id = format_resource_name(name) + if namespace: + formatted_ns = format_resource_name(namespace) + formatted_id = f'--{formatted_ns}--{formatted_id}' + return formatted_id \ No newline at end of file diff --git a/ScoutSuite/utils.py b/ScoutSuite/utils.py index 5109bfe00..3965e717b 100755 --- a/ScoutSuite/utils.py +++ b/ScoutSuite/utils.py @@ -6,7 +6,8 @@ 'aws': 'AWS', 'azure': 'Azure', 'gcp': 'GCP', - 'oci': 'OCI' + 'oci': 'OCI', + 'kubernetes': 'Kubernetes' } formatted_service_name = { @@ -37,7 +38,6 @@ 'ssm': 'Systems Manager', # Azure 'aad': 'Azure Active Directory', - 'rbac': 'Azure RBAC', 'storageaccounts': 'Storage Accounts', 'sqldatabase': 'SQL Database', 'securitycenter': 'Security Center', diff --git a/requirements.txt b/requirements.txt index 57362215e..2a60d8fdd 100755 --- a/requirements.txt +++ b/requirements.txt @@ -64,3 +64,5 @@ oss2>=2.8.0 # Oracle Cloud Infrastructure Provider oci>=2.2.4 +# Kubernetes SDK +kubernetes \ No newline at end of file diff --git a/tools/format_findings.py b/tools/format_findings.py index d0ee2ab29..b8641ddcf 100644 --- a/tools/format_findings.py +++ b/tools/format_findings.py @@ -81,7 +81,7 @@ def format_folder(folder_path): else: format_folder(args.folder) else: - provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci'] + provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci', 'kubernetes'] for provider_code in provider_codes: current_file_dirname = os.path.dirname(__file__) diff --git a/tools/process_raw_response.py b/tools/process_raw_response.py index 117f9f845..eec1a5c51 100755 --- a/tools/process_raw_response.py +++ b/tools/process_raw_response.py @@ -52,7 +52,7 @@ def camel_to_snake(name, upper=False): parser.add_argument('-v', '--value', required=True, help="The raw response") args = parser.parse_args() - if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci']: + if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'kubernetes']: # TODO support more providers print('Provider not implemented') exit() @@ -79,6 +79,9 @@ def camel_to_snake(name, upper=False): elif args.provider == 'oci': object_format = 'raw_{}.{}' object_value_dict = json.loads(args.value) + elif args.provider == 'kubernetes': + object_format = 'raw_{}.{}' + object_value_dict = json.loads(args.value) parsed_html = '' diff --git a/tools/sort-ruleset.py b/tools/sort-ruleset.py index c130ad839..c65d95d2c 100755 --- a/tools/sort-ruleset.py +++ b/tools/sort-ruleset.py @@ -48,7 +48,7 @@ def format_folder(folder_path): else: format_folder(args.folder) else: - provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci'] + provider_codes = ['aliyun', 'aws', 'azure', 'gcp', 'oci', 'kubernetes'] for provider_code in provider_codes: current_file_dirname = os.path.dirname(__file__) From 5e1fdf88c4b20afba21ea6e6f07f3e52de084a1c Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Fri, 23 Sep 2022 20:36:13 -0400 Subject: [PATCH 869/979] restructured the way docker is handled --- docker/.env | 2 +- docker/Dockerfile | 56 +-------- docker/Dockerfile-aws | 39 +++++++ docker/Dockerfile-azure | 39 +++++++ docker/Dockerfile-base | 45 ++++++++ docker/Dockerfile-gcp | 39 +++++++ docker/bin/container-install-prereqs.sh | 8 +- docker/build.sh | 144 ++++++++++++++++++++---- docker/config/aws.env | 6 + docker/config/azure.env | 6 + docker/config/{build.env => base.env} | 8 +- docker/config/gcp.env | 6 + docker/config/ibm.env | 7 ++ docker/docker-compose.yaml | 4 +- docker/tag.sh | 22 ++++ 15 files changed, 346 insertions(+), 85 deletions(-) mode change 100644 => 120000 docker/Dockerfile create mode 100644 docker/Dockerfile-aws create mode 100644 docker/Dockerfile-azure create mode 100644 docker/Dockerfile-base create mode 100644 docker/Dockerfile-gcp create mode 100644 docker/config/aws.env create mode 100644 docker/config/azure.env rename docker/config/{build.env => base.env} (78%) create mode 100644 docker/config/gcp.env create mode 100644 docker/config/ibm.env create mode 100755 docker/tag.sh diff --git a/docker/.env b/docker/.env index eedf83312..adb6df087 120000 --- a/docker/.env +++ b/docker/.env @@ -1 +1 @@ -config/build.env \ No newline at end of file +config/base.env \ No newline at end of file diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 9c49bcc40..000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -FROM python:3.8 - -LABEL maintainer="Jason Ross " - -ARG BUILD_DATE -ARG NAME -ARG DESCRIPTION -ARG VCS_REF -ARG VCS_URL -ARG VENDOR -ARG VERSION -ARG IMAGE_NAME - -ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} -ENV TERM=${TERM} -ENV IBMCLOUD_COLOR=${IBMCLOUD_COLOR} - -# Build-time metadata as defined at http://label-schema.org -LABEL \ - org.label-schema.schema-version="1.0" \ - org.label-schema.build-date="${BUILD_DATE}" \ - org.label-schema.name="${NAME}" \ - org.label-schema.description="${DESCRIPTION}" \ - org.label-schema.vcs-ref="${VCS_REF}" \ - org.label-schema.vcs-url="${VCS_URL}" \ - org.label-schema.vendor="${VENDOR}" \ - org.label-schema.version="${VERSION}" \ - org.label.image-name="${IMAGE_NAME}" - -# Copy helper scripts to container -ADD bin /root/bin - -# Install required software -RUN ["/bin/bash", "-c", "/root/bin/container-install-prereqs.sh"] - -# Install AWS CLI -RUN ["/bin/bash", "-c", "/root/bin/container-install-aws2.sh"] - -# Install Azure CLI -RUN ["/bin/bash", "-c", "/root/bin/container-install-azure.sh"] - -# Install gCloud SDK -RUN ["/bin/bash", "-c", "/root/bin/container-install-gcp.sh"] - -# Install ScoutSuite -RUN ["/bin/bash", "-c", "/root/bin/container-install-scoutsuite.sh"] - -# Set a nice message -RUN ["/bin/bash", "-c", "/root/bin/container-set-init.sh"] - -# Remove scripts -RUN ["rm", "-rf", "/root/bin"] - -# Command -CMD ["/bin/bash"] diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 120000 index 000000000..b586e5c2b --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1 @@ +Dockerfile-base \ No newline at end of file diff --git a/docker/Dockerfile-aws b/docker/Dockerfile-aws new file mode 100644 index 000000000..0289feee4 --- /dev/null +++ b/docker/Dockerfile-aws @@ -0,0 +1,39 @@ +FROM nccgroup/scoutsuite-base:5.12.0-01 + +LABEL maintainer="Jason Ross " + +ARG BUILD_DATE +ARG NAME +ARG DESCRIPTION +ARG VCS_REF +ARG VCS_URL +ARG VENDOR +ARG VERSION +ARG IMAGE_NAME + +ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} +ENV TERM=${TERM} + +# Build-time metadata as defined at http://label-schema.org +LABEL \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.name="${NAME}" \ + org.label-schema.description="${DESCRIPTION}" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${VCS_URL}" \ + org.label-schema.vendor="${VENDOR}" \ + org.label-schema.version="${VERSION}" \ + org.label.image-name="${IMAGE_NAME}" + +# Copy helper scripts to container +ADD bin /root/bin + +# Install AWS CLI +RUN ["/bin/bash", "-c", "/root/bin/container-install-aws2.sh"] + +# Remove scripts +RUN ["rm", "-rf", "/root/bin"] + +# Command +CMD ["/bin/bash"] diff --git a/docker/Dockerfile-azure b/docker/Dockerfile-azure new file mode 100644 index 000000000..8ed1a11ea --- /dev/null +++ b/docker/Dockerfile-azure @@ -0,0 +1,39 @@ +FROM nccgroup/scoutsuite-base:5.12.0-01 + +LABEL maintainer="Jason Ross " + +ARG BUILD_DATE +ARG NAME +ARG DESCRIPTION +ARG VCS_REF +ARG VCS_URL +ARG VENDOR +ARG VERSION +ARG IMAGE_NAME + +ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} +ENV TERM=${TERM} + +# Build-time metadata as defined at http://label-schema.org +LABEL \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.name="${NAME}" \ + org.label-schema.description="${DESCRIPTION}" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${VCS_URL}" \ + org.label-schema.vendor="${VENDOR}" \ + org.label-schema.version="${VERSION}" \ + org.label.image-name="${IMAGE_NAME}" + +# Copy helper scripts to container +ADD bin /root/bin + +# Install Azure CLI +RUN ["/bin/bash", "-c", "/root/bin/container-install-azure.sh"] + +# Remove scripts +RUN ["rm", "-rf", "/root/bin"] + +# Command +CMD ["/bin/bash"] diff --git a/docker/Dockerfile-base b/docker/Dockerfile-base new file mode 100644 index 000000000..13ac913f9 --- /dev/null +++ b/docker/Dockerfile-base @@ -0,0 +1,45 @@ +FROM python:3.10 + +LABEL maintainer="Jason Ross " + +ARG BUILD_DATE +ARG NAME +ARG DESCRIPTION +ARG VCS_REF +ARG VCS_URL +ARG VENDOR +ARG VERSION +ARG IMAGE_NAME + +ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} +ENV TERM=${TERM} + +# Build-time metadata as defined at http://label-schema.org +LABEL \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.name="${NAME}" \ + org.label-schema.description="${DESCRIPTION}" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${VCS_URL}" \ + org.label-schema.vendor="${VENDOR}" \ + org.label-schema.version="${VERSION}" \ + org.label.image-name="${IMAGE_NAME}" + +# Copy helper scripts to container +ADD bin /root/bin + +# Install required software +RUN ["/bin/bash", "-c", "/root/bin/container-install-prereqs.sh"] + +# Install ScoutSuite +RUN ["/bin/bash", "-c", "/root/bin/container-install-scoutsuite.sh"] + +# Set a nice message +RUN ["/bin/bash", "-c", "/root/bin/container-set-init.sh"] + +# Remove scripts +RUN ["rm", "-rf", "/root/bin"] + +# Command +CMD ["/bin/bash"] diff --git a/docker/Dockerfile-gcp b/docker/Dockerfile-gcp new file mode 100644 index 000000000..823245c8c --- /dev/null +++ b/docker/Dockerfile-gcp @@ -0,0 +1,39 @@ +FROM nccgroup/scoutsuite-base:5.12.0-01 + +LABEL maintainer="Jason Ross " + +ARG BUILD_DATE +ARG NAME +ARG DESCRIPTION +ARG VCS_REF +ARG VCS_URL +ARG VENDOR +ARG VERSION +ARG IMAGE_NAME + +ENV DEBIAN_FRONTEND=${DEBIAN_FRONTEND} +ENV TERM=${TERM} + +# Build-time metadata as defined at http://label-schema.org +LABEL \ + org.label-schema.schema-version="1.0" \ + org.label-schema.build-date="${BUILD_DATE}" \ + org.label-schema.name="${NAME}" \ + org.label-schema.description="${DESCRIPTION}" \ + org.label-schema.vcs-ref="${VCS_REF}" \ + org.label-schema.vcs-url="${VCS_URL}" \ + org.label-schema.vendor="${VENDOR}" \ + org.label-schema.version="${VERSION}" \ + org.label.image-name="${IMAGE_NAME}" + +# Copy helper scripts to container +ADD bin /root/bin + +# Install gCloud SDK +RUN ["/bin/bash", "-c", "/root/bin/container-install-gcp.sh"] + +# Remove scripts +RUN ["rm", "-rf", "/root/bin"] + +# Command +CMD ["/bin/bash"] diff --git a/docker/bin/container-install-prereqs.sh b/docker/bin/container-install-prereqs.sh index af4173210..e73f4c2b3 100755 --- a/docker/bin/container-install-prereqs.sh +++ b/docker/bin/container-install-prereqs.sh @@ -29,13 +29,13 @@ apt-get install -qy \ less \ lsb-release \ nano \ - python3 \ - python3-pip \ + # python3 \ + # python3-pip \ tzdata \ unzip \ vim \ - virtualenv \ - virtualenvwrapper \ + # virtualenv \ + # virtualenvwrapper \ wget echo -e "\n\nSoftware Pre-reqs Installation Complete!\n\n" diff --git a/docker/build.sh b/docker/build.sh index 1ef82ac22..38f6df5c4 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -1,20 +1,126 @@ #!/bin/bash -echo -e "\n\nbuild running...\n" -source ./config/build.env - -BUILD_CMD="docker build \ --t ${IMAGE_NAME} \ --t ${IMAGE_NAME} \ ---build-arg BUILD_DATE=${BUILD_DATE} \ ---build-arg NAME=${NAME} \ ---build-arg VCS_REF=${VCS_REF} \ ---build-arg VCS_URL=${VCS_URL} \ ---build-arg VENDOR=${VENDOR} \ ---build-arg VERSION=${VERSION} \ ---build-arg IMAGE_NAME=${IMAGE_NAME} \ -." -# wtf. idk why this doesn't work -# --build-arg DESCRIPTION=\"${DESCRIPTION}\" \ - -echo -e "\n\nbuilding image using:\n${BUILD_CMD}" -exec ${BUILD_CMD} + +SEP1="==============================" +SEP2="------------------------------" + +echo -e "\n\n${SEP1}\n" +echo -e "\nBEGINNING BUILD...\n" + +case $1 in + + "base") + ##################### + #### BASE IMAGE #### + ##################### + echo -e "\n${SEP2}\nbuilding base image...\n" + source ./config/base.env + + BUILD_CMD="docker build \ + -f Dockerfile-base \ + -t ${IMAGE_NAME} \ + --build-arg BUILD_DATE=${BUILD_DATE} \ + --build-arg NAME=${NAME} \ + --build-arg VCS_REF=${VCS_REF} \ + --build-arg VCS_URL=${VCS_URL} \ + --build-arg VENDOR=${VENDOR} \ + --build-arg VERSION=${VERSION} \ + --build-arg IMAGE_NAME=${IMAGE_NAME} \ + ." + + echo -e "\n\nbuilding image using:\n${BUILD_CMD}" + exec ${BUILD_CMD} + echo -e "\nbase image build complete!\n${SEP2}\n" + ;; + + "aws") + ##################### + #### AWS IMAGE #### + ##################### + + echo -e "\n${SEP2}\nbuilding aws image...\n" + source ./config/base.env + source ./config/aws.env + + BUILD_CMD="docker build \ + -f Dockerfile-aws \ + -t ${IMAGE_NAME} \ + --build-arg BUILD_DATE=${BUILD_DATE} \ + --build-arg NAME=${NAME} \ + --build-arg VCS_REF=${VCS_REF} \ + --build-arg VCS_URL=${VCS_URL} \ + --build-arg VENDOR=${VENDOR} \ + --build-arg VERSION=${VERSION} \ + --build-arg IMAGE_NAME=${IMAGE_NAME} \ + ." + + echo -e "\n\nbuilding image using:\n${BUILD_CMD}" + exec ${BUILD_CMD} + echo -e "\naws image build complete!\n${SEP2}\n" + ;; + + "gcp") + ##################### + #### GCP IMAGE #### + ##################### + + echo -e "\n${SEP2}\nbuilding gcp image...\n" + source ./config/base.env + source ./config/gcp.env + + BUILD_CMD="docker build \ + -f Dockerfile-gcp \ + -t ${IMAGE_NAME} \ + --build-arg BUILD_DATE=${BUILD_DATE} \ + --build-arg NAME=${NAME} \ + --build-arg VCS_REF=${VCS_REF} \ + --build-arg VCS_URL=${VCS_URL} \ + --build-arg VENDOR=${VENDOR} \ + --build-arg VERSION=${VERSION} \ + --build-arg IMAGE_NAME=${IMAGE_NAME} \ + ." + + echo -e "\n\nbuilding image using:\n${BUILD_CMD}" + exec ${BUILD_CMD} + echo -e "\ngcp image build complete!\n${SEP2}\n" + ;; + + "azure") + ##################### + #### AZURE IMAGE #### + ##################### + echo -e "\n${SEP2}\nbuilding azure image...\n" + source ./config/base.env + source ./config/azure.env + + BUILD_CMD="docker build \ + -f Dockerfile-azure \ + -t ${IMAGE_NAME} \ + --build-arg BUILD_DATE=${BUILD_DATE} \ + --build-arg NAME=${NAME} \ + --build-arg VCS_REF=${VCS_REF} \ + --build-arg VCS_URL=${VCS_URL} \ + --build-arg VENDOR=${VENDOR} \ + --build-arg VERSION=${VERSION} \ + --build-arg IMAGE_NAME=${IMAGE_NAME} \ + ." + + echo -e "\n\nbuilding image using:\n${BUILD_CMD}" + exec ${BUILD_CMD} + ;; + + "all") + $0 base + $0 aws + $0 gcp + $0 azure + ;; + + *) + echo -e "\nUsage: $0 [base | aws | gcp | azure | all ]" + echo -e "Using default: base\n" + $0 base + ;; + +esac + +echo -e "\n${SEP1}\nBUILD COMPLETE!...\n" \ No newline at end of file diff --git a/docker/config/aws.env b/docker/config/aws.env new file mode 100644 index 000000000..4b346ec8a --- /dev/null +++ b/docker/config/aws.env @@ -0,0 +1,6 @@ +CLOUD='aws' +IMAGE_NAME="${VENDOR}/${NAME}-${CLOUD}:${VERSION}" + +# These are passed in as env vars to the container at runtime +DEBIAN_FRONTEND=noninteractive +TERM=linux \ No newline at end of file diff --git a/docker/config/azure.env b/docker/config/azure.env new file mode 100644 index 000000000..aa19957c8 --- /dev/null +++ b/docker/config/azure.env @@ -0,0 +1,6 @@ +CLOUD='azure' +IMAGE_NAME="${VENDOR}/${NAME}-${CLOUD}:${VERSION}" + +# These are passed in as env vars to the container at runtime +DEBIAN_FRONTEND=noninteractive +TERM=linux \ No newline at end of file diff --git a/docker/config/build.env b/docker/config/base.env similarity index 78% rename from docker/config/build.env rename to docker/config/base.env index cd22fe07a..98ef442ac 100644 --- a/docker/config/build.env +++ b/docker/config/base.env @@ -1,13 +1,13 @@ VCS_REF=$(git rev-parse --short HEAD) VCS_URL='https://github.com/nccgroup/ScoutSuite' -VERSION='0.3.0' +VERSION='5.12.0-01' BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") VENDOR='nccgroup' NAME='scoutsuite' +CLOUD='base' DESCRIPTION='A ready-to-go NCC Group ScoutSuite container based on Ubuntu.' -IMAGE_NAME="${VENDOR}/${NAME}:${VERSION}" +IMAGE_NAME="${VENDOR}/${NAME}-${CLOUD}:${VERSION}" # These are passed in as env vars to the container at runtime -IBMCLOUD_COLOR=true DEBIAN_FRONTEND=noninteractive -TERM=linux \ No newline at end of file +TERM=linux diff --git a/docker/config/gcp.env b/docker/config/gcp.env new file mode 100644 index 000000000..55eee77af --- /dev/null +++ b/docker/config/gcp.env @@ -0,0 +1,6 @@ +CLOUD='gcp' +IMAGE_NAME="${VENDOR}/${NAME}-${CLOUD}:${VERSION}" + +# These are passed in as env vars to the container at runtime +DEBIAN_FRONTEND=noninteractive +TERM=linux \ No newline at end of file diff --git a/docker/config/ibm.env b/docker/config/ibm.env new file mode 100644 index 000000000..3a4a4dc5e --- /dev/null +++ b/docker/config/ibm.env @@ -0,0 +1,7 @@ +CLOUD='ibm' +IMAGE_NAME="${VENDOR}/${NAME}-${CLOUD}:${VERSION}" + +# These are passed in as env vars to the container at runtime +IBMCLOUD_COLOR=true +DEBIAN_FRONTEND=noninteractive +TERM=linux \ No newline at end of file diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 296424a62..ba4c0eeaf 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -1,4 +1,4 @@ -version: "3.8" +version: "3.9" services: ncc-scoutsuite: image: scoutsuite:latest @@ -15,4 +15,4 @@ services: - VENDOR=${VENDOR} - NAME=${NAME} - IMAGE_NAME=${IMAGE_NAME} - - DESCRIPTION=${DESCRIPTION} + - DESCRIPTION=${DESCRIPTION} \ No newline at end of file diff --git a/docker/tag.sh b/docker/tag.sh new file mode 100755 index 000000000..062d059de --- /dev/null +++ b/docker/tag.sh @@ -0,0 +1,22 @@ +#!/bin/bash +source .env +#echo ${VERSION} +docker tag nccgroup/scoutsuite-aws:${VERSION} rossja/scoutsuite-aws:${VERSION} +docker tag nccgroup/scoutsuite-azure:${VERSION} rossja/scoutsuite-azure:${VERSION} +docker tag nccgroup/scoutsuite-gcp:${VERSION} rossja/scoutsuite-gcp:${VERSION} +docker tag nccgroup/scoutsuite-base:${VERSION} rossja/scoutsuite-base:${VERSION} + +docker tag rossja/scoutsuite-aws:${VERSION} rossja/scoutsuite-aws:latest +docker tag rossja/scoutsuite-azure:${VERSION} rossja/scoutsuite-azure:latest +docker tag rossja/scoutsuite-gcp:${VERSION} rossja/scoutsuite-gcp:latest +docker tag rossja/scoutsuite-base:${VERSION} rossja/scoutsuite-base:latest + +docker push rossja/scoutsuite-aws:${VERSION} +docker push rossja/scoutsuite-azure:${VERSION} +docker push rossja/scoutsuite-gcp:${VERSION} +docker push rossja/scoutsuite-base:${VERSION} + +docker push rossja/scoutsuite-aws:latest +docker push rossja/scoutsuite-azure:latest +docker push rossja/scoutsuite-gcp:latest +docker push rossja/scoutsuite-base:latest From 44c9e2cdb0817bfb2f04a09a0e82af7e30ea2e3e Mon Sep 17 00:00:00 2001 From: Jason Ross Date: Fri, 23 Sep 2022 21:05:05 -0400 Subject: [PATCH 870/979] rm compose to eliminate confusion --- docker/docker-compose.yaml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 docker/docker-compose.yaml diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml deleted file mode 100644 index ba4c0eeaf..000000000 --- a/docker/docker-compose.yaml +++ /dev/null @@ -1,18 +0,0 @@ -version: "3.9" -services: - ncc-scoutsuite: - image: scoutsuite:latest - env_file: - - config/build.env - build: - context: . - dockerfile: Dockerfile - args: - - VCS_REF=${VCS_REF} - - VCS_URL=${VCS_URL} - - VERSION=${VERSION} - - BUILD_DATE=${BUILD_DATE} - - VENDOR=${VENDOR} - - NAME=${NAME} - - IMAGE_NAME=${IMAGE_NAME} - - DESCRIPTION=${DESCRIPTION} \ No newline at end of file From 8887ad2cc0298aa72408190494a2aa72ffecc7d9 Mon Sep 17 00:00:00 2001 From: Steve Phillips Date: Wed, 28 Sep 2022 18:20:42 -0700 Subject: [PATCH 871/979] azure/rules/findings/rbac-administering-resource-locks-assigned.json: Typo fix Assigne -> Assign --- .../findings/rbac-administering-resource-locks-assigned.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json index 836bba236..accadfe18 100644 --- a/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json +++ b/ScoutSuite/providers/azure/rules/findings/rbac-administering-resource-locks-assigned.json @@ -1,7 +1,7 @@ { "description": "No Administering Resource Locks Role", "rationale": "Given the resource lock functionality is outside of standard Role Based Access Control(RBAC), it would be prudent to create a resource lock administrator role to prevent inadvertent unlocking of resources.", - "remediation": "From Azure Console:
    1. In the Azure portal, open a subscription or resource group where you want the custom role to be assignable.
    2. Select Access control (IAM)
    3. Click Add
    4. Select Add custom role
    5. \n Select Add custom role\n
    6. \n In the Custom Role Name field enter Resource Lock Administrator\n
      7. \n
    7. \n In the Description field enter Can Administer Resource Locks\n
      8. \n
    8. \n For Baseline permissions select Start from scratch\n
      9. \n
    9. \n Click next\n
      10. \n
    10. \n In the Permissions select Add permissions\n
      11. \n
    11. In the Search for a permission box, type in Microsoft.Authorization/locks to search for permissions.
      12. \n
    12. Select the check box next to the permission called Microsoft.Authorization/locks
      13. \n
    13. Click add
      14. \n
    14. Click Review+create
      15. \n
    15. Click Create
      16. \n
    16. Assigne the newly created role to the appropriate user
    ", + "remediation": "From Azure Console:
    1. In the Azure portal, open a subscription or resource group where you want the custom role to be assignable.
    2. Select Access control (IAM)
    3. Click Add
    4. Select Add custom role
    5. \n Select Add custom role\n
    6. \n In the Custom Role Name field enter Resource Lock Administrator\n
      7. \n
    7. \n In the Description field enter Can Administer Resource Locks\n
      8. \n
    8. \n For Baseline permissions select Start from scratch\n
      9. \n
    9. \n Click next\n
      10. \n
    10. \n In the Permissions select Add permissions\n
      11. \n
    11. In the Search for a permission box, type in Microsoft.Authorization/locks to search for permissions.
      12. \n
    12. Select the check box next to the permission called Microsoft.Authorization/locks
      13. \n
    13. Click add
      14. \n
    14. Click Review+create
      15. \n
    15. Click Create
      16. \n
    16. Assign the newly created role to the appropriate user
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", @@ -24,4 +24,4 @@ ] ], "id_suffix": "missing_custom_role_administering_resource_locks" -} \ No newline at end of file +} From b3243898d1bf1a186e14037a80921db0400b548b Mon Sep 17 00:00:00 2001 From: Scott Bailey <72747501+rbailey-godaddy@users.noreply.github.com> Date: Wed, 5 Oct 2022 10:58:11 -0400 Subject: [PATCH 872/979] Exclude SMTP port 25 from rule We should exclude port 25 from `ec2-security-group-opens-port-to-all` because it already is covered by `ec2-security-group-opens-known-port-to-all` (as SMTP) --- .../rules/findings/ec2-security-group-opens-port-to-all.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json index 09245dbdb..dae4c3354 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-security-group-opens-port-to-all.json @@ -26,6 +26,7 @@ "containNoneOf", [ "22", + "25", "80", "443", "1433", @@ -41,4 +42,4 @@ "arg_names": [ "Network transport protocol" ] -} \ No newline at end of file +} From 981670f1b43b7126357fb681101f6ae291db76b6 Mon Sep 17 00:00:00 2001 From: Liyun Li Date: Wed, 5 Oct 2022 17:10:34 -0400 Subject: [PATCH 873/979] Bug fix Remove the assumption that all Secrets have a `data` field. --- ScoutSuite/providers/kubernetes/facade/core.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ScoutSuite/providers/kubernetes/facade/core.py b/ScoutSuite/providers/kubernetes/facade/core.py index 2009d22f1..c9acb49aa 100644 --- a/ScoutSuite/providers/kubernetes/facade/core.py +++ b/ScoutSuite/providers/kubernetes/facade/core.py @@ -32,6 +32,8 @@ def get_resources(self) -> dict: # Redact sensitive resources if kind in ['Secret']: for i in range(len(resources)): + # Do not naively assume all secrets have `data` + if not resources[i].get('data'): continue for key in resources[i]['data']: resources[i]['data'][key] = 'REDACTED' From 3d5a1aa1f68923adf3e3d8c4c62a2d8462a961fd Mon Sep 17 00:00:00 2001 From: Liyun Li Date: Thu, 6 Oct 2022 12:30:53 -0400 Subject: [PATCH 874/979] Secret redaction logic improvement Remove the assumption the `data` field in every Secret is a dictionary. --- ScoutSuite/providers/kubernetes/facade/core.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/kubernetes/facade/core.py b/ScoutSuite/providers/kubernetes/facade/core.py index c9acb49aa..5579c95ce 100644 --- a/ScoutSuite/providers/kubernetes/facade/core.py +++ b/ScoutSuite/providers/kubernetes/facade/core.py @@ -33,9 +33,15 @@ def get_resources(self) -> dict: if kind in ['Secret']: for i in range(len(resources)): # Do not naively assume all secrets have `data` - if not resources[i].get('data'): continue - for key in resources[i]['data']: - resources[i]['data'][key] = 'REDACTED' + secret_data = resources[i].get('data') + if not secret_data: continue + + # Do not assume `data` is a dictionary either + if type(secret_data) == dict: + for key in secret_data: + resources[i]['data'][key] = 'REDACTED' + elif type(secret_data) == str: + resources[i]['data'] = 'REDACTED' data[kind] = data.get(kind, {}) data[kind][version] = resources From d6e0e286d450ee19630474501f7a65111b6f5c5e Mon Sep 17 00:00:00 2001 From: Liyun Li Date: Thu, 6 Oct 2022 12:43:49 -0400 Subject: [PATCH 875/979] Add checks on lists because why not --- ScoutSuite/providers/kubernetes/facade/core.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ScoutSuite/providers/kubernetes/facade/core.py b/ScoutSuite/providers/kubernetes/facade/core.py index 5579c95ce..f55cabc48 100644 --- a/ScoutSuite/providers/kubernetes/facade/core.py +++ b/ScoutSuite/providers/kubernetes/facade/core.py @@ -42,6 +42,9 @@ def get_resources(self) -> dict: resources[i]['data'][key] = 'REDACTED' elif type(secret_data) == str: resources[i]['data'] = 'REDACTED' + elif type(secret_data) == list: + for j in range(len(secret_data)): + resources[i]['data'][j] = 'REDACTED' data[kind] = data.get(kind, {}) data[kind][version] = resources From 3e3fd651c35d00855b1eb62b9cf40d7364ebc243 Mon Sep 17 00:00:00 2001 From: Liyun Li Date: Mon, 10 Oct 2022 14:27:38 -0400 Subject: [PATCH 876/979] remove unnecessary typing This typing seems to have caused some compatibility issues. --- ScoutSuite/providers/kubernetes/facade/base.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ScoutSuite/providers/kubernetes/facade/base.py b/ScoutSuite/providers/kubernetes/facade/base.py index 8c220ae3b..6860fafb6 100644 --- a/ScoutSuite/providers/kubernetes/facade/base.py +++ b/ScoutSuite/providers/kubernetes/facade/base.py @@ -1,5 +1,4 @@ from json import dumps, loads -from typing import Callable from yaml import safe_dump from google.auth.credentials import Credentials as GCPCredentials @@ -16,7 +15,7 @@ class KubernetesBaseFacade: - def continue_upon_exception(function: Callable): + def continue_upon_exception(function): def continue_upon_exception_callback(self, **kwargs): try: return function(self, **kwargs) From d3002c28a3bf2a14484fcafb4ae99126584cdcc5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 20 Oct 2022 16:14:32 +0200 Subject: [PATCH 877/979] Format findings --- .../iam-root-account-no-hardware-mfa.json | 4 +- .../rds-instance-publicly-accessible.json | 2 +- .../appservice-authentication-disabled.json | 64 ++++++++-------- ...pservice-client-certificates-disabled.json | 58 +++++++------- .../appservice-ftp-deployment-enabled.json | 54 ++++++------- .../findings/appservice-http-2-disabled.json | 60 +++++++-------- ...e-managed-service-identities-disabled.json | 68 ++++++++--------- .../appservice-outdated-version-dotnet.json | 74 +++++++++--------- .../appservice-outdated-version-java.json | 3 +- .../appservice-outdated-version-php.json | 76 +++++++++---------- .../appservice-outdated-version-python.json | 76 +++++++++---------- .../findings/appservice-tls-v1-supported.json | 58 +++++++------- .../findings/keyvault-not-recoverable.json | 52 ++++++------- ...ing-diagnostic-setting-does-not-exist.json | 6 +- ...rt-not-exist-create-policy-assignment.json | 12 +-- ...ng-monitoring-log-alert-not-exist-nsg.json | 16 ++-- ...log-alert-not-exist-security-solution.json | 16 ++-- ...monitoring-logging-key-vault-disabled.json | 8 +- ...ofile-does-not-capture-all-activities.json | 6 +- ...base-servers-ssl-enforcement-disabled.json | 2 +- ...ity-groups-rule-inbound-service-mssql.json | 3 +- ...urity-groups-rule-inbound-service-udp.json | 3 +- ...tgresql-database-servers-allow-any-ip.json | 3 +- ...-servers-connection-throttling-not-on.json | 2 +- ...tabase-servers-log-checkpoints-not-on.json | 2 +- ...tabase-servers-log-connections-not-on.json | 2 +- ...ase-servers-log-disconnections-not-on.json | 2 +- ...-database-servers-log-duration-not-on.json | 2 +- ...base-servers-ssl-enforcement-disabled.json | 2 +- ...er-settings-MCAS-integration-disabled.json | 27 +++---- ...r-settings-WDATP-integration-disabled.json | 27 +++---- ...base-databases-auditing-low-retention.json | 2 +- .../sqldatabase-databases-no-auditing.json | 68 ++++++++--------- ...abases-no-transparent-data-encryption.json | 3 +- ...t-encrypted-with-customer-managed-key.json | 14 ++-- ...tabase-servers-no-ad-admin-configured.json | 12 +-- ...ldatabase-servers-no-threat-detection.json | 60 +++++++-------- ...vers-threat-detection-disabled-alerts.json | 58 +++++++------- ...threat-detection-send-alerts-disabled.json | 4 +- ...-email-notif-to-admins-owners-not-set.json | 2 +- ...y-send-scan-reports-to-not-configured.json | 2 +- ...ccount-encrypted-not-customer-managed.json | 2 +- ...irtual-machines-os-data-encrypted-cmk.json | 8 +- ...chines-unattached-disks-encrypted-cmk.json | 8 +- 44 files changed, 517 insertions(+), 516 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json index 18fcc06c1..322eadfdf 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json @@ -48,11 +48,11 @@ [ "iam.credential_reports.id.partition", "notEqual", - "aws-us-gov" + "aws-us-gov" ] ], "keys": [ "this" ], "id_suffix": "mfa_active_hardware" -} \ No newline at end of file +}} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/findings/rds-instance-publicly-accessible.json b/ScoutSuite/providers/aws/rules/findings/rds-instance-publicly-accessible.json index e9af2d126..9bcdfc65e 100755 --- a/ScoutSuite/providers/aws/rules/findings/rds-instance-publicly-accessible.json +++ b/ScoutSuite/providers/aws/rules/findings/rds-instance-publicly-accessible.json @@ -1,5 +1,5 @@ { - "description": "RDS Instance publicly accessible", + "description": "RDS Instance Publicly Accessible", "rationale": "Instances should not be publicly accessible as this risks exposing sensitive data.", "references": [ "https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Hiding" diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json index 92bacb3f4..fd179425f 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-authentication-disabled.json @@ -1,34 +1,34 @@ { - "description": "App Service Authentication Disabled", - "rationale": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.", - "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Authentication / Authorization
      4. \n
    4. Set App Service Authentication to On
      5. \n
    5. Choose other parameters as per your requirement and Click on Save
      6. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.1" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.1" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-overview", - "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.authentication_enabled", - "false", - "" - ] - ], - "id_suffix": "authentication_enabled" + "description": "App Service Authentication Disabled", + "rationale": "Azure App Service Authentication is a feature that can prevent anonymous HTTP requests from reaching the API app, or authenticate those that have tokens before they reach the API app. If an anonymous request is received from a browser, App Service will redirect to a logon page. To handle the logon process, a choice from a set of identity providers can be made, or a custom authentication mechanism can be implemented.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Authentication / Authorization
      4. \n
    4. Set App Service Authentication to On
      5. \n
    5. Choose other parameters as per your requirement and Click on Save
      6. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.1" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-overview", + "https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access#pa-5-automate-entitlement-management", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-6-define-identity-and-privileged-access-strategy" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.authentication_enabled", + "false", + "" + ] + ], + "id_suffix": "authentication_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json index f9efc64d0..3b0acbcba 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-client-certificates-disabled.json @@ -1,31 +1,31 @@ { - "description": "Client Certificates Disabled", - "rationale": "Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.", - "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Ensure that the option Client certificate mode located under Incoming client certificates is set to Require
      5. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.4" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.4" - } - ], - "references": [ - "https://learn.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.client_cert_enabled", - "false", - "" - ] - ], - "id_suffix": "client_cert_enabled" + "description": "Client Certificates Disabled", + "rationale": "Client certificates allow for the app to request a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled, then only an authenticated client who has valid certificates can access the app.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Ensure that the option Client certificate mode located under Incoming client certificates is set to Require
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.4" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.4" + } + ], + "references": [ + "https://learn.microsoft.com/bs-latn-ba/azure/app-service/app-service-web-configure-tls-mutual-auth" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.client_cert_enabled", + "false", + "" + ] + ], + "id_suffix": "client_cert_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json index a6afae335..a2bb7124a 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-ftp-deployment-enabled.json @@ -1,29 +1,29 @@ { - "description": "FTP Deployment Enabled", - "rationale": "Azure FTP deployment endpoints are public. An attacker listening to traffic on a wifi network used by a remote employee or a corporate network could see login traffic in clear-text which would then grant them full control of the code base of the app or service. This finding is more severe if User Credentials for deployment are set at the subscription level rather than using the default Application Credentials which are unique per App.", - "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on an App
      3. \n
    3. Select Settings > Configuration
      4. \n
    4. Under Platform Settings, FTP state should be Disabled or FTPS Only
      5. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.20", - "reference": "9.11" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp", - "https://learn.microsoft.com/en-us/azure/app-service/overview-security", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.ftp_deployment_enabled", - "true", - "" - ] - ], - "id_suffix": "ftp_deployment_enabled" + "description": "FTP Deployment Enabled", + "rationale": "Azure FTP deployment endpoints are public. An attacker listening to traffic on a wifi network used by a remote employee or a corporate network could see login traffic in clear-text which would then grant them full control of the code base of the app or service. This finding is more severe if User Credentials for deployment are set at the subscription level rather than using the default Application Credentials which are unique per App.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on an App
      3. \n
    3. Select Settings > Configuration
      4. \n
    4. Under Platform Settings, FTP state should be Disabled or FTPS Only
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.20", + "reference": "9.11" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp", + "https://learn.microsoft.com/en-us/azure/app-service/overview-security", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-data-protection#dp-4-encrypt-sensitive-information-in-transit", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.ftp_deployment_enabled", + "true", + "" + ] + ], + "id_suffix": "ftp_deployment_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json index 7225797b6..e3ea5c341 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-http-2-disabled.json @@ -1,32 +1,32 @@ { - "description": "HTTP 2.0 Disabled", - "rationale": "Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.

    Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.

    HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.", - "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under \"Setting\" section, Click on \"Application settings\"
    5. Ensure that \"HTTP Version\" set to \"2.0\" version under \"General settings\"
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.10" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.10" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.http_2_enabled", - "false", - "" - ] - ], - "id_suffix": "http_2_enabled" + "description": "HTTP 2.0 Disabled", + "rationale": "Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version.

    Newer versions may contain security enhancements and additional functionality. Using the latest version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements and also verify the compatibility and support provided for any additional software against the update revision that is selected.

    HTTP 2.0 has additional performance improvements on the head-of-line blocking problem of old HTTP version, header compression, and prioritization of requests. HTTP 2.0 no longer supports HTTP 1.1's chunked transfer encoding mechanism, as it provides its own, more efficient, mechanisms for data streaming.", + "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under \"Setting\" section, Click on \"Application settings\"
    5. Ensure that \"HTTP Version\" set to \"2.0\" version under \"General settings\"
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.10" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.10" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.http_2_enabled", + "false", + "" + ] + ], + "id_suffix": "http_2_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json index dc03a2606..c7ecc1ade 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-managed-service-identities-disabled.json @@ -1,37 +1,37 @@ { - "description": "Managed Service Identities Disabled", - "rationale": "App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.", - "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under the \"Setting\" section, Click on \"Identity\"
    5. Ensure that \"Status\" set to On\"
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.5" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.5" - } - ], - "references": [ - "https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.identity", - "notNull", - "" + "description": "Managed Service Identities Disabled", + "rationale": "App Service provides a highly scalable, self-patching web hosting service in Azure. It also provides a managed identity for apps, which is a turn-key solution for securing access to Azure SQL Database and other Azure services.", + "remediation": "Using Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to \"App Services\"
    3. Click on each App
    4. Under the \"Setting\" section, Click on \"Identity\"
    5. Ensure that \"Status\" set to On\"
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.5" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.5" + } ], - [ - "appservice.subscriptions.id.web_apps.id.identity.principal_id", - "null", - "" - ] - ], - "id_suffix": "identity.managed_principal_id" + "references": [ + "https://learn.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-connect-msi", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.identity", + "notNull", + "" + ], + [ + "appservice.subscriptions.id.web_apps.id.identity.principal_id", + "null", + "" + ] + ], + "id_suffix": "identity.managed_principal_id" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json index a8f77864a..1a6067b18 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-dotnet.json @@ -1,40 +1,40 @@ { - "description": "Web App Running an Outdated .Net Framework Version", - "rationale": "Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Using Command Line:\n
      \n
    1. To see the list of supported runtimes
      2. \n az webapp list-runtimes | grep aspnet\n
    2. To set latest .NET Framework version for an existing app, run the following command:
      3. \n az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --net-framework-version <VERSION>\n
    3. Use .NET Framework as, 'v4.0' for .NET 4.6 and 'v3.0' for .NET 3.5.
      4. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.6" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.6" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "dotnet" + "description": "Web App Running an Outdated .Net Framework Version", + "rationale": "Periodically, newer versions are released for .Net Framework software either due to security flaws or to include additional functionality. Using the latest version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Command Line:\n
      \n
    1. To see the list of supported runtimes
      2. \n az webapp list-runtimes | grep aspnet\n
    2. To set latest .NET Framework version for an existing app, run the following command:
      3. \n az webapp config set --resource-group <RESOURCE_GROUP_NAME> --name <APP_NAME> --net-framework-version <VERSION>\n
    3. Use .NET Framework as, 'v4.0' for .NET 4.6 and 'v3.0' for .NET 3.5.
      4. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.6" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.6" + } ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "v6.0", - "6.0" - ] - ] - ], - "id_suffix": "programming_language_version" + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "dotnet" + ], + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "v6.0", + "6.0" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json index f71403661..707a65f2c 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json @@ -9,7 +9,6 @@ "reference": "9.9" }, { - "name": "CIS Microsoft Azure Foundations", "version": "1.1.0", "reference": "9.9" @@ -41,4 +40,4 @@ ] ], "id_suffix": "programming_language_version" -} \ No newline at end of file +}} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json index b9c4d4e95..30cd29625 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-php.json @@ -1,41 +1,41 @@ { - "description": "Web App Running an Outdated PHP Version", - "rationale": "Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Set PHP version to latest version available under General Settings
      5. \n NOTE: No action is required if PHP version is set to Off \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.7" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.7" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "php" + "description": "Web App Running an Outdated PHP Version", + "rationale": "Periodically newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Configuration
      4. \n
    4. Set PHP version to latest version available under General Settings
      5. \n NOTE: No action is required if PHP version is set to Off \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.7" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.7" + } ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "7.2", - "7.3", - "7.4" - ] - ] - ], - "id_suffix": "programming_language_version" + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-endpoint-security" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "php" + ], + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "7.2", + "7.3", + "7.4" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json index f041369ad..a1244dda5 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-python.json @@ -1,41 +1,41 @@ { - "description": "Web App Running an Outdated Python Version", - "rationale": "Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", - "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Application Settings
      4. \n
    4. Set Python version to latest version available under General Settings
      5. \n NOTE: No action is required if Python version is set to Off\n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.8" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.8" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.programming_language", - "equal", - "python" + "description": "Web App Running an Outdated Python Version", + "rationale": "Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version.", + "remediation": "Using Console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on Application Settings
      4. \n
    4. Set Python version to latest version available under General Settings
      5. \n NOTE: No action is required if Python version is set to Off\n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.8" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.8" + } ], - [ - "appservice.subscriptions.id.web_apps.id.programming_language_version", - "containNoneOf", - [ - "3.6", - "3.7", - "3.8", - "3.9" - ] - ] - ], - "id_suffix": "programming_language_version" + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/web-sites-configure#general-settings" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.programming_language", + "equal", + "python" + ], + [ + "appservice.subscriptions.id.web_apps.id.programming_language_version", + "containNoneOf", + [ + "3.6", + "3.7", + "3.8", + "3.9" + ] + ] + ], + "id_suffix": "programming_language_version" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json index cc86ebd70..187d0378b 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-tls-v1-supported.json @@ -1,31 +1,31 @@ { - "description": "Insecure TLS Version Supported", - "rationale": "The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.", - "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on SSL settings
      4. \n
    4. Set Minimum TLS Version to 1.2 under Protocol Settings section
      5. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "9.3" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.1.0", - "reference": "9.3" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" - ], - "dashboard_name": "Web Apps", - "path": "appservice.subscriptions.id.web_apps.id", - "conditions": [ - "and", - [ - "appservice.subscriptions.id.web_apps.id.minimum_tls_version_supported", - "notEqual", - "1.2" - ] - ], - "id_suffix": "minimum_tls_supported" + "description": "Insecure TLS Version Supported", + "rationale": "The TLS (Transport Layer Security) protocol secures transmission of data over the internet using standard encryption technology. Encryption should be set with the latest version of TLS. App Service allows TLS 1.2 by default, which is the recommended TLS level by industry standards, such as PCI DSS.", + "remediation": "In the Azure console:\n
      \n
    1. Go to App Services
      2. \n
    2. Click on each App
      3. \n
    3. Under Setting section, Click on SSL settings
      4. \n
    4. Set Minimum TLS Version to 1.2 under Protocol Settings section
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "9.3" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.1.0", + "reference": "9.3" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-ssl#enforce-tls-versions" + ], + "dashboard_name": "Web Apps", + "path": "appservice.subscriptions.id.web_apps.id", + "conditions": [ + "and", + [ + "appservice.subscriptions.id.web_apps.id.minimum_tls_version_supported", + "notEqual", + "1.2" + ] + ], + "id_suffix": "minimum_tls_supported" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json b/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json index b4cf4c9da..1c5260768 100755 --- a/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json +++ b/ScoutSuite/providers/azure/rules/findings/keyvault-not-recoverable.json @@ -1,28 +1,28 @@ { - "description": "Key Vault Not Recoverable", - "rationale": "There could be scenarios where users accidently run delete/purge commands on key vault or attacker/malicious user does it deliberately to cause disruption. Deleting or purging a key vault leads to immediate data loss as keys encrypting data and secrets/certificates allowing access/services will become non-accessible.", - "remediation": "From Azure CLI:
    az resource update --id /subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups//providers/Microsoft.KeyVault /vaults/ --set properties.enablePurgeProtection=true properties.enableSoftDelete=true
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "8.4" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli", - "https://blogs.technet.microsoft.com/kv/2017/05/10/azure-key-vault-recovery-options/", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy" - ], - "dashboard_name": "PostgreSQL Servers", - "path": "keyvault.subscriptions.id.vaults.id", - "conditions": [ - "and", - [ - "keyvault.subscriptions.id.vaults.id.recovery_protection_enabled", - "false", - "" - ] - ], - "id_suffix": "recovery_protection_enabled" + "description": "Key Vault Not Recoverable", + "rationale": "There could be scenarios where users accidently run delete/purge commands on key vault or attacker/malicious user does it deliberately to cause disruption. Deleting or purging a key vault leads to immediate data loss as keys encrypting data and secrets/certificates allowing access/services will become non-accessible.", + "remediation": "From Azure CLI:
    az resource update --id /subscriptions/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups//providers/Microsoft.KeyVault /vaults/ --set properties.enablePurgeProtection=true properties.enableSoftDelete=true
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "8.4" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/key-vault/key-vault-soft-delete-cli", + "https://blogs.technet.microsoft.com/kv/2017/05/10/azure-key-vault-recovery-options/", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-governance-strategy#gs-8-define-backup-and-recovery-strategy" + ], + "dashboard_name": "PostgreSQL Servers", + "path": "keyvault.subscriptions.id.vaults.id", + "conditions": [ + "and", + [ + "keyvault.subscriptions.id.vaults.id.recovery_protection_enabled", + "false", + "" + ] + ], + "id_suffix": "recovery_protection_enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json index 4b0d72a96..7d4df70f3 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", - "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" + "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" ], "dashboard_name": "Diagnostic Settings", "path": "loggingmonitoring.subscriptions.id.diagnostic_settings.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json index 6bd4127c2..1f908f994 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For Create Policy Assignment", + "description": "Activity Log Alert Does Not Exist for Create Policy Assignment", "rationale": "Monitoring for \"Create Policy Assignment\" events gives insight into changes done in \"azure policy -assignments\" and can reduce the time it takes to detect unsolicited changes.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json index 49677b50f..808931a83 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "description": "Activity Log Alert Does Not Exist for _ARG_0_", "rationale": "Monitoring for \"_ARG_0_\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", @@ -31,11 +31,11 @@ "" ] ], - "id_suffix": "_ARG_2_", "key": "_ARG_2_", "arg_names": [ "Event", "Associated CIS rule", "Dictionary Value" - ] + ], + "id_suffix": "_ARG_2_" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json index 5349eb7de..8fce22548 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "description": "Activity Log Alert Does Not Exist for _ARG_0_", "rationale": "Monitoring for \"_ARG_0_\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", @@ -31,11 +31,11 @@ "" ] ], - "id_suffix": "_ARG_2_", "key": "_ARG_2_", "arg_names": [ "Event", "Associated CIS rule", "Dictionary Value" - ] + ], + "id_suffix": "_ARG_2_" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json index 4823f8b89..bffdd9e1b 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-logging-key-vault-disabled.json @@ -1,5 +1,5 @@ { - "description": "Logging For Azure Key Vault Is Disabled", + "description": "Logging for Azure Key Vault Is Disabled", "rationale": "Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.", "remediation": "Follow Microsoft Azure documentation and setup Azure Key Vault Logging.", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Key Vaults", - "path": "loggingmonitoring.subscriptions.id.resources_logging.id" , + "path": "loggingmonitoring.subscriptions.id.resources_logging.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json index 9ec1e3d1c..5b171aaa1 100644 --- a/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json +++ b/ScoutSuite/providers/azure/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Profile", - "path": "loggingmonitoring.subscriptions.id.log_profiles.id" , + "path": "loggingmonitoring.subscriptions.id.log_profiles.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json index 7f7d049bb..4fa88f2ea 100644 --- a/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/mysql-database-servers-ssl-enforcement-disabled.json @@ -1,5 +1,5 @@ { - "description": "Enforce SSL Connection Is Disabled For MySQL Database Server", + "description": "Enforce SSL Connection Is Disabled for MySQL Database Server", "rationale": "SSL connectivity helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \"man in the middle\" attacks by encrypting the data stream between the server and application.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for MySQL server
    3. For each database, click on Connection security
    4. In SSL settings.
    5. Click Enabled to Enforce SSL connection
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json index f7f7e7f1e..a2a0b034d 100644 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json @@ -8,7 +8,6 @@ "reference": "6.3" } ], - "dashboard_name": "NSGs", "display_path": "network.subscriptions.id.security_groups.id", "path": "network.subscriptions.id.security_groups.id.security_rules.id", @@ -31,4 +30,4 @@ ] ], "key": "network-security-groups-rule-inbound-MsSQL" -} \ No newline at end of file +}} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json index 028344c41..4f2480b93 100644 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json @@ -33,5 +33,4 @@ ] ], "key": "network-security-groups-rule-inbound-UDP" - -} \ No newline at end of file +}} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json index dd59bc63d..640a068c7 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-allow-any-ip.json @@ -1,7 +1,8 @@ { "description": "PostgreSQL Database Allow Ingress 0.0.0.0/0 (Any IP)", "rationale": "If access from Azure services is enabled, the server's firewall will accept connections from all Azure resources, including resources not in your subscription. This is usually not a desired configuration. Instead, setup firewall rules to allow access from specific network ranges or VNET rules to allow access from specific virtual networks.", - "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Connection security
    4. In Firewall rukes
    5. Ensure Allow access to Azure services is set to 'OFF'
    6. Click Save to apply the changed rule.
    ", "compliance": [ + "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Connection security
    4. In Firewall rukes
    5. Ensure Allow access to Azure services is set to 'OFF'
    6. Click Save to apply the changed rule.
    ", + "compliance": [ { "name": "CIS Microsoft Azure Foundations", "version": "1.2.0", diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json index 229c7d94c..b4bc27c10 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-connection-throttling-not-on.json @@ -1,5 +1,5 @@ { - "description": "Server Parameter Connection Throttling Not Set To 'ON'", + "description": "Server Parameter Connection Throttling Not Set to 'ON'", "rationale": "Enabling connection_throttling helps the PostgreSQL Database to Set the verbosity of logged messages which in turn generates query and error logs with respect to concurrent connections, that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for connection_throttling.
    5. Click ON and save.
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json index 47d898159..ecc2020a7 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-checkpoints-not-on.json @@ -1,5 +1,5 @@ { - "description": "Server Parameter Log Checkpoints Not Set To 'ON'", + "description": "Server Parameter Log Checkpoints Not Set to 'ON'", "rationale": "Enabling log_checkpoints helps the PostgreSQL Database to Log each checkpoint in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_checkpoints.
    5. Click ON and save.
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json index 9a9685f65..6b28b263f 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-connections-not-on.json @@ -1,5 +1,5 @@ { - "description": "Server Parameter Log Connections Not Set To 'ON'", + "description": "Server Parameter Log Connections Not Set to 'ON'", "rationale": "Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_connection.
    5. Click ON and save.
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json index 5602a9185..9b13adf31 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-disconnections-not-on.json @@ -1,5 +1,5 @@ { - "description": "Server Parameter Log Disconnections Not Set To 'ON'", + "description": "Server Parameter Log Disconnections Not Set to 'ON'", "rationale": "Enabling log_disconnectionshelps PostgreSQL Database to Logs end of a session, including duration, which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_disconnection.
    5. Click ON and save.
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json index 223f9476e..9bba2b5aa 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-log-duration-not-on.json @@ -1,5 +1,5 @@ { - "description": "Server Parameter Log Duration Not Set To 'ON'", + "description": "Server Parameter Log Duration Not Set to 'ON'", "rationale": "Enabling log_duration helps the PostgreSQL Database to Logs the duration of each completed SQL statement which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Server parameters
    4. Search for log_duration.
    5. Click ON and save.
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json index f497f0bc6..7824d29a5 100644 --- a/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/postgresql-database-servers-ssl-enforcement-disabled.json @@ -1,5 +1,5 @@ { - "description": "Enforce SSL Connection Is Disabled For PostgreSQL Database Server", + "description": "Enforce SSL Connection Is Disabled for PostgreSQL Database Server", "rationale": "SSL connectivity helps to provide a new layer of security, by connecting database server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between database server and client applications helps protect against \"man in the middle\" attacks by encrypting the data stream between the server and application.", "remediation": "From Azure Console:
    1. Login to Azure Portal using https://portal.azure.com
    2. Go to Azure Database for PostgreSQL server
    3. For each database, click on Connection security
    4. In SSL settings.
    5. Click Enabled to Enforce SSL connection
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json index ba9e037ea..25facdeab 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json @@ -17,17 +17,18 @@ "dashboard_name": "Security Settings", "path": "securitycenter.subscriptions.id.settings.id", "conditions": [ - "and", - [ - "securitycenter.subscriptions.id.settings.id.name", - "equal", - "MCAS" - ], - [ - "securitycenter.subscriptions.id.settings.id.enabled", - "false", - "" - ] - ], - "id_suffix": "enabled" + "and", + [ + "securitycenter.subscriptions.id.settings.id.name", + "equal", + "MCAS" + ], + [ + "securitycenter.subscriptions.id.settings.id.enabled", + "false", + "" + ] + ], + "id_suffix": "enabled" +} "id_suffix": "enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json index 2b01855be..ccac28ded 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json @@ -17,17 +17,18 @@ "dashboard_name": "Security Settings", "path": "securitycenter.subscriptions.id.settings.id", "conditions": [ - "and", - [ - "securitycenter.subscriptions.id.settings.id.name", - "equal", - "WDATP" - ], - [ - "securitycenter.subscriptions.id.settings.id.enabled", - "false", - "" - ] - ], - "id_suffix": "enabled" + "and", + [ + "securitycenter.subscriptions.id.settings.id.name", + "equal", + "WDATP" + ], + [ + "securitycenter.subscriptions.id.settings.id.enabled", + "false", + "" + ] + ], + "id_suffix": "enabled" +} "id_suffix": "enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json index 9f2085edb..2fa7e824d 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-auditing-low-retention.json @@ -1,7 +1,7 @@ { "description": "Short Auditing Retention Period for SQL Databases", "rationale": "Auditing retention period should be greater than _ARG_0_ days. Audit Logs can be used to check for anomalies and give insight into suspected breaches or misuse of information and access.", - "remediation":"From Azure Console:\n
      \n
    1. Go to SQL servers
      2. \n
    2. For each server instance
      3. \n
    3. Click on Auditing
      4. \n
    4. Select Storage Details
      5. \n
    5. Ensure Retention (days) setting greater than 90 days
      6. \n
    ", + "remediation": "From Azure Console:\n
      \n
    1. Go to SQL servers
      2. \n
    2. For each server instance
      3. \n
    3. Click on Auditing
      4. \n
    4. Select Storage Details
      5. \n
    5. Ensure Retention (days) setting greater than 90 days
      6. \n
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json index 3f1a946c4..d6de5f449 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-auditing.json @@ -1,36 +1,36 @@ { - "description": "Auditing Disabled for SQL Databases", - "rationale": "Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.", - "remediation": "From Azure Console:\n
      \n
    1. Go to SQL servers
      2. \n
    2. For each server instance
      3. \n
    3. Click on Auditing
      4. \n
    4. Set Auditing to On
      5. \n
    ", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "4.1.1" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.2" - } - ], - "references": [ - "https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers", - "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", - "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0", - "https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" - ], - "dashboard_name": "SQL Databases", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id.databases.id", - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.auditing_enabled", - "false", - "" - ] - ], - "id_suffix": "db_auditing_disabled" + "description": "Auditing Disabled for SQL Databases", + "rationale": "Auditing tracks database events and writes them to an audit log in the Azure storage account. It also helps to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.", + "remediation": "From Azure Console:\n
      \n
    1. Go to SQL servers
      2. \n
    2. For each server instance
      3. \n
    3. Click on Auditing
      4. \n
    4. Set Auditing to On
      5. \n
    ", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.1.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.2" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/security-center/security-center-enable-auditing-on-sql-servers", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserverauditing?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserverauditingpolicy?view=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + ], + "dashboard_name": "SQL Databases", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id.databases.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.databases.id.auditing.auditing_enabled", + "false", + "" + ] + ], + "id_suffix": "db_auditing_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json index 6479913e1..34767aa5c 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-databases-no-transparent-data-encryption.json @@ -7,7 +7,8 @@ "name": "CIS Microsoft Azure Foundations", "version": "1.2.0", "reference": "4.1.2" - },{ + }, + { "name": "CIS Microsoft Azure Foundations", "version": "1.0.0", "reference": "4.2" diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json index 01d3d640d..afec17fcc 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-TDE-not-encrypted-with-customer-managed-key.json @@ -1,7 +1,7 @@ { - "description": "SQL Server TDE Protector Not Encrypted With Customer-Managed Key", - "rationale": "Customer-managed key support for Transparent Data Encryption (TDE) allows user control of TDE encryption keys and restricts who can access them and when. Azure Key Vault, Azure’s cloud-based external key management system is the first key management service where TDE has integrated support for Customer-managed keys. With Customer-managed key support, the database encryption key is protected by an asymmetric key stored inthe Key Vault. The asymmetric key is set at the server level and inherited by all databases under that server.", - "remediation": "From Azure console:
    Go to SQL servers
    For the desired server instance
    1. Click on Transparent data encryption
    2. Set Use your own key to YES
    3. Browse through your key vaults to Select an existing key or create a new key in Key Vault
    4. Check Make selected key the default TDE protector
    " , + "description": "SQL Server TDE Protector Not Encrypted with Customer-Managed Key", + "rationale": "Customer-managed key support for Transparent Data Encryption (TDE) allows user control of TDE encryption keys and restricts who can access them and when. Azure Key Vault, Azure\u2019s cloud-based external key management system is the first key management service where TDE has integrated support for Customer-managed keys. With Customer-managed key support, the database encryption key is protected by an asymmetric key stored inthe Key Vault. The asymmetric key is set at the server level and inherited by all databases under that server.", + "remediation": "From Azure console:
    Go to SQL servers
    For the desired server instance
    1. Click on Transparent data encryption
    2. Set Use your own key to YES
    3. Browse through your key vaults to Select an existing key or create a new key in Key Vault
    4. Check Make selected key the default TDE protector
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", @@ -10,10 +10,10 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15", - "https://azure.microsoft.com/en-in/blog/preview-sql-transparent-data-encryption-tde-with-bring-your-own-key-support/", - "https://winterdom.com/2017/09/07/azure-sql-tde-protector-keyvault", - "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15", + "https://azure.microsoft.com/en-in/blog/preview-sql-transparent-data-encryption-tde-with-bring-your-own-key-support/", + "https://winterdom.com/2017/09/07/azure-sql-tde-protector-keyvault", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=sql-server-ver15" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json index 30c8b22bb..23e096499 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-ad-admin-configured.json @@ -1,7 +1,7 @@ { "description": "Azure Active Directory Admin Not Configured for SQL Servers", "rationale": "Azure Active Directory authentication is a mechanism to connect to Microsoft Azure SQL Database and SQL Data Warehouse by using identities in Azure Active Directory (Azure AD). With Azure AD authentication, identities of database users and other Microsoft services can be managed in one central location. Central ID management provides a single place to manage database users and simplifies permission management.", - "remediation": "From Azure console:
    1. Go to SQL servers
    2. For each SQL server, click on Active Directory admin
    3. Click on Set admin
    4. Select an admin
    5. Click Save
    " , + "remediation": "From Azure console:
    1. Go to SQL servers
    2. For each SQL server, click on Active Directory admin
    3. Click on Set admin
    4. Select an admin
    5. Click Save
    ", "compliance": [ { "name": "CIS Microsoft Azure Foundations", @@ -15,11 +15,11 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell", - "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview", - "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", - "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" + "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/get-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/powershell/module/azurerm.sql/set-azurermsqlserveractivedirectoryadministrator?view=azurermps-6.13.0&viewFallbackFrom=azurermps-5.2.0", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-identity-management#im-1-standardize-azure-active-directory-as-the-central-identity-and-authentication-system" ], "dashboard_name": "SQL Databases", "display_path": "sqldatabase.subscriptions.id.servers.id", diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json index 1d2726b0a..7838bad3c 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-no-threat-detection.json @@ -1,32 +1,32 @@ { - "description": "Advanced Threat Protection (ATP) Disabled for SQL Servers", - "rationale": "SQL Server \"Advanced Data Security\" (ADS) provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users will receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "4.2.1" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.1" - } - ], - "dashboard_name": "SQL Servers", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id", - "references": [ - "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", - "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" - ], - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.threat_detection.threat_detection_enabled", - "false", - "" - ] - ], - "id_suffix": "server_threat_detection_disabled" + "description": "Advanced Threat Protection (ATP) Disabled for SQL Servers", + "rationale": "SQL Server \"Advanced Data Security\" (ADS) provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. Users will receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.1" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.1" + } + ], + "references": [ + "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.threat_detection.threat_detection_enabled", + "false", + "" + ] + ], + "id_suffix": "server_threat_detection_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json index 00f9dc1e7..4a2f28b4c 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-disabled-alerts.json @@ -1,32 +1,32 @@ { - "description": "Advanced Threat Protection Disabled Types for SQL servers", - "rationale": "Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.", - "compliance": [ - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.2.0", - "reference": "4.2.2" - }, - { - "name": "CIS Microsoft Azure Foundations", - "version": "1.0.0", - "reference": "4.1" - } - ], - "dashboard_name": "SQL Servers", - "display_path": "sqldatabase.subscriptions.id.servers.id", - "path": "sqldatabase.subscriptions.id.servers.id", + "description": "Advanced Threat Protection Disabled Types for SQL Servers", + "rationale": "Enabling all threat protection types protects against SQL injection, database vulnerabilities, and any other anomalous activities.", + "compliance": [ + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.2.0", + "reference": "4.2.2" + }, + { + "name": "CIS Microsoft Azure Foundations", + "version": "1.0.0", + "reference": "4.1" + } + ], "references": [ - "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", - "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" - ], - "conditions": [ - "and", - [ - "sqldatabase.subscriptions.id.servers.id.threat_detection.alerts_enabled", - "false", - "" - ] - ], - "id_suffix": "server_threat_detection_alerts_disabled" + "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", + "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" + ], + "dashboard_name": "SQL Servers", + "display_path": "sqldatabase.subscriptions.id.servers.id", + "path": "sqldatabase.subscriptions.id.servers.id", + "conditions": [ + "and", + [ + "sqldatabase.subscriptions.id.servers.id.threat_detection.alerts_enabled", + "false", + "" + ] + ], + "id_suffix": "server_threat_detection_alerts_disabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json index a18b0e9c2..668999f9d 100755 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-threat-detection-send-alerts-disabled.json @@ -2,7 +2,7 @@ "description": "Send Advanced Threat Protection Alerts Disabled for SQL Servers", "rationale": "Providing the email address and enable Administrator and subscription owner to receive alerts ensures that any detection of anomalous activities is reported as soon as possible, making it more likely to mitigate any potential risk sooner.", "compliance": [ - { + { "name": "CIS Microsoft Azure Foundations", "version": "1.2.0", "reference": "4.2.3" @@ -23,7 +23,7 @@ "reference": "4.1.5" } ], - "references":[ + "references": [ "https://learn.microsoft.com/en-us/azure/sql-database/sql-advanced-threat-protection", "https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql" ], diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json index 30b9c98b7..2f2d1134a 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-email-notif-to-admins-owners-not-set.json @@ -1,5 +1,5 @@ { - "description": "Send Email Notifications To Admins And Subscription Owners Is Not Set on SQL Servers", + "description": "Send Email Notifications to Admins and Subscription Owners Is Not Set on SQL Servers", "rationale": "ADS -VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.", "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, set Storage Accounts if not already
    6. Check/enable 'Also send email notifications to admins and subscription owners'
    7. Click Save
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json index 9def9df4f..991886780 100644 --- a/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json +++ b/ScoutSuite/providers/azure/rules/findings/sqldatabase-servers-vulnerability-send-scan-reports-to-not-configured.json @@ -1,5 +1,5 @@ { - "description": "Send Scan Report To Is Not Configured on SQL Servers", + "description": "Send Scan Report to Is Not Configured on SQL Servers", "rationale": "ADS -VA scan reports and alerts will be sent to email ids configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.", "remediation": "In the Azure console:
    1. Go to SQL servers
    2. For each server instance
    3. Click on Advanced Data Security
    4. Set Advanced Data Security to On if not already
    5. In Section Vulnerability Assessment Settings, set Storage Accounts if not already
    6. Configure email ids for concerned data owners/stakeholders at 'Send scan reports to'
    7. Click Save
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json index 31cbcf942..4ab3a2579 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-encrypted-not-customer-managed.json @@ -1,5 +1,5 @@ { - "description": "Storage not encrypted with Customer Managed Key", + "description": "Storage Not Encrypted with Customer Managed Key", "rationale": "By default, data in the storage account is encrypted using Microsoft Managed Keys at rest.

    If sensitive information is stored, it should be encrypted using either Server-side Customer-Managed keys or Client-side Encryption. In the case of Client-side Encryption, it is difficult to decipher if the customer loses the key.

    ", "remediation": "In the Azure console:
    1. Go to Storage Accounts
    2. For each storage account, go to Encryption
    3. Set Customer Managed Keys
    4. Select the Encryption key and enter the appropriate setting value
    ", "compliance": [ diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json index 60fddb174..d45cf94a7 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-os-data-encrypted-cmk.json @@ -1,5 +1,5 @@ { - "description": "OS And Data Disks Not Encrypted With CMK", + "description": "OS and Data Disks Not Encrypted with CMK", "rationale": "Encrypting the IaaS VM's OS disk (boot volume), Data disks (non-boot volume) ensures that the entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. CMK is superior encryption although requires additional planning.", "remediation": "From Azure console:
    1. Go to Virtual machines
    2. For each virtual machine, go to Settings
    3. Click on Disks
    4. Click the X to detach the disk from the VM
    5. Now search for Disks and locate the unattached disk
    6. Click the disk then select Encryption
    7. Change your encryption type, then select your encryption set
    8. Click Save
    9. Go back to the VM and re-attach the dsk
    ", "compliance": [ @@ -22,9 +22,9 @@ "conditions": [ "or", [ - "virtualmachines.subscriptions.id.disks.id.encryption_type", - "equal", - "EncryptionAtRestWithPlatformKey" + "virtualmachines.subscriptions.id.disks.id.encryption_type", + "equal", + "EncryptionAtRestWithPlatformKey" ], [ "virtualmachines.subscriptions.id.disks.id.encryption_type", diff --git a/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json b/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json index dbb94fa09..29ca89618 100644 --- a/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json +++ b/ScoutSuite/providers/azure/rules/findings/virtual-machines-unattached-disks-encrypted-cmk.json @@ -1,5 +1,5 @@ { - "description": "Unattached Disks Not Encrypted With CMK", + "description": "Unattached Disks Not Encrypted with CMK", "rationale": "Managed disks are encrypted by default with Platform-managed keys. Using Customer-managed keys may provide an additional level of security or meet an organization's regulatory requirements. Encrypting managed disks ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads. Even if the disk is not attached to any of the VMs, there is always a risk where a compromised user account with administrative access to VM service can mount/attach these data disks which may lead to sensitive information disclosure and tampering.", "remediation": "If data stored in the disk is no longer useful, refer to Azure documentation to delete unattached data disks at :
    1. https://learn.microsoft.com/en-us/rest/api/compute/disks/delete
    2. https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest#az-disk-delete

    If data stored in the disk is important, To encrypt the disk refer azure documentation at:
    1. https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys-portal
    2. https://learn.microsoft.com/en-us/rest/api/compute/disks/update#encryptionsettings
    ", "compliance": [ @@ -35,9 +35,9 @@ "" ], [ - "virtualmachines.subscriptions.id.disks.id.encryption_type", - "equal", - "EncryptionAtRestWithPlatformKey" + "virtualmachines.subscriptions.id.disks.id.encryption_type", + "equal", + "EncryptionAtRestWithPlatformKey" ] ] ], From d56bf14968a1c85aa30db44a11a691ae29d74381 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 20 Oct 2022 16:15:23 +0200 Subject: [PATCH 878/979] Format findings --- .../findings/configmap-unnecessary-secrets.json | 2 +- .../cron-job-apparmor-annotation-missing.json | 2 +- ...on-job-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...cron-job-container-running-as-root-group.json | 8 ++++---- .../cron-job-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/cron-job-host-ipc-true.json | 2 +- .../findings/cron-job-host-network-true.json | 2 +- .../rules/findings/cron-job-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- .../cron-job-privileged-container-running.json | 2 +- ...-job-resources-without-defined-cpu-limit.json | 8 ++++---- ...ron-job-resources-without-defined-limits.json | 4 ++-- ...b-resources-without-defined-memory-limit.json | 8 ++++---- .../daemonset-apparmor-annotation-missing.json | 2 +- ...monset-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...aemonset-container-running-as-root-group.json | 8 ++++---- ...daemonset-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/daemonset-host-ipc-true.json | 2 +- .../findings/daemonset-host-network-true.json | 2 +- .../rules/findings/daemonset-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- .../daemonset-privileged-container-running.json | 2 +- ...nset-resources-without-defined-cpu-limit.json | 8 ++++---- ...emonset-resources-without-defined-limits.json | 4 ++-- ...t-resources-without-defined-memory-limit.json | 8 ++++---- .../deployment-apparmor-annotation-missing.json | 2 +- ...oyment-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...ployment-container-running-as-root-group.json | 8 ++++---- ...eployment-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/deployment-host-ipc-true.json | 2 +- .../findings/deployment-host-network-true.json | 2 +- .../rules/findings/deployment-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- .../deployment-privileged-container-running.json | 2 +- ...ment-resources-without-defined-cpu-limit.json | 8 ++++---- ...loyment-resources-without-defined-limits.json | 4 ++-- ...t-resources-without-defined-memory-limit.json | 8 ++++---- .../findings/eks-kms-encryption-disabled.json | 2 +- .../eks-publically-accessible-apiserver.json | 3 +-- .../job-apparmor-annotation-missing.json | 2 +- .../job-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- .../job-container-running-as-root-group.json | 8 ++++---- .../job-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/job-host-ipc-true.json | 2 +- .../rules/findings/job-host-network-true.json | 2 +- .../rules/findings/job-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- .../job-privileged-container-running.json | 2 +- .../job-resources-without-defined-cpu-limit.json | 8 ++++---- .../job-resources-without-defined-limits.json | 4 ++-- ...b-resources-without-defined-memory-limit.json | 8 ++++---- ...kubernetesengine-cluster-release-channel.json | 2 +- ...toring-diagnostic-setting-does-not-exist.json | 6 +++--- ...alert-not-exist-create-policy-assignment.json | 12 ++++++------ ...gging-monitoring-log-alert-not-exist-nsg.json | 16 ++++++++-------- ...ng-log-alert-not-exist-security-solution.json | 16 ++++++++-------- ...ng-monitoring-logging-key-vault-disabled.json | 8 ++++---- ...-profile-does-not-capture-all-activities.json | 6 +++--- ...licy-unrestricted-cluster-network-access.json | 2 +- ...licy-unrestricted-cluster-network-egress.json | 2 +- ...icy-unrestricted-cluster-network-ingress.json | 2 +- .../pod-apparmor-annotation-missing.json | 2 +- .../pod-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- .../pod-container-running-as-root-group.json | 8 ++++---- .../pod-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/pod-helm-tiller-in-use.json | 2 +- .../rules/findings/pod-host-ipc-true.json | 2 +- .../rules/findings/pod-host-network-true.json | 2 +- .../rules/findings/pod-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 6 +++--- .../pod-privileged-container-running.json | 2 +- .../pod-resources-without-defined-cpu-limit.json | 8 ++++---- .../pod-resources-without-defined-limits.json | 4 ++-- ...d-resources-without-defined-memory-limit.json | 8 ++++---- .../podtemplate-apparmor-annotation-missing.json | 2 +- ...mplate-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...template-container-running-as-root-group.json | 8 ++++---- ...dtemplate-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../findings/podtemplate-host-ipc-true.json | 2 +- .../findings/podtemplate-host-network-true.json | 2 +- .../findings/podtemplate-host-pid-true.json | 2 +- ...podtemplate-privileged-container-running.json | 2 +- ...late-resources-without-defined-cpu-limit.json | 8 ++++---- ...emplate-resources-without-defined-limits.json | 4 ++-- ...e-resources-without-defined-memory-limit.json | 8 ++++---- .../replicaset-apparmor-annotation-missing.json | 2 +- ...icaset-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...plicaset-container-running-as-root-group.json | 8 ++++---- ...eplicaset-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../rules/findings/replicaset-host-ipc-true.json | 2 +- .../findings/replicaset-host-network-true.json | 2 +- .../rules/findings/replicaset-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- .../replicaset-privileged-container-running.json | 2 +- ...aset-resources-without-defined-cpu-limit.json | 8 ++++---- ...licaset-resources-without-defined-limits.json | 4 ++-- ...t-resources-without-defined-memory-limit.json | 8 ++++---- .../findings/service-helm-tiller-in-use.json | 2 +- ...ccount-automounted-service-account-token.json | 2 +- .../statefulset-apparmor-annotation-missing.json | 2 +- ...fulset-automounted-service-account-token.json | 2 +- ...tainer-ability-to-modify-root-filesystem.json | 6 +++--- ...-container-allowing-privilege-escalation.json | 6 +++--- ...tefulset-container-running-as-root-group.json | 8 ++++---- ...atefulset-container-running-as-root-user.json | 8 ++++---- ...iner-with-overly-permissive-capabilities.json | 8 ++++---- ...-container-with-possible-root-privileges.json | 8 ++++---- .../findings/statefulset-host-ipc-true.json | 2 +- .../findings/statefulset-host-network-true.json | 2 +- .../findings/statefulset-host-pid-true.json | 2 +- ...-kubernetes-container-manifest-hardening.json | 2 +- ...statefulset-privileged-container-running.json | 2 +- ...lset-resources-without-defined-cpu-limit.json | 8 ++++---- ...efulset-resources-without-defined-limits.json | 4 ++-- ...t-resources-without-defined-memory-limit.json | 8 ++++---- 143 files changed, 355 insertions(+), 356 deletions(-) diff --git a/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json b/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json index e9043c763..79eaedbda 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/configmap-unnecessary-secrets.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/configuration/configmap/" ], "dashboard_name": "ConfigMaps", - "path": "config_map.v1.resources.id", "display_path": "config_map.v1.id", + "path": "config_map.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json index 90cda9420..865e56396 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json index 2526d6108..c990e6db6 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json index 1e77c6b57..2eea13942 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json index b50fe6aeb..00564d6c4 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json index ea0e30305..e413de043 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "runAsGroup", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json index b111b7394..4fcf0996e 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "runAsUser", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json index 9f26cb4ec..2f88cd7e0 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "capabilities.drop", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json index f126cd9de..2a3ff497c 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "runAsNonRoot", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json index bcc0c37c2..a3d35004d 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json index ef021411a..cbf3aed87 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json index 460e00005..c1198bbc3 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json index 53c110df6..bb0de3f2c 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json index b646d0eb1..71b8ce837 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json index 4d96c5464..66e65dbcd 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "cpu", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json index 9f2211ef9..847c7bf48 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources", "display_path": "cron_job.v1-batch.id", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json index d1ec6fa19..32c24650f 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/cron-job-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "CronJobs", - "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "display_path": "cron_job.v1-batch.id", - "id_suffix": "memory", + "path": "cron_job.v1-batch.resources.id.data.spec.jobTemplate.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json index e08e509a4..8e722260e 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json index 216ed95b8..0fb6151ff 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json index cd9d0b653..6c4d2c825 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -27,5 +26,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json index 0621aea4e..aae4d7532 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -26,5 +25,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json index 5ab9e1b96..ae1b748c0 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "runAsGroup", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -21,5 +20,6 @@ "equal", "0" ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json index c3feb2a0d..e0e244e4c 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "runAsUser", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -21,5 +20,6 @@ "equal", "0" ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json index 54c0fa9fa..10f432ade 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "capabilities.drop", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json index 39d2fa8d6..da2e51440 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "runAsNonRoot", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -26,5 +25,6 @@ "false", "" ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json index 1ca2e9156..0c51ba7f5 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json index 3bd2c9328..8a42b2859 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json index 89c5716fa..af50a1d1b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json index 86e28c297..4ba0b61bd 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json index c70f61811..256521835 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json index 0a2449771..75d9933b9 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "cpu", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json index ae69428aa..2a6c80230 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "display_path": "daemon_set.v1-apps.id", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json index d938fc7e4..72929f47d 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/daemonset-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "DaemonSets", - "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "daemon_set.v1-apps.id", - "id_suffix": "memory", + "path": "daemon_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json index 8a97fff7c..220bd5dd5 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json index 4d55af24a..d9e12e309 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json index 0fb483c99..7595016a0 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json index 64bb55d30..a60166c8e 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json index f16ff2519..9bb1c47c2 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "runAsGroup", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json index 2adbf94ee..d4ed2646a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "runAsUser", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json index 477c6ff56..fee5d496a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "capabilities.drop", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json index 908694e4e..a7f7ab825 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "runAsNonRoot", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json index 885f3b527..c1c2256e7 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json index bdb2bd1f9..3a85290e6 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json index 9b41ae269..17e3ca1c7 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json index ca878bbf7..5c1ff2f90 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json index 012f86e78..475b24139 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json index d201c4406..9c3c046de 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "cpu", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json index 129ece4f5..66de50aac 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "display_path": "deployment.v1-apps.id", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json index aa83ce4fb..3b7ae7c0c 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/deployment-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Deployments", - "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "deployment.v1-apps.id", - "id_suffix": "memory", + "path": "deployment.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json index 373153b40..94fc3b104 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-kms-encryption-disabled.json @@ -9,8 +9,8 @@ "https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html" ], "dashboard_name": "Configurations", - "path": "eks", "display_path": "eks.encryption.id", + "path": "eks", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json index 0340d4ffd..f99fb4da9 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json @@ -1,4 +1,3 @@ - { "description": "Publically Accessible API Server", "rationale": " A publically accessible Kubernetes API server may enable arbitrary view or modification of cluster data.", @@ -21,4 +20,4 @@ "0.0.0.0/0" ] ] -} \ No newline at end of file +}} \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json index d932aa696..e3f115065 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json index 376098384..6c0c06fa9 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json index cea75abc2..caf6c4f4a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json index 955ea53dd..a605f42a1 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json index d2fd43159..c19c2cc41 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "runAsGroup", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json index 152870732..59318d0b5 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "runAsUser", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json index 4913f5ce2..5511704ab 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "capabilities.drop", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json index 5f195473a..4ab146136 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "runAsNonRoot", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json index d10777fb1..1dd8f7e3d 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json index f0a0bdd14..92831acf4 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json index 6eeaaca63..0916cbd00 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json index bd299216c..fa264adcc 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json index bd67d653e..b4803f19b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json index e562e067a..f8a33c5de 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "cpu", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json index 2cca82304..62a332644 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources", "display_path": "job.v1-batch.id", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json index 95aa99833..a245e62a7 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/job-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Jobs", - "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "display_path": "job.v1-batch.id", - "id_suffix": "memory", + "path": "job.v1-batch.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json index cb0ed50bb..3ef1e23b7 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/kubernetesengine-cluster-release-channel.json @@ -1,5 +1,5 @@ { - "description": "Cluster not Subscribed to Release Channel", + "description": "Cluster Not Subscribed to Release Channel", "rationale": "Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.
    The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.
    The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.
    Critical security patches are delivered to all release channels.", "compliance": [ { diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json index 4b0d72a96..7d4df70f3 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-diagnostic-setting-does-not-exist.json @@ -10,9 +10,9 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", - "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" + "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/platform-logs-overview#export-the-activity-log-with-a-log-profile", + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az_monitor_log_profiles_create", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-5-centralize-security-log-management-and-analysis" ], "dashboard_name": "Diagnostic Settings", "path": "loggingmonitoring.subscriptions.id.diagnostic_settings.id", diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json index 6bd4127c2..1f908f994 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-create-policy-assignment.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For Create Policy Assignment", + "description": "Activity Log Alert Does Not Exist for Create Policy Assignment", "rationale": "Monitoring for \"Create Policy Assignment\" events gives insight into changes done in \"azure policy -assignments\" and can reduce the time it takes to detect unsolicited changes.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json index 49677b50f..808931a83 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-nsg.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "description": "Activity Log Alert Does Not Exist for _ARG_0_", "rationale": "Monitoring for \"_ARG_0_\" events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", @@ -31,11 +31,11 @@ "" ] ], - "id_suffix": "_ARG_2_", "key": "_ARG_2_", "arg_names": [ "Event", "Associated CIS rule", "Dictionary Value" - ] + ], + "id_suffix": "_ARG_2_" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json index 5349eb7de..8fce22548 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-log-alert-not-exist-security-solution.json @@ -1,5 +1,5 @@ { - "description": "Activity Log Alert Does Not Exist For _ARG_0_", + "description": "Activity Log Alert Does Not Exist for _ARG_0_", "rationale": "Monitoring for \"_ARG_0_\" events gives insight into changes to the active security solutions and may reduce the time it takes to detect suspicious activity.", "remediation": "In the Azure console:
    1. Go to Monitor service on Azure Security Center
    2. Select Alerts blade
    3. Click On New alert Rule
    4. Under Scope, click Select resource
    5. Select the appropriate subscription under Filter by subscription
    6. Select Policy Assignment under Filter by resource type
    7. Select All for Filter by location
    8. Click on the subscription from the entries populated under Resource
    9. Verify Selection preview shows All Policy assignment (policyAssignments) and your selected subscription name
    10. Under Condition click Select Condition
    11. Select Create policy assignment signal
    12. Click Done
    13. Under Action group, select appropriate action group
    14. Under Alert rule details, enter rule name and description
    15. Select appropriate resource group
    16. Check Enable alert rule upon creation checkbox
    17. Click Create alert rule
    ", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", - "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", - "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement/", + "https://learn.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate", + "https://learn.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Alert Rules", "path": "loggingmonitoring.subscriptions.id.log_alerts.id", @@ -31,11 +31,11 @@ "" ] ], - "id_suffix": "_ARG_2_", "key": "_ARG_2_", "arg_names": [ "Event", "Associated CIS rule", "Dictionary Value" - ] + ], + "id_suffix": "_ARG_2_" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json index 4823f8b89..bffdd9e1b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-logging-key-vault-disabled.json @@ -1,5 +1,5 @@ { - "description": "Logging For Azure Key Vault Is Disabled", + "description": "Logging for Azure Key Vault Is Disabled", "rationale": "Monitoring how and when key vaults are accessed, and by whom enables an audit trail of interactions with confidential information, keys and certificates managed by Azure Keyvault. Enabling logging for Key Vault saves information in an Azure storage account that the user provides. This creates a new container named insights-logs-auditevent automatically for the specified storage account, andthis same storage account can be used for collecting logs for multiple key vaults.", "remediation": "Follow Microsoft Azure documentation and setup Azure Key Vault Logging.", "compliance": [ @@ -10,11 +10,11 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Key Vaults", - "path": "loggingmonitoring.subscriptions.id.resources_logging.id" , + "path": "loggingmonitoring.subscriptions.id.resources_logging.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json index 9ec1e3d1c..5b171aaa1 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/logging-monitoring-profile-does-not-capture-all-activities.json @@ -10,11 +10,11 @@ } ], "references": [ - "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", - "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" + "https://learn.microsoft.com/en-us/cli/azure/monitor/log-profiles?view=azure-cli-latest#az-monitor-log-profiles-update", + "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-logging-threat-detection#lt-4-enable-logging-for-azure-resources" ], "dashboard_name": "Profile", - "path": "loggingmonitoring.subscriptions.id.log_profiles.id" , + "path": "loggingmonitoring.subscriptions.id.log_profiles.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json index b75e339d5..1cde4dae7 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-access.json @@ -6,8 +6,8 @@ "https://kubernetes.io/docs/concepts/services-networking/network-policies/" ], "dashboard_name": "Network Policies", - "path": "network_policy", "display_path": "network_policy.v1.id", + "path": "network_policy", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json index 58d23886e..0bcbcc4ba 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-egress.json @@ -6,8 +6,8 @@ "https://kubernetes.io/docs/concepts/services-networking/network-policies/" ], "dashboard_name": "Network Policies", - "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.data", "display_path": "network_policy.v1-networking-k8s-io.id", + "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec.egress.id.data", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json index 1b15562b8..8b626073c 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/networkpolicy-unrestricted-cluster-network-ingress.json @@ -6,8 +6,8 @@ "https://kubernetes.io/docs/concepts/services-networking/network-policies/" ], "dashboard_name": "Network Policies", - "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec", "display_path": "network_policy.v1-networking-k8s-io.id", + "path": "network_policy.v1-networking-k8s-io.resources.id.data.spec", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json index 32e194ff3..1d7976621 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json index 51c06ddb0..c0796feb4 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json index 6a64aec53..d42a9fbf9 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json index 10b0c56ad..6a758ee20 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json index b33de2f3a..9cfdfc1fb 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "runAsGroup", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json index 2b588aecf..71dcf5758 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "runAsUser", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json index ea7382d80..84552a894 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "capabilities.drop", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json index 38a40d448..6ae9c572f 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "runAsNonRoot", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json index bbaaee9eb..0c7b0664e 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-helm-tiller-in-use.json @@ -6,8 +6,8 @@ "https://github.com/markround/tiller#status" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json index e9c69f920..7c37c1abf 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id.data.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json index 5af4a3257..48a510311 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id.data.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json index 99fdac799..cb800d9d8 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id.data.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json index 8a08a634c..76b730b47 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-kubernetes-container-manifest-hardening.json @@ -6,9 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "hardening_required", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -56,5 +55,6 @@ "null", "" ] - ] + ], + "id_suffix": "hardening_required" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json index 49de6a7ac..d74ac9a3e 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-privileged-container-running.json @@ -6,8 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json index 7d450dec7..a48370c22 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "cpu", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json index 7a861c12d..c1d77762d 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json index 66e870812..df38dbfab 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/pod-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Pods", - "path": "pod.v1.resources.id.data.spec.containers.id", "display_path": "pod.v1.id", - "id_suffix": "memory", + "path": "pod.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json index ff21e45d1..1423f434a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1-apps.resources.id", "display_path": "pod_template.v1-apps.id", + "path": "pod_template.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json index 054054aad..5d0bf386c 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json index 1b10764b5..88c8e4627 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json index b1ec47a12..f793020ce 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json index 431d6c5ff..cb19d8fe6 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "runAsGroup", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json index 8894466bb..2fdc1f2fa 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "runAsUser", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json index ae121c56b..9719d4802 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "capabilities.drop", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json index fc79c1cc6..3cbabcd26 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "runAsNonRoot", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json index f3ae827b7..64bfe7e3b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json index 0d4039e88..df3205ae1 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json index 4d00be918..b680221c5 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json index 55c70562f..e807845be 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json index 7890dd4de..415f90884 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "cpu", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json index bc781bf1e..6cb12c7f1 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "Pods", - "path": "pod_template.v1.resources.id.data.spec.containers.id", "display_path": "pod_template.v1.id", + "path": "pod_template.v1.resources.id.data.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json index 012634e99..aea82d606 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/podtemplate-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "PodTemplates", - "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "display_path": "pod_template.v1.id", - "id_suffix": "memory", + "path": "pod_template.v1.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json index 9c589cc7c..9b07f40c5 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json index d81f9b1ec..e83a3131a 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json index 75a893367..3d52b7595 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json index 11fd1a485..880d929c4 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json index 2fcb684e5..39ec592da 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "runAsGroup", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json index 85d7fdffe..339260f0f 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "runAsUser", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json index e6fd0dd88..2f5f01644 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "capabilities.drop", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json index 1377c35dc..6ae58b508 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "runAsNonRoot", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json index 599978d3b..71977ee62 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json index 920ab7aa0..c3dfd6a4a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json index 757638c0b..ced23f5cf 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json index 4bef33ebc..18ebc11bc 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json index d2b9ab3b5..775462d23 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json index c8779e736..f95209aff 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "cpu", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json index 1cd63180b..cf518179a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "display_path": "replica_set.v1-apps.id", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json index a6152eb8c..edf257571 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/replicaset-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "ReplicaSets", - "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "replica_set.v1-apps.id", - "id_suffix": "memory", + "path": "replica_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json b/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json index 1c1b0dc54..835932b6f 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/service-helm-tiller-in-use.json @@ -6,8 +6,8 @@ "https://github.com/markround/tiller#status" ], "dashboard_name": "Services", - "path": "service.v1.resources.id", "display_path": "service.v1.id", + "path": "service.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json index 27794872c..2d519360e 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/serviceaccount-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "Service Accounts", - "path": "service_account.v1.resources.id", "display_path": "service_account.v1.id", + "path": "service_account.v1.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json index 99ce1d9ab..8a388b485 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-apparmor-annotation-missing.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tutorials/security/apparmor/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json index f333bb52d..4456994e2 100755 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-automounted-service-account-token.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json index 81e8056f6..3c7bfdf5b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-ability-to-modify-root-filesystem.json @@ -7,9 +7,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "readOnlyRootFilesystem", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -32,5 +31,6 @@ "false", "" ] - ] + ], + "id_suffix": "readOnlyRootFilesystem" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json index e5362227b..26c69ea6c 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-allowing-privilege-escalation.json @@ -6,9 +6,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "allowPrivilegeEscalation", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -31,5 +30,6 @@ "true", "" ] - ] + ], + "id_suffix": "allowPrivilegeEscalation" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json index 5870ad30f..3bbc17b54 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-group.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root Group", + "description": "Container/InitContainer/EphemeralContainer Running As Root Group", "rationale": "Where possible, runAsGroup should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "runAsGroup", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsGroup" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json index a552c8e66..73d1463cc 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-running-as-root-user.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer Running as Root User", + "description": "Container/InitContainer/EphemeralContainer Running As Root User", "rationale": "Where possible, runAsUser should be set to a value greater than 0.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "runAsUser", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -37,5 +36,6 @@ "0" ] ] - ] + ], + "id_suffix": "runAsUser" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json index a88a23299..04478eb68 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-overly-permissive-capabilities.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Permissive Capabilities", + "description": "Container/InitContainer/EphemeralContainer with Permissive Capabilities", "rationale": "A container should drop all and add the necessary capabilities by default.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "capabilities.drop", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -36,5 +35,6 @@ "null", "" ] - ] + ], + "id_suffix": "capabilities.drop" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json index a6dc8505e..636f8350a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-container-with-possible-root-privileges.json @@ -1,14 +1,13 @@ { - "description": "Container/InitContainer/EphemeralContainer With Possible Root Privileges", + "description": "Container/InitContainer/EphemeralContainer with Possible Root Privileges", "rationale": "Where possible, runAsNonRoot should be set to true to prevent the container from running as root.", "references": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "runAsNonRoot", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ @@ -37,5 +36,6 @@ "" ] ] - ] + ], + "id_suffix": "runAsNonRoot" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json index aaa62581c..e1455f5c2 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-ipc-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json index 5204e5513..b05d37997 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-network-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json index 98fc47f39..b6030ba93 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-host-pid-true.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/concepts/policy/pod-security-policy/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json index 9ea63fa8f..414daefa4 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-kubernetes-container-manifest-hardening.json @@ -6,8 +6,8 @@ "https://www.cisecurity.org/benchmark/docker/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json index 35d02c99a..418da6c18 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-privileged-container-running.json @@ -5,8 +5,8 @@ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json index e4b0c7f1b..13b65e216 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-cpu-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined CPU Limit", + "description": "Resources without Defined CPU Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "cpu", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "cpu" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json index 8d53ce65e..1b5f4221a 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-limits.json @@ -1,12 +1,12 @@ { - "description": "Resources Without Defined Limits", + "description": "Resources without Defined Limits", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "display_path": "stateful_set.v1-apps.id", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id.resources", "conditions": [ "or", [ diff --git a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json index 3abe22e34..1264e0f39 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/statefulset-resources-without-defined-memory-limit.json @@ -1,13 +1,12 @@ { - "description": "Resources Without Defined Memory Limit", + "description": "Resources without Defined Memory Limit", "rationale": "Unset resource limits could result in service denial through resource exhaustion.", "references": [ "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" ], "dashboard_name": "StatefulSets", - "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "display_path": "stateful_set.v1-apps.id", - "id_suffix": "memory", + "path": "stateful_set.v1-apps.resources.id.data.spec.template.spec.containers.id", "conditions": [ "or", [ @@ -25,5 +24,6 @@ "null", "" ] - ] + ], + "id_suffix": "memory" } \ No newline at end of file From 79667f125c4581ca49c9f89b843d74f09533e26b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 20 Oct 2022 16:15:31 +0200 Subject: [PATCH 879/979] Format findings --- ...udsql-mysql-instances-local-infile-on.json | 2 +- ...tgresql-instances-log-checkpoints-off.json | 2 +- ...tgresql-instances-log-connections-off.json | 2 +- ...esql-instances-log-disconnections-off.json | 2 +- ...stgresql-instances-log-lock-waits-off.json | 2 +- ...-instances-log-min-duration-not-set-1.json | 2 +- ...ql-instances-log-min-messages-not-set.json | 2 +- ...ql-instances-log-temp-files-not-set-0.json | 2 +- ...-contained-database-authentication-on.json | 2 +- ...tances-cross-db-ownership-chaining-on.json | 2 +- ...ge-bucket-no-public-access-prevention.json | 2 +- ...tance-connecting-serial-ports-enabled.json | 2 +- ...gine-instance-default-service-account.json | 2 +- ...omputeengine-instance-full-api-access.json | 2 +- ...puteengine-instance-os-login-disabled.json | 2 +- .../computeengine-network-default-in-use.json | 7 ++- .../computeengine-network-legacy-in-use.json | 52 +++++++++---------- .../computeengine-vpc-flow-logs-disabled.json | 2 +- .../dns-zones-dnssec-not-enabled.json | 40 +++++++------- ...s-zones-key-signing-key-using-rsasha1.json | 6 +-- ...-zones-zone-signing-key-using-rsasha1.json | 6 +-- .../findings/functions-v1-allowing-http.json | 34 ++++++------ ...ions-v1-environment-variables-secrets.json | 28 +++++----- .../rules/findings/functions-v1-member.json | 42 +++++++-------- .../functions-v1-public-endpoint.json | 48 ++++++++--------- ...ions-v2-environment-variables-secrets.json | 28 +++++----- .../functions-v2-public-endpoint.json | 28 +++++----- ...le-account-separation-duties-is-false.json | 2 +- ...m-role-kms-separation-duties-is-false.json | 2 +- ...okeys-anonymously-publicly-accessible.json | 2 +- .../kms-encryption-keys-not-rotated.json | 2 +- ...ernetesengine-cluster-release-channel.json | 2 +- ...r-does-not-exist-audit-config-changes.json | 6 +-- ...-cloud-storage-iam-permission-changes.json | 6 +-- ...er-does-not-exist-custom-role-changes.json | 6 +-- ...ot-exist-project-ownership-assignment.json | 6 +-- ...not-exist-sql-instance-config-changes.json | 6 +-- ...er-does-not-exist-vpc-network-changes.json | 6 +-- ...ist-vpc-network-firewall-rule-changes.json | 6 +-- ...s-not-exist-vpc-network-route-changes.json | 6 +-- ...s-does-not-exist-audit-config-changes.json | 6 +-- ...-cloud-storage-iam-permission-changes.json | 6 +-- ...ts-does-not-exist-custom-role-changes.json | 6 +-- ...ot-exist-project-ownership-assignment.json | 6 +-- ...not-exist-sql-instance-config-changes.json | 6 +-- ...ts-does-not-exist-vpc-network-changes.json | 6 +-- ...ist-vpc-network-firewall-rule-changes.json | 6 +-- ...s-not-exist-vpc-network-route-changes.json | 6 +-- 48 files changed, 228 insertions(+), 229 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json index 2171c0222..dbd9a9b9f 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-mysql-instances-local-infile-on.json @@ -1,5 +1,5 @@ { - "description": "Local Infile Database Flag For MySQL Instance Is On", + "description": "Local Infile Database Flag for MySQL Instance Is on", "rationale": "The local_infile flag controls the server-side LOCAL capability for LOAD DATA statements. Depending on the local_infile setting, the server refuses or permits local data loading by clients that have LOCAL enabled on the client side. To explicitly cause the server to refuse LOAD DATA LOCAL statements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld with local_infile disabled. local_infile can also be set at runtime.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the MySQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag local_infile from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json index b1ad37341..41ee10bce 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-checkpoints-off.json @@ -1,5 +1,5 @@ { - "description": "Log Checkpoints Database Flag For PostgreSQL Instance Is Off", + "description": "Log Checkpoints Database Flag for PostgreSQL Instance Is off", "rationale": "Enabling log_checkpoints causes checkpoints and restart points to be logged in the server log. Some statistics are included in the log messages, including the number of buffers written and the time spent writing them. This parameter can only be set in the postgresql.conf file or on the server command line. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_checkpoints from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json index c7fb4c966..8d9deb5e9 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-connections-off.json @@ -1,5 +1,5 @@ { - "description": "Log Connections Database Flag For PostgreSQL Instance Is Off", + "description": "Log Connections Database Flag for PostgreSQL Instance Is off", "rationale": "PostgreSQL does not log attempted connections by default. Enabling the log_connections setting will create log entries for each attempted connection as well as successful completion of client authentication which can be useful in troubleshooting issues and to determine any unusual connection attempts to the server. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_connections from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json index 74e0ae1be..b3e770ff4 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-disconnections-off.json @@ -1,5 +1,5 @@ { - "description": "Log Disconnections Database Flag For PostgreSQL Instance Is Off", + "description": "Log Disconnections Database Flag for PostgreSQL Instance Is off", "rationale": "PostgreSQL does not log session details such as duration and session end by default. Enabling the log_disconnections setting will create log entries at the end of each session which can be useful in troubleshooting issues and determine any unusual activity across a time period. The log_disconnections and log_connections work hand in hand and generally, the pair would be enabled/disabled together. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_disconnections from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json index e71d5c59c..5549e8043 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-lock-waits-off.json @@ -1,5 +1,5 @@ { - "description": "Log Lock Waits Database Flag For PostgreSQL Instance Is Off", + "description": "Log Lock Waits Database Flag for PostgreSQL Instance Is off", "rationale": "The deadlock timeout defines the time to wait on a lock before checking for any conditions. Frequent run overs on deadlock timeout can be an indication of an underlying issue. Logging such waits on locks by enabling the log_lock_waits flag can be used to identify poor performance due to locking delays or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_lock_waits from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json index b7926fd89..a8a4b657d 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-duration-not-set-1.json @@ -1,5 +1,5 @@ { - "description": "Log Min Duration Statement Database Flag For PostgreSQL Instance Is Not Set To -1", + "description": "Log Min Duration Statement Database Flag for PostgreSQL Instance Is Not Set to -1", "rationale": "Logging SQL statements may include sensitive information that should not be recorded in logs. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_min_duration_statement from the drop-down menu, and set its value to -1.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json index 7e7308458..5a25c7532 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-min-messages-not-set.json @@ -1,5 +1,5 @@ { - "description": "Log Min Messages Database Flag For PostgreSQL Instance Is Not Set", + "description": "Log Min Messages Database Flag for PostgreSQL Instance Is Not Set", "rationale": "Auditing helps in troubleshooting operational problems and also permits forensic analysis. If log_min_error_statement is not set to the correct value, messages may not be classified as error messages appropriately. Considering general log messages as error messages would make it difficult to find actual errors, while considering only stricter severity levels as error messages may skip actual errors to log their SQL statements. The log_min_error_statement flag should be set in accordance with the organization's logging policy. This recommendation is applicable to PostgreSQL database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_min_error_statement from the drop-down menu, and set appropriate value.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json index b978c7869..7dfb3c190 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-postgresql-instances-log-temp-files-not-set-0.json @@ -1,5 +1,5 @@ { - "description": "Log Temp Files Database Flag For PostgreSQL Instance Is Not Set To 0", + "description": "Log Temp Files Database Flag for PostgreSQL Instance Is Not Set to 0", "rationale": "If all temporary files are not logged, it may be more difficult to identify potential performance issues that may be due to either poor application coding or deliberate resource starvation attempts.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the PostgreSQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag log_temp_files from the drop-down menu, and set its value to 0.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json index 1841613da..d3ae2f2d6 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-contained-database-authentication-on.json @@ -1,5 +1,5 @@ { - "description": "Contained Database Authentication Database Flag For SQLServers Instance Is On", + "description": "Contained Database Authentication Database Flag for SQLServers Instance Is on", "rationale": "A contained database includes all database settings and metadata required to define the database and has no configuration dependencies on the instance of the Database Engine where the database is installed. Users can connect to the database without authenticating a login at the Database Engine level. Isolating the database from the Database Engine makes it possible to easily move the database to another instance of SQL Server. Contained databases have some unique threats that should be understood and mitigated by SQL Server Database Engine administrators. Most of the threats are related to the USER WITH PASSWORD authentication process, which moves the authentication boundary from the Database Engine level to the database level, hence this is recommended to disable this flag.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the MySQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag contained database authentication from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json index d9f0657d0..d95d2f58c 100644 --- a/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudsql-sqlservers-instances-cross-db-ownership-chaining-on.json @@ -1,5 +1,5 @@ { - "description": "Cross DB Ownership Chaining Database Flag For SQLServers Instance Is On", + "description": "Cross DB Ownership Chaining Database Flag for SQLServers Instance Is on", "rationale": "Use the cross db ownership for chaining option to configure cross-database ownership chaining for an instance of Microsoft SQL Server. This server option allows you to control cross-database ownership chaining at the database level or to allow cross-database ownership chaining for all databases. Enabling cross db ownership is not recommended unless all of the databases hosted by the instance of SQL Server must participate in cross-database ownership chaining and you are aware of the security implications of this setting. This recommendation is applicable to SQL Server database instances.", "remediation": "From console:
    1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
    2. Select the MySQL instance where the database flag needs to be enabled.
    3. Click Edit
    4. Scroll down to the Flags section.
    5. To set a flag that has not been set on the instance before, click Add item, choose the flag cross db ownership chaining from the drop-down menu, and set its value to off.
    6. Click Save
    7. Confirm the changes under Flags on the Overview page.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json index 5bd2dd2a0..7693e77dc 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json @@ -1,5 +1,5 @@ { - "description": "Bucket with Private Access Prevention not Enforced", + "description": "Bucket with Private Access Prevention Not Enforced", "rationale": "Public access prevention protects Cloud Storage buckets and objects from being accidentally exposed to the public. When you enforce public access prevention, no one can make data in applicable buckets public through IAM policies or ACLs.

    Note that even if a bucket does not have public access prevention explicitly enforced in its settings, it might still inherit public access prevention, which occurs if the organization policy constraint storage.publicAccessPrevention is set on the project, folder, or organization that the bucket exists within. For this reason, the bucket state can only be set to enforced or inherited.", "references": [ "https://cloud.google.com/storage/docs/public-access-prevention" diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json index 6c6dcd568..3b1585b95 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-connecting-serial-ports-enabled.json @@ -1,5 +1,5 @@ { - "description": "Enable Connecting To Serial Ports Is Enabled", + "description": "Enable Connecting to Serial Ports Is Enabled", "rationale": "The interactive serial console does not support IP-based access restrictions such as IP allow-lists. If you enable the interactive serial console on an instance, clients can attempt to connect to that instance from any IP address. This allows anybody to connect to that instance if they know the correct SSH key, username, project ID, zone, and instance name.", "remediation": "From console:
    1. Login to Google Cloud console
    2. Go to Computer Engine
    3. Go to VM instances
    4. Click on the Specific VM
    5. Click Edit
    6. Unselect Enable connecting to serial ports below Remote accessblock.
    7. Click Save
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-default-service-account.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-default-service-account.json index 49ec4bc1b..85408385f 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-default-service-account.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-default-service-account.json @@ -1,5 +1,5 @@ { - "description": "Instances Configured To Use Default Service Account", + "description": "Instances Configured to Use Default Service Account", "rationale": "The default Compute Engine service account has the Editor role on the project, which allows read and write access to most Google Cloud Services. To defend against privilege escalations if your VM is compromised and prevent an attacker from gaining access to all of your project, it is recommended to not use the default Compute Engine service account. Instead, you should create a new service account and assigning only the permissions needed by your instance.
    The default Compute Engine service account is named [PROJECT_NUMBER]-compute@developer.gserviceaccount.com.", "remediation": "From console:
    1. Go to the VM instances page by visiting https://console.cloud.google.com/compute/instances.
    2. Click on the instance name to go to its VM instance details page.
    3. Click STOP and then click Edit
    4. Under the section Service Account, select a service account other that the default Compute Engine service account. You may first need to create a new service account.
    5. Click Save and then click START
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-full-api-access.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-full-api-access.json index 986c02b03..50ac560cc 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-full-api-access.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-full-api-access.json @@ -1,5 +1,5 @@ { - "description": "Instances Configured To Use Default Service Account With Full Access To All Cloud APIs", + "description": "Instances Configured to Use Default Service Account with Full Access to All Cloud APIs", "rationale": "When an instance is configured with Compute Engine default service account with Scope Allow full access to all Cloud APIs, based on IAM roles assigned to the user(s) accessing Instance, it may allow user to perform cloud operations/API calls that user is not supposed to perform leading to successful privilege escalation.", "remediation": "From console:
    1. Go to the VM instances page by visiting https://console.cloud.google.com/compute/instances.
    2. Click on the impacted VM instance.
    3. If the instance is not stopped, click the Stop button. Wait for the instance to be stopped.
    4. Next, click the Edit button.
    5. Scroll down to the Service Account section.
    6. Select a different service account or ensure that Allow full access to all Cloud APIs is not selected.
    7. Click the Save button to save your changes and then click START
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-os-login-disabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-os-login-disabled.json index 9b6f7b75b..6df1ddce0 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-os-login-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-instance-os-login-disabled.json @@ -1,5 +1,5 @@ { - "description": "OS login Disabled", + "description": "OS Login Disabled", "rationale": "Enabling osLogin ensures that SSH keys used to connect to instances are mapped with IAM users. Revoking access to IAM user will revoke all the SSH keys associated with that particular user. It facilitates centralized and automated SSH key pair management which is useful in handling cases like response to compromised SSH key pairs and/or revocation of external/third-party/Vendor users.", "remediation": "From console:
    1. Go to the VM compute metadata page by visiting https://console.cloud.google.com/compute/metadata.
    2. Click Edit>
    3. Add a metadata entry where the key is enable-oslogin and the value is TRUE.
    4. Click Save to apply the changes.
    5. For every instances that overrides the project setting, go to the VM Instances page at https://console.cloud.google.com/compute/instances.
    6. Click the name of the instance on which you want to remove the metadata value.
    7. At the top of the instance details page, click Edit to edit the instance settings.
    8. Under Custom metadata, remove any entry with key enable-oslogin and the value is FALSE
    9. At the bottom of the instance details page, click Save to apply your changes to the instance.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json index 1404bf6a4..afba3211b 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-default-in-use.json @@ -1,5 +1,5 @@ { - "description": "Default Network should be removed", + "description": "Default Network Should Be Removed", "rationale": "The default network has a preconfigured network configuration and automatically generates insecure firewall rules. These automatically created firewall rules do not get audit logged and cannot be configured to enable firewall rule logging.", "remediation": "From Console:
    1. Go to VPC networks page by visiting: https://console.cloud.google.com/networking/networks/list
    2. Click the network named default
    3. On the network detail page, click EDIT
    4. Click DELETE VPC NETWORK
    5. If needed, create a new network to replace the default network
    ", "compliance": [ @@ -9,8 +9,6 @@ "reference": "3.1" } ], - "dashboard_name": "Networks", - "path": "computeengine.projects.id.networks.id", "references": [ "https://cloud.google.com/compute/docs/networking#firewall_rules", "https://cloud.google.com/compute/docs/reference/latest/networks/insert", @@ -19,6 +17,8 @@ "https://cloud.google.com/vpc/docs/vpc#default-network", "https://cloud.google.com/sdk/gcloud/reference/compute/networks/delete" ], + "dashboard_name": "Networks", + "path": "computeengine.projects.id.networks.id", "conditions": [ "and", [ @@ -28,5 +28,4 @@ ] ], "id_suffix": "name" - } diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json index 2b7deb6c9..b9368ee75 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-network-legacy-in-use.json @@ -1,27 +1,27 @@ { - "description": "Legacy Network should be removed", - "rationale": "Legacy networks have a single network IPv4 prefix range and a single gateway IP address for the whole network. The network is global in scope and spans all cloud regions. Subnetworks cannot be created in a legacy network and are unable to switch from legacy to auto or custom subnet networks. Legacy networks can have an impact for high network traffic projects and are subject to a single point of contention or failure.", - "remediation": "For each Google Cloud Platform project,
    1. 1. Follow the documentation and create a non-legacy network suitable for the organization's requirements.
    2. Follow the documentation and delete the networks in the legacy mode.
    ", - "compliance": [ - { - "name": "CIS Google Cloud Platform Foundations", - "version": "1.1.0", - "reference": "3.2" - } - ], - "dashboard_name": "Networks", - "path": "computeengine.projects.id.networks.id", - "references": [ - "https://cloud.google.com/vpc/docs/using-legacy#creating_a_legacy_network", - "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" - ], - "conditions": [ - "and", - [ - "computeengine.projects.id.networks.id.legacy_mode", - "true", - "" - ] - ], - "id_suffix": "legacy_mode" -} + "description": "Legacy Network Should Be Removed", + "rationale": "Legacy networks have a single network IPv4 prefix range and a single gateway IP address for the whole network. The network is global in scope and spans all cloud regions. Subnetworks cannot be created in a legacy network and are unable to switch from legacy to auto or custom subnet networks. Legacy networks can have an impact for high network traffic projects and are subject to a single point of contention or failure.", + "remediation": "For each Google Cloud Platform project,
    1. 1. Follow the documentation and create a non-legacy network suitable for the organization's requirements.
    2. Follow the documentation and delete the networks in the legacy mode.
    ", + "compliance": [ + { + "name": "CIS Google Cloud Platform Foundations", + "version": "1.1.0", + "reference": "3.2" + } + ], + "references": [ + "https://cloud.google.com/vpc/docs/using-legacy#creating_a_legacy_network", + "https://cloud.google.com/vpc/docs/using-legacy#deleting_a_legacy_network" + ], + "dashboard_name": "Networks", + "path": "computeengine.projects.id.networks.id", + "conditions": [ + "and", + [ + "computeengine.projects.id.networks.id.legacy_mode", + "true", + "" + ] + ], + "id_suffix": "legacy_mode" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json index 2d8482163..3f9f86e61 100644 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-vpc-flow-logs-disabled.json @@ -1,7 +1,6 @@ { "description": "VPC Flow Logs Not Enabled", "rationale": "VPC Flow Logs were not enabled for this subnet. It is best practice to enable Flow Logs to some degree in order to have network visibility in the event of resource compromise, as well as source data for threat detections.", - "dashboard_name": "Subnetwork", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -12,6 +11,7 @@ "references": [ "https://cloud.google.com/vpc/docs/using-flow-logs#enabling_vpc_flow_logging" ], + "dashboard_name": "Subnetwork", "path": "computeengine.projects.id.regions.id.subnetworks.id", "conditions": [ "and", diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json index 32b44d3b1..137c033e6 100755 --- a/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-dnssec-not-enabled.json @@ -1,21 +1,21 @@ { - "description": "DNSSEC is not enabled for Cloud DNS", - "rationale": "Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today’s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.", - "remediation": "From Console:
    1. Go to Cloud DNS by visiting https://console.cloud.google.com/net-services/dns/zones.
    2. For each zone of Type Public, set DNSSEC to ON.
    ", - "dashboard_name": "Cloud DNS", - "path": "dns.projects.id.managed_zones.id", - "references": [ - "https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html", - "https://cloud.google.com/dns/dnssec-config#enabling", - "https://cloud.google.com/dns/dnssec" - ], - "conditions": [ - "and", - [ - "dns.projects.id.managed_zones.id.dnssec_enabled", - "false", - "" - ] - ], - "id_suffix": "dnssec_enabled" -} + "description": "DNSSEC Is Not Enabled for Cloud DNS", + "rationale": "Domain Name System Security Extensions (DNSSEC) adds security to the DNS protocol by enabling DNS responses to be validated. Having a trustworthy DNS that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today\u2019s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.", + "remediation": "From Console:
    1. Go to Cloud DNS by visiting https://console.cloud.google.com/net-services/dns/zones.
    2. For each zone of Type Public, set DNSSEC to ON.
    ", + "references": [ + "https://cloudplatform.googleblog.com/2017/11/DNSSEC-now-available-in-Cloud-DNS.html", + "https://cloud.google.com/dns/dnssec-config#enabling", + "https://cloud.google.com/dns/dnssec" + ], + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", + "conditions": [ + "and", + [ + "dns.projects.id.managed_zones.id.dnssec_enabled", + "false", + "" + ] + ], + "id_suffix": "dnssec_enabled" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json index de9d262a7..b76d35095 100755 --- a/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-key-signing-key-using-rsasha1.json @@ -1,12 +1,12 @@ { - "description": "DNSSEC key-signing key uses RSASHA1", + "description": "DNSSEC Key-signing Key Uses RSASHA1", "rationale": "The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.", "remediation": "From Console:
    1. If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned off and re-enabled with different settings. To turn off DNSSEC, run the following command:
      gcloud dns managed-zones update ZONE_NAME --dnssec-state off
    2. To update key-signing for a reported managed DNS Zone, run the following command:
      gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE
    ", - "dashboard_name": "Cloud DNS", - "path": "dns.projects.id.managed_zones.id", "references": [ "https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options" ], + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json b/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json index 6d16bee00..e680ebd9b 100755 --- a/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json +++ b/ScoutSuite/providers/gcp/rules/findings/dns-zones-zone-signing-key-using-rsasha1.json @@ -1,12 +1,12 @@ { - "description": "DNSSEC zone-signing key uses RSASHA1", + "description": "DNSSEC Zone-signing Key Uses RSASHA1", "rationale": "The algorithm used for key signing should be a recommended one and it should be strong. When enabling DNSSEC for a managed zone, or creating a managed zone with DNSSEC, the user can select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If there is a need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.", "remediation": "From Console:
    1. If it is necessary to change the settings for a managed zone where it has been enabled, NSSEC must be turned off and re-enabled with different settings. To turn off DNSSEC, run the following command:
      gcloud dns managed-zones update ZONE_NAME --dnssec-state off
    2. To update key-signing for a reported managed DNS Zone, run the following command:
      gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE
    ", - "dashboard_name": "Cloud DNS", - "path": "dns.projects.id.managed_zones.id", "references": [ "https://cloud.google.com/dns/dnssec-advanced#advanced_signing_options" ], + "dashboard_name": "Cloud DNS", + "path": "dns.projects.id.managed_zones.id", "conditions": [ "and", [ diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json index 0642c6598..98ac8d527 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-allowing-http.json @@ -1,18 +1,18 @@ { - "description": "Functions Allowing HTTP Traffic (Gen 1)", - "rationale": "Use of a secure protocol (HTTPS) is best practice for encrypted communication. A function allowing HTTP traffic can be vulnerable to eavesdropping and man-in-the-middle attacks.", - "references": [ - "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" - ], - "dashboard_name": "Functions", - "path": "functions.projects.id.functions_v1.id", - "conditions": [ - "or", - [ - "functions.projects.id.functions_v1.id.security_level", - "notEqual", - "SECURE_ALWAYS" - ] - ], - "id_suffix": "security_level" -} + "description": "Functions Allowing HTTP Traffic (Gen 1)", + "rationale": "Use of a secure protocol (HTTPS) is best practice for encrypted communication. A function allowing HTTP traffic can be vulnerable to eavesdropping and man-in-the-middle attacks.", + "references": [ + "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" + ], + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.security_level", + "notEqual", + "SECURE_ALWAYS" + ] + ], + "id_suffix": "security_level" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json index 1950df77d..793fb5bc8 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-environment-variables-secrets.json @@ -1,15 +1,15 @@ { - "description": "Potential Secrets in Function Environment Variables (Gen 1)", - "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", - "dashboard_name": "Functions", - "path": "functions.projects.id.functions_v1.id", - "conditions": [ - "or", - [ - "functions.projects.id.functions_v1.id.environment_variables_secrets", - "notEmpty", - "" - ] - ], - "id_suffix": "environment_variables_secrets" -} + "description": "Potential Secrets in Function Environment Variables (Gen 1)", + "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.environment_variables_secrets", + "notEmpty", + "" + ] + ], + "id_suffix": "environment_variables_secrets" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json index f83d1e3c3..d12fdcb78 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-member.json @@ -1,22 +1,22 @@ { - "description": "Functions Accessible by \"_ARG_0_\"", - "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the function's configuration and content. This configuration should be restricted to follow the principle of least privilege", - "references": [ - "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" - ], - "dashboard_name": "Functions", - "path": "functions.projects.id.functions_v1.id", - "conditions": [ - "or", - [ - "functions.projects.id.functions_v1.id.bindings", - "containString", - "_ARG_0_" - ] - ], - "key": "functions-v1-function-_ARG_0_", - "arg_names": [ - "Member" - ], - "id_suffix": "bindings" -} + "description": "Functions Accessible by \"_ARG_0_\"", + "rationale": "Allowing anonymous and/or public access grants permissions to anyone to access the function's configuration and content. This configuration should be restricted to follow the principle of least privilege", + "references": [ + "https://cloud.google.com/logging/docs/reference/audit/appengine/rest/Shared.Types/SecurityLevel" + ], + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v1.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v1.id.bindings", + "containString", + "_ARG_0_" + ] + ], + "key": "functions-v1-function-_ARG_0_", + "arg_names": [ + "Member" + ], + "id_suffix": "bindings" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json b/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json index ee1b4d765..85c421f62 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v1-public-endpoint.json @@ -1,26 +1,26 @@ { - "description": "Public Function Endpoint (Gen 1)", - "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", - "dashboard_name": "Functions", - "display_path": "functions.projects.id.functions_v1.id", - "path": "functions.projects.id.functions_v1.id.bindings.id", - "conditions": [ - "and", - [ - "functions.projects.id.functions_v1.id.ingress_settings", - "equal", - "ALLOW_ALL" + "description": "Public Function Endpoint (Gen 1)", + "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", + "dashboard_name": "Functions", + "display_path": "functions.projects.id.functions_v1.id", + "path": "functions.projects.id.functions_v1.id.bindings.id", + "conditions": [ + "and", + [ + "functions.projects.id.functions_v1.id.ingress_settings", + "equal", + "ALLOW_ALL" + ], + [ + "functions.projects.id.functions_v1.id.bindings.id.role", + "equal", + "roles/viewer" + ], + [ + "functions.projects.id.functions_v1.id.bindings.id.members", + "containString", + "allUsers" + ] ], - [ - "functions.projects.id.functions_v1.id.bindings.id.role", - "equal", - "roles/viewer" - ], - [ - "functions.projects.id.functions_v1.id.bindings.id.members", - "containString", - "allUsers" - ] - ], - "id_suffix": "ingress_settings" -} + "id_suffix": "ingress_settings" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json b/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json index 7851a1f34..8e48b4d76 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v2-environment-variables-secrets.json @@ -1,15 +1,15 @@ { - "description": "Potential Secrets in Function Environment Variables (Gen 2)", - "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", - "dashboard_name": "Functions", - "path": "functions.projects.id.functions_v2.id", - "conditions": [ - "or", - [ - "functions.projects.id.functions_v2.id.environment_variables_secrets", - "notEmpty", - "" - ] - ], - "id_suffix": "environment_variables_secrets" -} + "description": "Potential Secrets in Function Environment Variables (Gen 2)", + "rationale": "Anyone who can access the function can view the configured secrets. Best practice is to store configuration secrets in Secret Manager (or similar).", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v2.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v2.id.environment_variables_secrets", + "notEmpty", + "" + ] + ], + "id_suffix": "environment_variables_secrets" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json b/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json index 2d5f3d508..9ce838ed9 100644 --- a/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json +++ b/ScoutSuite/providers/gcp/rules/findings/functions-v2-public-endpoint.json @@ -1,15 +1,15 @@ { - "description": "Public Function Endpoint (Gen 2)", - "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", - "dashboard_name": "Functions", - "path": "functions.projects.id.functions_v2.id", - "conditions": [ - "or", - [ - "functions.projects.id.functions_v2.id.ingress_settings", - "equal", - "ALLOW_ALL" - ] - ], - "id_suffix": "ingress_settings" -} + "description": "Public Function Endpoint (Gen 2)", + "rationale": "The Cloud Function's ingress configuration allowed all traffic, potentially exposing undesired functionality. It is recommended that traffic reaching functions be routed via a load balancer, to minimize the attack surface.", + "dashboard_name": "Functions", + "path": "functions.projects.id.functions_v2.id", + "conditions": [ + "or", + [ + "functions.projects.id.functions_v2.id.ingress_settings", + "equal", + "ALLOW_ALL" + ] + ], + "id_suffix": "ingress_settings" +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json b/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json index 011460b5e..3fcc972b3 100644 --- a/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json +++ b/ScoutSuite/providers/gcp/rules/findings/iam-role-account-separation-duties-is-false.json @@ -1,5 +1,5 @@ { - "description": "Separation Of Duties Not Enforced For Service Account", + "description": "Separation of Duties Not Enforced for Service Account", "rationale": "Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud IAM-service accounts, this could be an action such as using a service account to access resources that user should not normally have access to. No user should have Service Account Admin and Service Account User roles assigned at the same time.", "remediation": "From console:
    1. Go to IAM & Admin/IAM using https://console.cloud.google.com/iam-admin/iam.
    2. For any member having both Service Account Admin and Service account User roles granted/assigned, click the Delete Bin icon to remove either role from the member.
      Removal of a role should be done based on the business requirements.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json b/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json index d4a6e45c2..3b7eacbe0 100644 --- a/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json +++ b/ScoutSuite/providers/gcp/rules/findings/iam-role-kms-separation-duties-is-false.json @@ -1,5 +1,5 @@ { - "description": "Separation Of Duties Not Enforced For KMS", + "description": "Separation of Duties Not Enforced for KMS", "rationale": "Separation of duties is the concept of ensuring that one individual does not have all necessary permissions to be able to complete a malicious action. In Cloud KMS, this could be an action such as using a key to access and decrypt data a user should not normally have access to. Separation of duties is a business control typically used in larger organizations, meant to help avoid security or privacy incidents and errors. It is considered best practice. No user(s) should have Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles assigned at the same time.", "remediation": "From console:
    1. Go to IAM & Admin/IAM using https://console.cloud.google.com/iam-admin/iam.
    2. For any member having Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter, Cloud KMS CryptoKey Decrypter roles granted/assigned, click the Delete Bin icon to remove either role from the member.
      Removal of a role should be done based on the business requirements.
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json b/ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json index d9a82fd55..563949508 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json +++ b/ScoutSuite/providers/gcp/rules/findings/kms-cryptokeys-anonymously-publicly-accessible.json @@ -1,5 +1,5 @@ { - "description": "Cloud KMS Cryptokeys Anonymously Or Publicly Accessible", + "description": "Cloud KMS Cryptokeys Anonymously or Publicly Accessible", "rationale": "Granting permissions to allUsers or allAuthenticatedUsers allows anyone to access the data set. Such access might not be desirable if sensitive data is stored at the location. In this case, ensure that anonymous and/or public access to a Cloud KMS cryptokey is not allowed.", "remediation": "From command line:
    1. List all Cloud KMS Cryptokeys:
      gcloud kms keys list --keyring=[key_ring_name] --location=global --format=json | jq '.[].name'
    2. Remove IAM policy binding for a KMS key to remove access to allUsers and allAuthenticatedUsers using the below command.
      gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allAuthenticatedUsers' --role='[role]'
      gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allUsers' --role='[role]'
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json b/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json index 2a59b5bcd..14037791b 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json +++ b/ScoutSuite/providers/gcp/rules/findings/kms-encryption-keys-not-rotated.json @@ -1,5 +1,5 @@ { - "description": "KMS Encryption Not Rotated Within 90 Days", + "description": "KMS Encryption Not Rotated within 90 Days", "rationale": "Set a key rotation period and starting time. A key can be created with a specified rotation period, which is the time between when new key versions are generated automatically. A key is used to protect some corpus of data. A collection of files could be encrypted with the same key and people with decrypt permissions on that key would be able to decrypt those files. Therefore, it's necessary to make sure the rotation period is set to a specific time.", "remediation": "From console:
    1. Got to Cryptographic Keys by visiting: https://console.cloud.google.com/security/kms.
    2. Click on the specific key ring
    3. From the list of keys, choose the specific key and Click on Right side pop up the blade (3 dots).
    4. Click on Edit rotation period.
    5. On the pop-up window, Select a new rotation period in days which should be less than 90 and then choose Starting on date (date from which the rotation period begins).
    ", "compliance": [ diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json index cb0ed50bb..3ef1e23b7 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-release-channel.json @@ -1,5 +1,5 @@ { - "description": "Cluster not Subscribed to Release Channel", + "description": "Cluster Not Subscribed to Release Channel", "rationale": "Release Channels signal a graduating level of stability and production-readiness. These are based on observed performance of GKE clusters running that version and represent experience and confidence in the cluster version.
    The Regular release channel upgrades every few weeks and is for production users who need features not yet offered in the Stable channel. These versions have passed internal validation, but don't have enough historical data to guarantee their stability. Known issues generally have known workarounds.
    The Stable release channel upgrades every few months and is for production users who need stability above all else, and for whom frequent upgrades are too risky. These versions have passed internal validation and have been shown to be stable and reliable in production, based on the observed performance of those clusters.
    Critical security patches are delivered to all release channels.", "compliance": [ { diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json index 619636cdf..59377c9ba 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-audit-config-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For Audit Configuration Changes", + "description": "Log Metric Filter Doesn't Exist for Audit Configuration Changes", "rationale": "Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"SetIamPolicy\" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"SetIamPolicy\" AND protoPayload.serviceData.policyDelta.auditConfigDeltas:*
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "audit_config_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json index fe216746c..3bc19856a 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-cloud-storage-iam-permission-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For Cloud Storage IAM Permission Changes", + "description": "Log Metric Filter Doesn't Exist for Cloud Storage IAM Permission Changes", "rationale": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gcs_bucket AND protoPayload.methodName=\"storage.setIamPermissions\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gcs_bucket AND protoPayload.methodName=\"storage.setIamPermissions\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -28,4 +28,4 @@ ] ], "id_suffix": "cloud_storage_iam_permission_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json index 12b0fc785..1952c3ceb 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-custom-role-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For Custom Role Changes", + "description": "Log Metric Filter Doesn't Exist for Custom Role Changes", "rationale": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"iam_role\" AND protoPayload.methodName = \"google.iam.admin.v1.CreateRole\" OR protoPayload.methodName=\"google.iam.admin.v1.DeleteRole\" OR protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"iam_role\" AND protoPayload.methodName = \"google.iam.admin.v1.CreateRole\" OR protoPayload.methodName=\"google.iam.admin.v1.DeleteRole\" OR protoPayload.methodName=\"google.iam.admin.v1.UpdateRole\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "custom_role_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json index a6f4eed0e..a1ab0e085 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-project-ownership-assignment.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For Project Ownership Assignments/Changes", + "description": "Log Metric Filter Doesn't Exist for Project Ownership Assignments/Changes", "rationale": "Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      (protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\") AND (ProjectOwnership OR projectOwnerInvitee) OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"REMOVE\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\") OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"ADD\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\")
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      (protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\") AND (ProjectOwnership OR projectOwnerInvitee) OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"REMOVE\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\") OR (protoPayload.serviceData.policyDelta.bindingDeltas.action=\"ADD\" AND protoPayload.serviceData.policyDelta.bindingDeltas.role=\"roles/owner\")
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -26,4 +26,4 @@ ] ], "id_suffix": "project_ownership_assignments" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json index 505ee7325..2a22f63f8 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-sql-instance-config-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For SQL Instance Configuration Changes", + "description": "Log Metric Filter Doesn't Exist for SQL Instance Configuration Changes", "rationale": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"cloudsql.instances.update\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      protoPayload.methodName=\"cloudsql.instances.update\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -30,4 +30,4 @@ ] ], "id_suffix": "sql_instance_conf_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json index 21992577f..eda65ffc7 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For VPC Network Changes", + "description": "Log Metric Filter Doesn't Exist for VPC Network Changes", "rationale": "It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs.Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gce_network AND jsonPayload.event_subtype=\"compute.networks.insert\" \n85| P a g eOR jsonPayload.event_subtype=\"compute.networks.patch\" OR jsonPayload.event_subtype=\"compute.networks.delete\" OR jsonPayload.event_subtype=\"compute.networks.removePeering\" OR jsonPayload.event_subtype=\"compute.networks.addPeering\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=gce_network AND jsonPayload.event_subtype=\"compute.networks.insert\" \n85| P a g eOR jsonPayload.event_subtype=\"compute.networks.patch\" OR jsonPayload.event_subtype=\"compute.networks.delete\" OR jsonPayload.event_subtype=\"compute.networks.removePeering\" OR jsonPayload.event_subtype=\"compute.networks.addPeering\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json index 95cc63db9..02e43dc28 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-firewall-rule-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For VPC Network Firewall Rule Changes", + "description": "Log Metric Filter Doesn't Exist for VPC Network Firewall Rule Changes", "rationale": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_firewall_rule\" AND jsonPayload.event_subtype=\"compute.firewalls.patch\" OR jsonPayload.event_subtype=\"compute.firewalls.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_firewall_rule\" AND jsonPayload.event_subtype=\"compute.firewalls.patch\" OR jsonPayload.event_subtype=\"compute.firewalls.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_firewall_rule_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json index ea8e0e8ae..ac4967088 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdriverlogging-metric-filter-does-not-exist-vpc-network-route-changes.json @@ -1,7 +1,7 @@ { - "description": "Log Metric Filter Doesn't Exist For VPC Network Route Changes", + "description": "Log Metric Filter Doesn't Exist for VPC Network Route Changes", "rationale": "Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "remediation":"From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_route\" AND jsonPayload.event_subtype=\"compute.routes.delete\" OR jsonPayload.event_subtype=\"compute.routes.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", + "remediation": "From console:
    1. Go to Logging/Logs by visiting https://console.cloud.google.com/logs/metrics and click \"CREATE METRIC\".
    2. Click the down arrow symbol on the Filter Bar at the rightmost corner and select Convert to Advanced Filter.
    3. Clear any text and add:
      resource.type=\"gce_route\" AND jsonPayload.event_subtype=\"compute.routes.delete\" OR jsonPayload.event_subtype=\"compute.routes.insert\"
    4. Click Submit Filter. The logs display based on the filter text entered by the user.
    5. In the Metric Editor menu on the right,fill out the name field. Set Units to 1(default) and the Type to Counter. This ensures that the log metric counts the number of log entries matching the advanced logs query.
    6. Click CreateMetric.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_route_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json index 13a9e0746..89524af44 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-audit-config-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For Audit Configuration Changes", + "description": "Alerts Doesn't Exist for Audit Configuration Changes", "rationale": "Configuring the metric filter and alerts for audit configuration changes ensures the recommended state of audit configuration is maintained so that all activities in the project are audit-able at any point in time.", - "remediation":"From console:
    1. Identify the audit configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the audit configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "audit_config_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json index 677279f94..2051031f0 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-cloud-storage-iam-permission-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For Cloud Storage IAM Permission Changes", + "description": "Alerts Doesn't Exist for Cloud Storage IAM Permission Changes", "rationale": "Monitoring changes to cloud storage bucket permissions may reduce the time needed to detect and correct permissions on sensitive cloud storage buckets and objects inside the bucket.", - "remediation":"From console:
    1. Identify the cloud storage IAM permission changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the cloud storage IAM permission changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -28,4 +28,4 @@ ] ], "id_suffix": "cloud_storage_iam_permission_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json index dd43dff90..d9ec769cc 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-custom-role-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For Custom Role Changes", + "description": "Alerts Doesn't Exist for Custom Role Changes", "rationale": "Google Cloud IAM provides predefined roles that give granular access to specific Google Cloud Platform resources and prevent unwanted access to other resources. However, to cater to organization-specific needs, Cloud IAM also provides the ability to create custom roles. Project owners and administrators with the Organization Role Administrator role or the IAM Role Administrator role can create custom roles. Monitoring role creation, deletion and updating activities will help in identifying any over-privileged role at early stages.", - "remediation":"From console:
    1. Identify the custom role changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the custom role changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "custom_role_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json index 9d938aece..fb9174a6d 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-project-ownership-assignment.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For Project Ownership Assignments/Changes", + "description": "Alerts Doesn't Exist for Project Ownership Assignments/Changes", "rationale": "Project ownership has the highest level of privileges on a project. To avoid misuse of project resources, the project ownership assignment/change actions mentioned above should be monitored and alerted to concerned recipients.", - "remediation":"From console:
    1. Identify the project ownership assignment/changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the project ownership assignment/changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -26,4 +26,4 @@ ] ], "id_suffix": "project_ownership_assignments" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json index 5a00c4127..2dcb14e9e 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-sql-instance-config-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For SQL Instance Configuration Changes", + "description": "Alerts Doesn't Exist for SQL Instance Configuration Changes", "rationale": "Monitoring changes to SQL instance configuration changes may reduce the time needed to detect and correct misconfigurations done on the SQL server.", - "remediation":"From console:
    1. Identify the sql instance configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the sql instance configuration changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -30,4 +30,4 @@ ] ], "id_suffix": "sql_instance_conf_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json index 876aa1ab5..c81ecd396 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For VPC Network Changes", + "description": "Alerts Doesn't Exist for VPC Network Changes", "rationale": "It is possible to have more than one VPC within a project. In addition, it is also possible to create a peer connection between two VPCs enablingnetwork traffic to route between VPCs. Monitoring changes to a VPC will help ensure VPC traffic flow is not getting impacted.", - "remediation":"From console:
    1. Identify the vpc network changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the vpc network changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json index 55204d37e..5a420d780 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-firewall-rule-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For VPC Network Firewall Rule Changes", + "description": "Alerts Doesn't Exist for VPC Network Firewall Rule Changes", "rationale": "Monitoring for Create or Update Firewall rule events gives insight to network access changes and may reduce the time it takes to detect suspicious activity.", - "remediation":"From console:
    1. Identify the vpc network firewall rule changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the vpc network firewall rule changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_firewall_rule_change" -} +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json index 9c0d52110..47f96d4ef 100644 --- a/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json +++ b/ScoutSuite/providers/gcp/rules/findings/stackdrivermonitoring-alerts-does-not-exist-vpc-network-route-changes.json @@ -1,7 +1,7 @@ { - "description": "Alerts Doesn't Exist For VPC Network Route Changes", + "description": "Alerts Doesn't Exist for VPC Network Route Changes", "rationale": "Google Cloud Platform (GCP) routes define the paths network traffic takes from a VM instance to another destination. The other destination can be inside the organization VPC network (such as another VM) or outside of it. Every route consists of a destination and a next hop. Traffic whose destination IP is within the destination range is sent to the next hop for delivery. Monitoring changes to route tables will help ensure that all VPC traffic flows through an expected path.", - "remediation":"From console:
    1. Identify the vpc network route changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", + "remediation": "From console:
    1. Identify the vpc network route changes metric under the section User-defined Metrics at https://console.cloud.google.com/logs/metrics.
    2. Click the 3-dot icon in the rightmost column for the desired metric and select Create alert from Metric. A new page opens.
    3. Fill out the alert policy configuration and click Save. Choose the alerting threshold and configuration that makes sense for the user's organization. For example, a threshold of zero(0) for the most recent value will ensure that a notification is triggered for every owner change in the project::
      Set `Aggregator` to `Count`
      Set `Configuration`:
      -Condition: above
      -Threshold: 0
      -For: most recent value
    4. Configure the desired notifications channels in the section Notifications.
    5. Name the policy and click Save.
    ", "compliance": [ { "name": "CIS Google Cloud Platform Foundations", @@ -27,4 +27,4 @@ ] ], "id_suffix": "vpc_network_route_change" -} +} \ No newline at end of file From 7403e8b18cb05774abcfc23131839399e8517fed Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 20 Oct 2022 16:15:43 +0200 Subject: [PATCH 880/979] Support LBs --- ...e.projects.id.global_forwarding_rules.html | 31 +++++++++++++++++ ...ojects.id.regions.id.forwarding_rules.html | 32 ++++++++++++++++++ ScoutSuite/providers/gcp/facade/gce.py | 20 +++++++++++ ScoutSuite/providers/gcp/metadata.json | 8 +++++ .../providers/gcp/resources/gce/base.py | 2 ++ .../gcp/resources/gce/forwarding_rules.py | 33 +++++++++++++++++++ .../resources/gce/global_forwarding_rules.py | 31 +++++++++++++++++ .../providers/gcp/resources/gce/regions.py | 6 ++-- 8 files changed, 161 insertions(+), 2 deletions(-) create mode 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html create mode 100755 ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html create mode 100644 ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py create mode 100644 ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html new file mode 100755 index 000000000..18a80bf36 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html @@ -0,0 +1,31 @@ + + + + + + + + diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html new file mode 100755 index 000000000..1a83c184e --- /dev/null +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html @@ -0,0 +1,32 @@ + + + + + + + + diff --git a/ScoutSuite/providers/gcp/facade/gce.py b/ScoutSuite/providers/gcp/facade/gce.py index 94d94d87b..8d6fb65b6 100755 --- a/ScoutSuite/providers/gcp/facade/gce.py +++ b/ScoutSuite/providers/gcp/facade/gce.py @@ -128,3 +128,23 @@ async def get_zones(self, project_id): except Exception as e: print_exception(f'Failed to retrieve zones: {e}') return [] + + async def get_forwarding_rules(self, project_id, region): + try: + gce_client = self._get_client() + request = gce_client.forwardingRules().list(project=project_id, region=region) + forwarding_rules = gce_client.forwardingRules() + return await GCPFacadeUtils.get_all('items', request, forwarding_rules) + except Exception as e: + print_exception(f'Failed to retrieve forwarding_rules: {e}') + return [] + + async def get_global_forwarding_rules(self, project_id): + try: + gce_client = self._get_client() + request = gce_client.globalForwardingRules().list(project=project_id) + forwarding_rules = gce_client.globalForwardingRules() + return await GCPFacadeUtils.get_all('items', request, forwarding_rules) + except Exception as e: + print_exception(f'Failed to retrieve forwarding_rules: {e}') + return [] diff --git a/ScoutSuite/providers/gcp/metadata.json b/ScoutSuite/providers/gcp/metadata.json index 9e7c4504b..598da9fb9 100755 --- a/ScoutSuite/providers/gcp/metadata.json +++ b/ScoutSuite/providers/gcp/metadata.json @@ -59,6 +59,14 @@ "subnetworks": { "cols": 2, "path": "services.computeengine.projects.id.regions.id.subnetworks" + }, + "forwarding_rules": { + "cols": 2, + "path": "services.computeengine.projects.id.regions.id.forwarding_rules" + }, + "global_forwarding_rules": { + "cols": 2, + "path": "services.computeengine.projects.id.global_forwarding_rules" } } }, diff --git a/ScoutSuite/providers/gcp/resources/gce/base.py b/ScoutSuite/providers/gcp/resources/gce/base.py index 6cfb4c6ca..9d0e3e050 100755 --- a/ScoutSuite/providers/gcp/resources/gce/base.py +++ b/ScoutSuite/providers/gcp/resources/gce/base.py @@ -4,6 +4,7 @@ from ScoutSuite.providers.gcp.resources.gce.regions import GCERegions from ScoutSuite.providers.gcp.resources.gce.snapshots import Snapshots from ScoutSuite.providers.gcp.resources.gce.zones import GCEZones +from ScoutSuite.providers.gcp.resources.gce.global_forwarding_rules import GlobalForwardingRules class ComputeEngine(Projects): @@ -13,6 +14,7 @@ class ComputeEngine(Projects): (GCERegions, 'regions'), (Snapshots, 'snapshots'), (GCEZones, 'zones'), + (GlobalForwardingRules, "global_forwarding_rules"), ] async def fetch_all(self): diff --git a/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py new file mode 100644 index 000000000..e54a9efec --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py @@ -0,0 +1,33 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class ForwardingRules(Resources): + def __init__(self, facade: GCPFacade, project_id: str, region: str): + super().__init__(facade) + self.project_id = project_id + self.region = region + + async def fetch_all(self): + raw_rules = await self.facade.gce.get_forwarding_rules(self.project_id, self.region) + for raw_rule in raw_rules: + try: + rule_id, rule = self._parse_forwarding_rule(raw_rule) + except Exception as e: + print(e) + self[rule_id] = rule + + def _parse_forwarding_rule(self, raw_forwarding_rule): + forwarding_rule_dict = {} + forwarding_rule_dict['id'] = raw_forwarding_rule.get("id") + forwarding_rule_dict['name'] = raw_forwarding_rule.get("name") + forwarding_rule_dict['creation_timestamp'] = raw_forwarding_rule.get("creationTimestamp") + forwarding_rule_dict['description'] = raw_forwarding_rule.get("description") + forwarding_rule_dict['region'] = raw_forwarding_rule.get("region") + forwarding_rule_dict['ip_address'] = raw_forwarding_rule.get("IPAddress") + forwarding_rule_dict['ip_protocol'] = raw_forwarding_rule.get("IPProtocol") + forwarding_rule_dict['port_range'] = raw_forwarding_rule.get("portRange") + forwarding_rule_dict['target'] = raw_forwarding_rule.get("target") + forwarding_rule_dict['load_balancing_scheme'] = raw_forwarding_rule.get("loadBalancingScheme") + forwarding_rule_dict['network_tier'] = raw_forwarding_rule.get("networkTier") + return forwarding_rule_dict['id'], forwarding_rule_dict \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py new file mode 100644 index 000000000..67a7f931a --- /dev/null +++ b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py @@ -0,0 +1,31 @@ +from ScoutSuite.providers.base.resources.base import Resources +from ScoutSuite.providers.gcp.facade.base import GCPFacade + + +class GlobalForwardingRules(Resources): + def __init__(self, facade: GCPFacade, project_id: str): + super().__init__(facade) + self.project_id = project_id + + async def fetch_all(self): + raw_rules = await self.facade.gce.get_global_forwarding_rules(self.project_id) + for raw_rule in raw_rules: + try: + rule_id, rule = self._parse_forwarding_rule(raw_rule) + except Exception as e: + print(e) + self[rule_id] = rule + + def _parse_forwarding_rule(self, raw_global_forwarding_rule): + global_forwarding_rule_dict = {} + global_forwarding_rule_dict['id'] = raw_global_forwarding_rule.get("id") + global_forwarding_rule_dict['name'] = raw_global_forwarding_rule.get("name") + global_forwarding_rule_dict['creation_timestamp'] = raw_global_forwarding_rule.get("creationTimestamp") + global_forwarding_rule_dict['description'] = raw_global_forwarding_rule.get("description") + global_forwarding_rule_dict['ip_address'] = raw_global_forwarding_rule.get("IPAddress") + global_forwarding_rule_dict['ip_protocol'] = raw_global_forwarding_rule.get("IPProtocol") + global_forwarding_rule_dict['port_range'] = raw_global_forwarding_rule.get("portRange") + global_forwarding_rule_dict['target'] = raw_global_forwarding_rule.get("target") + global_forwarding_rule_dict['load_balancing_scheme'] = raw_global_forwarding_rule.get("loadBalancingScheme") + global_forwarding_rule_dict['network_tier'] = raw_global_forwarding_rule.get("networkTie") + return global_forwarding_rule_dict['id'], global_forwarding_rule_dict \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/resources/gce/regions.py b/ScoutSuite/providers/gcp/resources/gce/regions.py index 33048d1c2..019d17de8 100755 --- a/ScoutSuite/providers/gcp/resources/gce/regions.py +++ b/ScoutSuite/providers/gcp/resources/gce/regions.py @@ -1,8 +1,10 @@ -from ScoutSuite.providers.gcp.resources.gce.subnetworks import Subnetworks from ScoutSuite.providers.gcp.resources.regions import Regions +from ScoutSuite.providers.gcp.resources.gce.subnetworks import Subnetworks +from ScoutSuite.providers.gcp.resources.gce.forwarding_rules import ForwardingRules class GCERegions(Regions): _children = [ - (Subnetworks, 'subnetworks') + (Subnetworks, 'subnetworks'), + (ForwardingRules, "forwarding_rules"), ] From 860cdb2413f1f37f7e28e34dda3e69df1f07f344 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 20 Oct 2022 17:41:06 +0200 Subject: [PATCH 881/979] Support additional parameters --- ...ine.projects.id.global_forwarding_rules.html | 10 ++++++++++ ...projects.id.regions.id.forwarding_rules.html | 12 +++++++++++- .../gcp/resources/gce/forwarding_rules.py | 17 +++++++++++++---- .../resources/gce/global_forwarding_rules.py | 17 +++++++++++++---- 4 files changed, 47 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html index 18a80bf36..a954ef9de 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.global_forwarding_rules.html @@ -9,12 +9,22 @@

    Information

    Name: {{value_or_none name}}
    Creation Timestamp: {{format_date creation_timestamp}}
    Description: {{value_or_none description}}
    +
    Network: {{value_or_none network}}
    +
    Subnetwork: {{value_or_none subnetwork}}
    IP Address: {{value_or_none ip_address}}
    IP Protocol: {{value_or_none ip_protocol}}
    +
    IP Version: {{value_or_none ipVersion}}
    +
    Allow Global Access: {{value_or_none allowGlobalAccess}}
    +
    All Ports: {{value_or_none allPorts}}
    Port Range: {{value_or_none port_range}}
    +
    Ports: {{value_or_none ports}}
    Target: {{value_or_none target}}
    Load Balancing Scheme: {{value_or_none load_balancing_scheme}}
    Network Tier: {{value_or_none network_tier}}
    +
    Backend Service: {{value_or_none backendService}}
    +
    Service Name: {{value_or_none serviceName}}
    +
    Service Label: {{value_or_none serviceLabel}}
    +
    Labels: {{value_or_none labels}}
    diff --git a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html index 1a83c184e..90ec15d25 100755 --- a/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html +++ b/ScoutSuite/output/data/html/partials/gcp/services.computeengine.projects.id.regions.id.forwarding_rules.html @@ -7,15 +7,25 @@

    {{name}}

    Information

    ID: {{value_or_none id}}
    Name: {{value_or_none name}}
    -
    Region: {{value_or_none region}}
    Creation Timestamp: {{format_date creation_timestamp}}
    Description: {{value_or_none description}}
    +
    Region: {{value_or_none region}}
    +
    Network: {{value_or_none network}}
    +
    Subnetwork: {{value_or_none subnetwork}}
    IP Address: {{value_or_none ip_address}}
    IP Protocol: {{value_or_none ip_protocol}}
    +
    IP Version: {{value_or_none ipVersion}}
    +
    Allow Global Access: {{value_or_none allowGlobalAccess}}
    +
    All Ports: {{value_or_none allPorts}}
    Port Range: {{value_or_none port_range}}
    +
    Ports: {{value_or_none ports}}
    Target: {{value_or_none target}}
    Load Balancing Scheme: {{value_or_none load_balancing_scheme}}
    Network Tier: {{value_or_none network_tier}}
    +
    Backend Service: {{value_or_none backendService}}
    +
    Service Name: {{value_or_none serviceName}}
    +
    Service Label: {{value_or_none serviceLabel}}
    +
    Labels: {{value_or_none labels}}
    diff --git a/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py index e54a9efec..79aebdb22 100644 --- a/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py +++ b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py @@ -11,10 +11,7 @@ def __init__(self, facade: GCPFacade, project_id: str, region: str): async def fetch_all(self): raw_rules = await self.facade.gce.get_forwarding_rules(self.project_id, self.region) for raw_rule in raw_rules: - try: - rule_id, rule = self._parse_forwarding_rule(raw_rule) - except Exception as e: - print(e) + rule_id, rule = self._parse_forwarding_rule(raw_rule) self[rule_id] = rule def _parse_forwarding_rule(self, raw_forwarding_rule): @@ -30,4 +27,16 @@ def _parse_forwarding_rule(self, raw_forwarding_rule): forwarding_rule_dict['target'] = raw_forwarding_rule.get("target") forwarding_rule_dict['load_balancing_scheme'] = raw_forwarding_rule.get("loadBalancingScheme") forwarding_rule_dict['network_tier'] = raw_forwarding_rule.get("networkTier") + + forwarding_rule_dict['ports'] = raw_forwarding_rule.get("ports") + forwarding_rule_dict['subnetwork'] = raw_forwarding_rule.get("subnetwork") + forwarding_rule_dict['network'] = raw_forwarding_rule.get("network") + forwarding_rule_dict['backend_service'] = raw_forwarding_rule.get("backendService") + forwarding_rule_dict['service_label'] = raw_forwarding_rule.get("serviceLabel") + forwarding_rule_dict['service_name'] = raw_forwarding_rule.get("serviceName") + forwarding_rule_dict['labels'] = raw_forwarding_rule.get("labels") + forwarding_rule_dict['ip_version'] = raw_forwarding_rule.get("ipVersion") + forwarding_rule_dict['all_ports'] = raw_forwarding_rule.get("allPorts") + forwarding_rule_dict['allow_global_access'] = raw_forwarding_rule.get("allowGlobalAccess") + return forwarding_rule_dict['id'], forwarding_rule_dict \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py index 67a7f931a..cbc48f145 100644 --- a/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py +++ b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py @@ -10,10 +10,7 @@ def __init__(self, facade: GCPFacade, project_id: str): async def fetch_all(self): raw_rules = await self.facade.gce.get_global_forwarding_rules(self.project_id) for raw_rule in raw_rules: - try: - rule_id, rule = self._parse_forwarding_rule(raw_rule) - except Exception as e: - print(e) + rule_id, rule = self._parse_forwarding_rule(raw_rule) self[rule_id] = rule def _parse_forwarding_rule(self, raw_global_forwarding_rule): @@ -28,4 +25,16 @@ def _parse_forwarding_rule(self, raw_global_forwarding_rule): global_forwarding_rule_dict['target'] = raw_global_forwarding_rule.get("target") global_forwarding_rule_dict['load_balancing_scheme'] = raw_global_forwarding_rule.get("loadBalancingScheme") global_forwarding_rule_dict['network_tier'] = raw_global_forwarding_rule.get("networkTie") + + global_forwarding_rule_dict['ports'] = raw_global_forwarding_rule.get("ports") + global_forwarding_rule_dict['subnetwork'] = raw_global_forwarding_rule.get("subnetwork") + global_forwarding_rule_dict['network'] = raw_global_forwarding_rule.get("network") + global_forwarding_rule_dict['backend_service'] = raw_global_forwarding_rule.get("backendService") + global_forwarding_rule_dict['service_label'] = raw_global_forwarding_rule.get("serviceLabel") + global_forwarding_rule_dict['service_name'] = raw_global_forwarding_rule.get("serviceName") + global_forwarding_rule_dict['labels'] = raw_global_forwarding_rule.get("labels") + global_forwarding_rule_dict['ip_version'] = raw_global_forwarding_rule.get("ipVersion") + global_forwarding_rule_dict['all_ports'] = raw_global_forwarding_rule.get("allPorts") + global_forwarding_rule_dict['allow_global_access'] = raw_global_forwarding_rule.get("allowGlobalAccess") + return global_forwarding_rule_dict['id'], global_forwarding_rule_dict \ No newline at end of file From 9315ae05712da818b9a157ada16d4a2e547057ba Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 21 Oct 2022 11:35:59 +0200 Subject: [PATCH 882/979] Add default values --- ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py | 6 +++--- .../providers/gcp/resources/gce/global_forwarding_rules.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py index 79aebdb22..998a633e5 100644 --- a/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py +++ b/ScoutSuite/providers/gcp/resources/gce/forwarding_rules.py @@ -23,12 +23,13 @@ def _parse_forwarding_rule(self, raw_forwarding_rule): forwarding_rule_dict['region'] = raw_forwarding_rule.get("region") forwarding_rule_dict['ip_address'] = raw_forwarding_rule.get("IPAddress") forwarding_rule_dict['ip_protocol'] = raw_forwarding_rule.get("IPProtocol") - forwarding_rule_dict['port_range'] = raw_forwarding_rule.get("portRange") + forwarding_rule_dict['all_ports'] = raw_forwarding_rule.get("allPorts", False) + forwarding_rule_dict['port_range'] = raw_forwarding_rule.get("portRange", "") + forwarding_rule_dict['ports'] = raw_forwarding_rule.get("ports", []) forwarding_rule_dict['target'] = raw_forwarding_rule.get("target") forwarding_rule_dict['load_balancing_scheme'] = raw_forwarding_rule.get("loadBalancingScheme") forwarding_rule_dict['network_tier'] = raw_forwarding_rule.get("networkTier") - forwarding_rule_dict['ports'] = raw_forwarding_rule.get("ports") forwarding_rule_dict['subnetwork'] = raw_forwarding_rule.get("subnetwork") forwarding_rule_dict['network'] = raw_forwarding_rule.get("network") forwarding_rule_dict['backend_service'] = raw_forwarding_rule.get("backendService") @@ -36,7 +37,6 @@ def _parse_forwarding_rule(self, raw_forwarding_rule): forwarding_rule_dict['service_name'] = raw_forwarding_rule.get("serviceName") forwarding_rule_dict['labels'] = raw_forwarding_rule.get("labels") forwarding_rule_dict['ip_version'] = raw_forwarding_rule.get("ipVersion") - forwarding_rule_dict['all_ports'] = raw_forwarding_rule.get("allPorts") forwarding_rule_dict['allow_global_access'] = raw_forwarding_rule.get("allowGlobalAccess") return forwarding_rule_dict['id'], forwarding_rule_dict \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py index cbc48f145..cb0480d26 100644 --- a/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py +++ b/ScoutSuite/providers/gcp/resources/gce/global_forwarding_rules.py @@ -21,12 +21,13 @@ def _parse_forwarding_rule(self, raw_global_forwarding_rule): global_forwarding_rule_dict['description'] = raw_global_forwarding_rule.get("description") global_forwarding_rule_dict['ip_address'] = raw_global_forwarding_rule.get("IPAddress") global_forwarding_rule_dict['ip_protocol'] = raw_global_forwarding_rule.get("IPProtocol") - global_forwarding_rule_dict['port_range'] = raw_global_forwarding_rule.get("portRange") + global_forwarding_rule_dict['all_ports'] = raw_global_forwarding_rule.get("allPorts", False) + global_forwarding_rule_dict['port_range'] = raw_global_forwarding_rule.get("portRange", "") + global_forwarding_rule_dict['ports'] = raw_global_forwarding_rule.get("ports", []) global_forwarding_rule_dict['target'] = raw_global_forwarding_rule.get("target") global_forwarding_rule_dict['load_balancing_scheme'] = raw_global_forwarding_rule.get("loadBalancingScheme") global_forwarding_rule_dict['network_tier'] = raw_global_forwarding_rule.get("networkTie") - global_forwarding_rule_dict['ports'] = raw_global_forwarding_rule.get("ports") global_forwarding_rule_dict['subnetwork'] = raw_global_forwarding_rule.get("subnetwork") global_forwarding_rule_dict['network'] = raw_global_forwarding_rule.get("network") global_forwarding_rule_dict['backend_service'] = raw_global_forwarding_rule.get("backendService") @@ -34,7 +35,6 @@ def _parse_forwarding_rule(self, raw_global_forwarding_rule): global_forwarding_rule_dict['service_name'] = raw_global_forwarding_rule.get("serviceName") global_forwarding_rule_dict['labels'] = raw_global_forwarding_rule.get("labels") global_forwarding_rule_dict['ip_version'] = raw_global_forwarding_rule.get("ipVersion") - global_forwarding_rule_dict['all_ports'] = raw_global_forwarding_rule.get("allPorts") global_forwarding_rule_dict['allow_global_access'] = raw_global_forwarding_rule.get("allowGlobalAccess") return global_forwarding_rule_dict['id'], global_forwarding_rule_dict \ No newline at end of file From a32df60aa201ae4b7e7d2b189b53bf84eb3c46b2 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 21 Oct 2022 11:36:14 +0200 Subject: [PATCH 883/979] Add findings --- ...rwarding-rule-forwards-sensitive-port.json | 62 +++++++++++++++++++ ...rwarding-rule-forwards-sensitive-port.json | 62 +++++++++++++++++++ .../providers/gcp/rules/rulesets/default.json | 12 ++++ 3 files changed, 136 insertions(+) create mode 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json create mode 100755 ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json new file mode 100755 index 000000000..3f98e3dc5 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json @@ -0,0 +1,62 @@ +{ + "description": "External Load Balancer Rule Forwards a Non-Standard Port", + "rationale": "The Load Balancer rule was found to be forwarding a non-standard port (80 or 443), potentially exposing a sensitive service. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.", + "dashboard_name": "Forwarding Rule", + "path": "computeengine.projects.id.regions.id.forwarding_rules.id", + "conditions": [ + "and", + + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.load_balancing_scheme", + "equal", + "EXTERNAL" + ], + + [ "or", + + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.all_ports", + "true", + "" + ], + [ "and", + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.port_range", + "notEqual", + "" + ], + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.port_range", + "containNoneOf", + [ + "80-80", + "443-443", + "80-80,443-443" + ] + ] + ], + [ + "and", + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.ports", + "notEmpty", + "" + ], + [ + "computeengine.projects.id.regions.id.forwarding_rules.id.ports", + "containNoneOf", + [ + "80", "443" + ] + ] + ] + + + ] + + + + + ] + +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json new file mode 100755 index 000000000..da42f6375 --- /dev/null +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json @@ -0,0 +1,62 @@ +{ + "description": "External Load Balancer Global Rule Forwards a Non-Standard Port", + "rationale": "The Load Balancer rule was found to be forwarding a non-standard port (80 or 443), potentially exposing a sensitive service. If such services need to be exposed, a restriction on the source address could help to reduce the attack surface of the infrastructure.", + "dashboard_name": "Forwarding Rule", + "path": "computeengine.projects.id.global_forwarding_rules.id", + "conditions": [ + "and", + + [ + "computeengine.projects.id.global_forwarding_rules.id.load_balancing_scheme", + "equal", + "EXTERNAL" + ], + + [ "or", + + [ + "computeengine.projects.id.global_forwarding_rules.id.all_ports", + "true", + "" + ], + [ "and", + [ + "computeengine.projects.id.global_forwarding_rules.id.port_range", + "notEqual", + "" + ], + [ + "computeengine.projects.id.global_forwarding_rules.id.port_range", + "containNoneOf", + [ + "80-80", + "443-443", + "80-80,443-443" + ] + ] + ], + [ + "and", + [ + "computeengine.projects.id.global_forwarding_rules.id.ports", + "notEmpty", + "" + ], + [ + "computeengine.projects.id.global_forwarding_rules.id.ports", + "containNoneOf", + [ + "80", "443" + ] + ] + ] + + + ] + + + + + ] + +} \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index ed3755b01..36a73b3d3 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -165,6 +165,18 @@ "level": "warning" } ], + "computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json": [ + { + "enabled": true, + "level": "warning" + } + ], "computeengine-firewall-default-rule-in-use.json": [ { "enabled": true, From 1b6aa700e21f7d138282ae2d58d21d8b45ff1d39 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 21 Oct 2022 11:37:27 +0200 Subject: [PATCH 884/979] Format --- ...rwarding-rule-forwards-sensitive-port.json | 19 +++++---------- ...rwarding-rule-forwards-sensitive-port.json | 19 +++++---------- .../providers/gcp/rules/rulesets/default.json | 24 +++++++++---------- .../kubernetes/rules/rulesets/aks.json | 2 +- .../kubernetes/rules/rulesets/default.json | 2 +- .../kubernetes/rules/rulesets/eks.json | 2 +- .../kubernetes/rules/rulesets/gke.json | 2 +- 7 files changed, 28 insertions(+), 42 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json index 3f98e3dc5..22c201e04 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json @@ -5,21 +5,20 @@ "path": "computeengine.projects.id.regions.id.forwarding_rules.id", "conditions": [ "and", - [ "computeengine.projects.id.regions.id.forwarding_rules.id.load_balancing_scheme", "equal", "EXTERNAL" ], - - [ "or", - + [ + "or", [ "computeengine.projects.id.regions.id.forwarding_rules.id.all_ports", "true", "" ], - [ "and", + [ + "and", [ "computeengine.projects.id.regions.id.forwarding_rules.id.port_range", "notEqual", @@ -46,17 +45,11 @@ "computeengine.projects.id.regions.id.forwarding_rules.id.ports", "containNoneOf", [ - "80", "443" + "80", + "443" ] ] ] - - ] - - - - ] - } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json index da42f6375..88e650834 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json @@ -5,21 +5,20 @@ "path": "computeengine.projects.id.global_forwarding_rules.id", "conditions": [ "and", - [ "computeengine.projects.id.global_forwarding_rules.id.load_balancing_scheme", "equal", "EXTERNAL" ], - - [ "or", - + [ + "or", [ "computeengine.projects.id.global_forwarding_rules.id.all_ports", "true", "" ], - [ "and", + [ + "and", [ "computeengine.projects.id.global_forwarding_rules.id.port_range", "notEqual", @@ -46,17 +45,11 @@ "computeengine.projects.id.global_forwarding_rules.id.ports", "containNoneOf", [ - "80", "443" + "80", + "443" ] ] ] - - ] - - - - ] - } \ No newline at end of file diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index 36a73b3d3..ebfcc8cf9 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -165,18 +165,6 @@ "level": "warning" } ], - "computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json": [ - { - "enabled": true, - "level": "warning" - } - ], - "computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json": [ - { - "enabled": true, - "level": "warning" - } - ], "computeengine-firewall-default-rule-in-use.json": [ { "enabled": true, @@ -288,6 +276,18 @@ "level": "warning" } ], + "computeengine-loadbalancer-forwarding-rule-forwards-sensitive-port.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "computeengine-loadbalancer-global-forwarding-rule-forwards-sensitive-port.json": [ + { + "enabled": true, + "level": "warning" + } + ], "computeengine-network-default-in-use.json": [ { "enabled": true, diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json b/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json index af6292ce4..316d6c278 100755 --- a/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/aks.json @@ -867,4 +867,4 @@ } ] } -} \ No newline at end of file +} diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/default.json b/ScoutSuite/providers/kubernetes/rules/rulesets/default.json index be785eca6..e5d2cef77 100755 --- a/ScoutSuite/providers/kubernetes/rules/rulesets/default.json +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/default.json @@ -776,4 +776,4 @@ } ] } -} \ No newline at end of file +} diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json b/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json index 98c3fbaa4..4ead37de9 100755 --- a/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/eks.json @@ -794,4 +794,4 @@ } ] } -} \ No newline at end of file +} diff --git a/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json b/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json index 0a308b1e4..931fe77be 100755 --- a/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json +++ b/ScoutSuite/providers/kubernetes/rules/rulesets/gke.json @@ -944,4 +944,4 @@ } ] } -} \ No newline at end of file +} From 75c8b680d9e7176978c137e5278644a02003e187 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 21 Oct 2022 11:39:23 +0200 Subject: [PATCH 885/979] Format --- .../aws/rules/findings/iam-root-account-no-hardware-mfa.json | 2 +- .../azure/rules/findings/appservice-outdated-version-java.json | 2 +- .../network-security-groups-rule-inbound-service-mssql.json | 2 +- .../network-security-groups-rule-inbound-service-udp.json | 2 +- .../securitycenter-settings-MCAS-integration-disabled.json | 1 - .../securitycenter-settings-WDATP-integration-disabled.json | 1 - .../rules/findings/eks-publically-accessible-apiserver.json | 2 +- 7 files changed, 5 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json index 322eadfdf..91d07a9f3 100644 --- a/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-root-account-no-hardware-mfa.json @@ -55,4 +55,4 @@ "this" ], "id_suffix": "mfa_active_hardware" -}} \ No newline at end of file +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json index 707a65f2c..667a5abf4 100755 --- a/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json +++ b/ScoutSuite/providers/azure/rules/findings/appservice-outdated-version-java.json @@ -40,4 +40,4 @@ ] ], "id_suffix": "programming_language_version" -}} \ No newline at end of file +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json index a2a0b034d..151d2052c 100644 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-mssql.json @@ -30,4 +30,4 @@ ] ], "key": "network-security-groups-rule-inbound-MsSQL" -}} \ No newline at end of file +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json index 4f2480b93..3ede89056 100644 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-service-udp.json @@ -33,4 +33,4 @@ ] ], "key": "network-security-groups-rule-inbound-UDP" -}} \ No newline at end of file +} \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json index 25facdeab..3b0ce8d33 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-MCAS-integration-disabled.json @@ -30,5 +30,4 @@ ] ], "id_suffix": "enabled" -} "id_suffix": "enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json index ccac28ded..04fa487f9 100644 --- a/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json +++ b/ScoutSuite/providers/azure/rules/findings/securitycenter-settings-WDATP-integration-disabled.json @@ -30,5 +30,4 @@ ] ], "id_suffix": "enabled" -} "id_suffix": "enabled" } \ No newline at end of file diff --git a/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json index f99fb4da9..e54d5c14b 100644 --- a/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json +++ b/ScoutSuite/providers/kubernetes/rules/findings/eks-publically-accessible-apiserver.json @@ -20,4 +20,4 @@ "0.0.0.0/0" ] ] -}} \ No newline at end of file +} \ No newline at end of file From 9e8bbc807bf437cfdd3e501c06fb147b3e58d74c Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Fri, 21 Oct 2022 18:45:45 +0200 Subject: [PATCH 886/979] Catch task exceptions --- ScoutSuite/providers/base/resources/base.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/base/resources/base.py b/ScoutSuite/providers/base/resources/base.py index 85fe13a19..c2553b2ac 100755 --- a/ScoutSuite/providers/base/resources/base.py +++ b/ScoutSuite/providers/base/resources/base.py @@ -7,10 +7,19 @@ import abc import asyncio +from ScoutSuite.core.console import print_exception -class Resources(dict, metaclass=abc.ABCMeta): +async def call(child_name, child): + """Calls the child class and implements async error handling.""" + try: + task = asyncio.ensure_future(child()) + await task + except Exception as e: + print_exception(f'Failed to call {child.__name__}() for resource {child_name}: {e}') + +class Resources(dict, metaclass=abc.ABCMeta): """This is the base class of a hierarchical structure. Everything is basically `Resources`. It stores in its internal dictionary instances of a given type of resources, with instance ids as keys and instance configurations (which store other nested resources) as values. @@ -32,7 +41,6 @@ async def fetch_all(self, **kwargs): class CompositeResources(Resources, metaclass=abc.ABCMeta): - """This class represents a node in the hierarchical structure. As inherited from `Resources`, it still \ stores instances of a given type of resources internally but also stores some kind of nested resources \ referred to as its 'children'. @@ -77,8 +85,8 @@ async def _fetch_children(self, resource_parent: object, scope: dict = {}): for (child_class, child_name) in self._children] # Fetch all children concurrently: await asyncio.wait( - {asyncio.ensure_future(child.fetch_all()) - for (child, _) in children} + {call(child_name, child.fetch_all) + for (child, child_name) in children} ) # Update parent content: for child, child_name in children: From ba8e1849cf77f1898e8bd673a6732f1562d916e8 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 27 Oct 2022 15:12:06 +0200 Subject: [PATCH 887/979] Catch ranges from 1-65535 --- ...curity-groups-rule-inbound-internet-all.json | 3 ++- ...teengine-firewall-rule-allows-all-ports.json | 15 +++++++++++---- ...e-firewall-rule-allows-internal-traffic.json | 17 ++++++++++++----- ...eengine-firewall-rule-allows-port-range.json | 15 +++++++++++---- ...ne-firewall-rule-opens-all-ports-to-all.json | 17 ++++++++++++----- 5 files changed, 48 insertions(+), 19 deletions(-) diff --git a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json index 58936ab2b..dc8e71243 100755 --- a/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json +++ b/ScoutSuite/providers/azure/rules/findings/network-security-groups-rule-inbound-internet-all.json @@ -11,7 +11,8 @@ "containAtLeastOneOf", [ "*", - "0-65535" + "0-65535", + "1-65535" ] ], [ diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json index 11db83563..ea22282fb 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-all-ports.json @@ -21,10 +21,17 @@ "equal", "INGRESS" ], - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "equal", - "0-65535" + ["or", + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "0-65535" + ], + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "1-65535" + ] ] ], "id_suffix": "permissive_ports" diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json index dafd43870..c4f1078d0 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-internal-traffic.json @@ -21,15 +21,22 @@ "equal", "INGRESS" ], - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "equal", - "0-65535" - ], [ "computeengine.projects.id.firewalls.id.source_ranges", "containAtLeastOneOf", "10.128.0.0/9" + ], + ["or", + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "0-65535" + ], + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "1-65535" + ] ] ], "id_suffix": "permissive_ports" diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json index bfccf44c2..f781f32a5 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json @@ -26,10 +26,17 @@ "match", "[0-9]+-[0-9]+" ], - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "notEqual", - "0-65535" + ["or", + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "notEqual", + "0-65535" + ], + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "notEqual", + "1-65535" + ] ] ], "id_suffix": "permissive_ports" diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json index f6ae3dd11..b50f11819 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-opens-all-ports-to-all.json @@ -21,15 +21,22 @@ "equal", "INGRESS" ], - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "equal", - "0-65535" - ], [ "computeengine.projects.id.firewalls.id.source_ranges", "containAtLeastOneOf", "0.0.0.0/0" + ], + ["or", + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "0-65535" + ], + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "equal", + "1-65535" + ] ] ], "id_suffix": "permissive_ports" From a748c4123615cea018b4371d5550bbfa839f0af1 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 27 Oct 2022 15:14:59 +0200 Subject: [PATCH 888/979] Better logic --- ...ngine-firewall-rule-allows-port-range.json | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json index f781f32a5..95fe614e5 100755 --- a/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json +++ b/ScoutSuite/providers/gcp/rules/findings/computeengine-firewall-rule-allows-port-range.json @@ -26,17 +26,15 @@ "match", "[0-9]+-[0-9]+" ], - ["or", - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "notEqual", - "0-65535" - ], - [ - "computeengine.projects.id.firewalls.id.allowed_traffic.id.", - "notEqual", - "1-65535" - ] + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "notEqual", + "0-65535" + ], + [ + "computeengine.projects.id.firewalls.id.allowed_traffic.id.", + "notEqual", + "1-65535" ] ], "id_suffix": "permissive_ports" From 5c29988bfc7c3eff5e03565a63fc867e85473dca Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 27 Oct 2022 16:29:52 +0200 Subject: [PATCH 889/979] Improve rule --- .../cloudstorage-bucket-no-public-access-prevention.json | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json index 5bd2dd2a0..39ef1d882 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-no-public-access-prevention.json @@ -12,6 +12,11 @@ "cloudstorage.projects.id.buckets.id.public_access_prevention", "notEqual", "enforced" + ], + [ + "cloudstorage.projects.id.buckets.id.public_access_prevention", + "notEqual", + "inherited" ] ], "id_suffix": "public_access_prevention" From ec8fa812ca27cc2c0a5dd9cef88177cee921679f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 27 Oct 2022 16:30:03 +0200 Subject: [PATCH 890/979] Add missing rule to ruleset --- ScoutSuite/providers/gcp/rules/rulesets/default.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ScoutSuite/providers/gcp/rules/rulesets/default.json b/ScoutSuite/providers/gcp/rules/rulesets/default.json index ed3755b01..e9a52ab1a 100755 --- a/ScoutSuite/providers/gcp/rules/rulesets/default.json +++ b/ScoutSuite/providers/gcp/rules/rulesets/default.json @@ -147,6 +147,12 @@ "level": "danger" } ], + "cloudstorage-bucket-no-public-access-prevention.json": [ + { + "enabled": true, + "level": "warning" + } + ], "cloudstorage-bucket-no-logging.json": [ { "enabled": true, From 65a8bf522f25ec94729c404032dc347fad6f5d21 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 27 Oct 2022 16:30:13 +0200 Subject: [PATCH 891/979] Evaluate public access prevention --- .../findings/cloudstorage-bucket-member.json | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json index b9d7f332d..30abee45c 100755 --- a/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json +++ b/ScoutSuite/providers/gcp/rules/findings/cloudstorage-bucket-member.json @@ -23,16 +23,28 @@ "display_path": "cloudstorage.projects.id.buckets.id", "path": "cloudstorage.projects.id.buckets.id", "conditions": [ - "or", + "and", + ["or", + [ + "cloudstorage.projects.id.buckets.id.member_bindings", + "withKey", + "_ARG_0_" + ], + [ + "cloudstorage.projects.id.buckets.id.acls", + "containString", + "_ARG_0_" + ] + ], [ - "cloudstorage.projects.id.buckets.id.member_bindings", - "withKey", - "_ARG_0_" + "cloudstorage.projects.id.buckets.id.public_access_prevention", + "notEqual", + "enforced" ], [ - "cloudstorage.projects.id.buckets.id.acls", - "containString", - "_ARG_0_" + "cloudstorage.projects.id.buckets.id.public_access_prevention", + "notEqual", + "inherited" ] ], "key": "cloudstorage-bucket-_ARG_0_", From 884d41fd8b942d87f725aa67620909baef2a4606 Mon Sep 17 00:00:00 2001 From: Scott Bailey Date: Fri, 28 Oct 2022 11:15:24 -0400 Subject: [PATCH 892/979] Guard vs undefined EnableTerminationProtection At least in our environment, the `EnableTerminationProtection` attribute does not appear to be defined on all AWS CloudFormation stacks. Fix reference so the suitable default value is provided in this case, instead of raising an exception. Signed-off-by: Scott Bailey --- ScoutSuite/providers/aws/resources/cloudformation/stacks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index 615489a09..2b9cd915d 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -21,7 +21,7 @@ def _parse_stack(self, raw_stack): raw_stack['name'] = raw_stack.pop('StackName') raw_stack['drifted'] = raw_stack.pop('DriftInformation')[ 'StackDriftStatus'] == 'DRIFTED' - raw_stack['termination_protection'] = raw_stack['EnableTerminationProtection'] + raw_stack['termination_protection'] = raw_stack.get('EnableTerminationProtection', False) raw_stack['arn'] = raw_stack['id'] raw_stack['notificationARNs'] = raw_stack['NotificationARNs'] template = raw_stack.pop('template') From 12f554e88ee1d6c7b2e6b017a0f654c4c118d4d0 Mon Sep 17 00:00:00 2001 From: Scott Bailey Date: Fri, 28 Oct 2022 11:35:04 -0400 Subject: [PATCH 893/979] Defend vs NotificationARNs Not all AWS CloudFormation stacks appear to have NotificationARNs attributes. Fix reference so it provides equivalent default instead of raising exception. Signed-off-by: Scott Bailey --- ScoutSuite/providers/aws/resources/cloudformation/stacks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py index 2b9cd915d..14d664748 100755 --- a/ScoutSuite/providers/aws/resources/cloudformation/stacks.py +++ b/ScoutSuite/providers/aws/resources/cloudformation/stacks.py @@ -23,7 +23,7 @@ def _parse_stack(self, raw_stack): 'StackDriftStatus'] == 'DRIFTED' raw_stack['termination_protection'] = raw_stack.get('EnableTerminationProtection', False) raw_stack['arn'] = raw_stack['id'] - raw_stack['notificationARNs'] = raw_stack['NotificationARNs'] + raw_stack['notificationARNs'] = raw_stack.get('NotificationARNs', []) template = raw_stack.pop('template') raw_stack['deletion_policy'] = self.has_deletion_policy(template) From 7ca05005a2a96cd0683e35292e1d8d8350ef0894 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 15 Nov 2022 13:47:26 +0100 Subject: [PATCH 894/979] Add check for redirect to HTTPS --- .../elbv2-listener-allowing-cleartext.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/elbv2-listener-allowing-cleartext.json b/ScoutSuite/providers/aws/rules/findings/elbv2-listener-allowing-cleartext.json index e52edac14..0396c1a87 100644 --- a/ScoutSuite/providers/aws/rules/findings/elbv2-listener-allowing-cleartext.json +++ b/ScoutSuite/providers/aws/rules/findings/elbv2-listener-allowing-cleartext.json @@ -8,13 +8,25 @@ ], "dashboard_name": "Load Balancer Listeners", "display_path": "elbv2.regions.id.vpcs.id.lbs.id", - "path": "elbv2.regions.id.vpcs.id.lbs.id.listeners.id.Protocol", + "path": "elbv2.regions.id.vpcs.id.lbs.id.listeners.id", "conditions": [ "and", [ "elbv2.regions.id.vpcs.id.lbs.id.listeners.id.Protocol", "equal", "HTTP" + ], + ["or", + [ + "elbv2.regions.id.vpcs.id.lbs.id.listeners.id.DefaultActions", + "notContainString", + "'Type': 'redirect'" + ], + [ + "elbv2.regions.id.vpcs.id.lbs.id.listeners.id.DefaultActions", + "notContainString", + "'Protocol': 'HTTPS'" + ] ] ] } From 0f2b48e0abf30beac8bf6c282f0c59a4b7876a3f Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Tue, 15 Nov 2022 15:48:35 +0100 Subject: [PATCH 895/979] Include services when failure --- ScoutSuite/providers/gcp/facade/base.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index dbbdb030a..fd188c6f5 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -172,7 +172,7 @@ async def get_enabled_services(self, project_id, attempt=1, has_lock=False): else: print_warning(f"Could not fetch the state of services for project \"{project_id}\": {e}") self.projects_services_lock = False - return {} + return None # locked, wait and retry else: if attempt <= 10: # need to set a limit to ensure we don't hit recursion limits @@ -186,7 +186,7 @@ async def get_enabled_services(self, project_id, attempt=1, has_lock=False): else: print_warning(f"Could not fetch the state of services for project \"{project_id}\", " f"exiting before hitting maximum recursion") - return {} + return None else: return self.projects_services[project_id] @@ -231,6 +231,9 @@ async def is_api_enabled(self, project_id, service): try: enabled_services = await self.get_enabled_services(project_id) + if enabled_services == None: + print_warning(f"Could not identify enabled services, including {service}") + return True for s in enabled_services: if endpoint in s.get('name') and s.get('config').get('name') not in incorrect_endpoints: print_debug(f'{format_service_name(service.lower())} API enabled for ' From 4892251e117659219ff9fb22e977903c7179c3ff Mon Sep 17 00:00:00 2001 From: twilson-bf <59574692+twilson-bf@users.noreply.github.com> Date: Mon, 28 Nov 2022 12:12:49 -0500 Subject: [PATCH 896/979] Enhancement/S3-TlsVersion Adds additional checks to determine if Secure Transport is enabled. By Default, ScoutSuite only checks for the boolean aws:SecureTr ansport. This adds support for S3:TlsVersion, and uses the operating assumption that TLS 1.2 is the lowest secure version. --- ScoutSuite/providers/aws/facade/s3.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ScoutSuite/providers/aws/facade/s3.py b/ScoutSuite/providers/aws/facade/s3.py index 7f3cfeaf6..44d0dba7a 100755 --- a/ScoutSuite/providers/aws/facade/s3.py +++ b/ScoutSuite/providers/aws/facade/s3.py @@ -273,6 +273,14 @@ def _set_s3_bucket_secure_transport(self, bucket: {}): (statement['Condition']['Bool']['aws:SecureTransport'] == 'true' and statement['Effect'] == 'Allow')): bucket['secure_transport_enabled'] = True + elif 'Condition'in statement and \ + 'NumericLessThan' in statement['Condition'] and \ + 's3:TlsVersion' in statement['Condition']['NumericLessThan'] and \ + ((statement['Condition']['NumericLessThan']['s3:TlsVersion'] >= '1.2' and + statement['Effect'] == 'Deny') or + (statement['Condition']['NumericGreaterThan']['s3:TlsVersion'] >= '1.1' and + statement['Effect'] == 'Allow')): + bucket['secure_transport_enabled'] = True else: bucket['secure_transport_enabled'] = False except Exception as e: From 92cda50b373c65edc8850e7b970f2253d4c5bec3 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 12 Dec 2022 15:46:35 +0100 Subject: [PATCH 897/979] Improve check --- ScoutSuite/providers/gcp/resources/gke/clusters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/gke/clusters.py b/ScoutSuite/providers/gcp/resources/gke/clusters.py index 3b6141eea..11a5b0f78 100644 --- a/ScoutSuite/providers/gcp/resources/gke/clusters.py +++ b/ScoutSuite/providers/gcp/resources/gke/clusters.py @@ -43,7 +43,7 @@ async def _parse_cluster(self, raw_cluster): cluster_dict['service_account'] = raw_cluster.get('nodeConfig', {}).get('serviceAccount', None) cluster_dict['master_authorized_networks_config'] = self._get_master_authorized_networks_config(raw_cluster) cluster_dict['application_layer_encryption_enabled'] = raw_cluster.get('databaseEncryption', {}).get('state', None) == 'ENCRYPTED' - cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('identityNamespace', None) != None + cluster_dict['workload_identity_enabled'] = raw_cluster.get('workloadIdentityConfig', {}).get('workloadPool', '').endswith('.svc.id.goog') cluster_dict['metadata_server_enabled'] = self._metadata_server_enabled(raw_cluster.get('nodePools', [])) cluster_dict['release_channel'] = raw_cluster.get('releaseChannel', {}).get('channel', None) cluster_dict['shielded_nodes_enabled'] = raw_cluster.get('shieldedNodes', {}).get('enabled', False) From 65cac92ca4f9e971f44a50ecb2a3c2bc5869de6d Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Mon, 12 Dec 2022 15:46:41 +0100 Subject: [PATCH 898/979] Fix finding logic --- .../kubernetesengine-cluster-workload-identity-disabled.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json index d1a787aab..0749a3412 100644 --- a/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json +++ b/ScoutSuite/providers/gcp/rules/findings/kubernetesengine-cluster-workload-identity-disabled.json @@ -18,7 +18,7 @@ "and", [ "workload_identity_enabled", - "true", + "false", "" ] ], From 9349d0380d265b06af5cbcfd7b32aa0b2affe464 Mon Sep 17 00:00:00 2001 From: Ricardo MR Date: Tue, 3 Jan 2023 16:38:55 +0000 Subject: [PATCH 899/979] Update main workflow testing checkout and setup-python new versions --- .github/workflows/testing.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 3cd3aa47e..37b03a95a 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -17,9 +17,9 @@ jobs: python-version: [3.6, 3.7, 3.8] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Cache pip @@ -52,4 +52,4 @@ jobs: - name: Upload coverage to Codecov uses: codecov/codecov-action@v1 with: - file: ./coverage.xml \ No newline at end of file + file: ./coverage.xml From 0a2534d03bfb9ac1d73f5927cda64abf73c1b583 Mon Sep 17 00:00:00 2001 From: Ricardo MR Date: Tue, 3 Jan 2023 16:39:57 +0000 Subject: [PATCH 900/979] workflow test --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a890a8a0f..6ab4bcef4 100755 --- a/README.md +++ b/README.md @@ -64,3 +64,5 @@ Additional details can be found in the [wiki](https://github.com/nccgroup/ScoutS **NCC Scout now has a free tier under our "Freemium" offering**. This offering provides access to NCC Group’s extended rulesets, keeping your cloud environment protected in-line with best practice configuration and cloud technologies. To sign up for the service, head on to https://cyberstore.nccgroup.com/our-services/service-details/16/cloud-account-monitoring. + + From afee500a97f5a4b57287f2fcd2cac7c34ecee3d4 Mon Sep 17 00:00:00 2001 From: Ricardo MR Date: Tue, 3 Jan 2023 16:47:57 +0000 Subject: [PATCH 901/979] update main workflow --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 37b03a95a..202139a57 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -11,7 +11,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: matrix: python-version: [3.6, 3.7, 3.8] From 3a4acf2a58397beca0e77dfafd85915b1d6cace0 Mon Sep 17 00:00:00 2001 From: Ricardo MR Date: Tue, 3 Jan 2023 17:20:33 +0000 Subject: [PATCH 902/979] fix throttling test --- tests/test_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_utils.py b/tests/test_utils.py index f87e48ad1..4c68a1dec 100755 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -41,7 +41,7 @@ def test_is_throttled(self): e = CustomException(response={"Error": {"Code": t}}) assert is_throttled(e) # test the non-throttling exception - e = CustomException(response={"Error": {"Code": "Not Throttling"}}) + e = CustomException(response={"Error": {"Code": "Not Thro_ttling"}}) assert not is_throttled(e) # test the except block e = CustomException(response={"Error": ""}) From 72ce1b5b9597eec704521d86ec2635c215995823 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Mon, 16 Jan 2023 12:00:44 +0100 Subject: [PATCH 903/979] Handle storage profiles without img ref --- .../providers/azure/resources/virtualmachines/instances.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py index 9a0458b2e..02176627f 100755 --- a/ScoutSuite/providers/azure/resources/virtualmachines/instances.py +++ b/ScoutSuite/providers/azure/resources/virtualmachines/instances.py @@ -87,7 +87,8 @@ async def _parse_instance(self, raw_instance): if raw_instance.storage_profile is not None: instance_dict['storage_profile'] = {} - instance_dict['storage_profile']['Publisher'] = raw_instance.storage_profile.image_reference.publisher + if raw_instance.storage_profile.image_reference is not None: + instance_dict['storage_profile']['Publisher'] = raw_instance.storage_profile.image_reference.publisher instance_dict['storage_profile']['Release'] = raw_instance.storage_profile.image_reference.version instance_dict['storage_profile']['SKU'] = raw_instance.storage_profile.image_reference.sku instance_dict['storage_profile']['Offer'] = raw_instance.storage_profile.image_reference.offer From 6475f25a5959596f3dac8cbc20dea54e63f7e760 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Mon, 16 Jan 2023 12:11:27 +0100 Subject: [PATCH 904/979] Update functions_v1.py --- ScoutSuite/providers/gcp/resources/functions/functions_v1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 99e423f43..44b5a5f9d 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -27,7 +27,7 @@ def _parse_function(self, raw_function): function_dict['runtime'] = raw_function['runtime'] function_dict['memory'] = raw_function['availableMemoryMb'] function_dict['timeout'] = raw_function['timeout'] - if raw_function['maxInstances']: + if raw_function.get(maxInstances) is not None: function_dict['max_instances'] = raw_function['maxInstances'] function_dict['docker_registry'] = raw_function['dockerRegistry'] function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') From ffcf1a97f9e3443aecc457fb2fa3d9b3f3c4feee Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Mon, 16 Jan 2023 12:27:04 +0100 Subject: [PATCH 905/979] Update functions_v1.py --- ScoutSuite/providers/gcp/resources/functions/functions_v1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 44b5a5f9d..0c7d2fcb7 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -27,7 +27,7 @@ def _parse_function(self, raw_function): function_dict['runtime'] = raw_function['runtime'] function_dict['memory'] = raw_function['availableMemoryMb'] function_dict['timeout'] = raw_function['timeout'] - if raw_function.get(maxInstances) is not None: + if raw_function.get('maxInstances', False): function_dict['max_instances'] = raw_function['maxInstances'] function_dict['docker_registry'] = raw_function['dockerRegistry'] function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') From a4f17225db076709b3f3eaad653d0807fbffe436 Mon Sep 17 00:00:00 2001 From: Zach Fey Date: Thu, 2 Mar 2023 14:55:23 -0500 Subject: [PATCH 906/979] Update azure-mgmt-authorization --- ScoutSuite/providers/azure/facade/rbac.py | 3 ++- .../providers/azure/resources/rbac/role_assignments.py | 8 ++++---- requirements.txt | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/providers/azure/facade/rbac.py b/ScoutSuite/providers/azure/facade/rbac.py index 9c43571f9..9102f1a41 100755 --- a/ScoutSuite/providers/azure/facade/rbac.py +++ b/ScoutSuite/providers/azure/facade/rbac.py @@ -28,7 +28,8 @@ async def get_roles(self, subscription_id: str): async def get_role_assignments(self, subscription_id: str): try: client = self.get_client(subscription_id) - return await run_concurrently(lambda: list(client.role_assignments.list())) + scope = f'/subscriptions/{subscription_id}' + return await run_concurrently(lambda: list(client.role_assignments.list_for_scope(scope=scope))) except Exception as e: print_exception(f'Failed to retrieve role assignments: {e}') return [] diff --git a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py index c92a4d650..8be3d5e78 100755 --- a/ScoutSuite/providers/azure/resources/rbac/role_assignments.py +++ b/ScoutSuite/providers/azure/resources/rbac/role_assignments.py @@ -17,11 +17,11 @@ def _parse_role_assignment(self, raw_role_assignment): role_assignment_dict = {} role_assignment_dict['id'] = raw_role_assignment.name role_assignment_dict['name'] = raw_role_assignment.name - role_assignment_dict['role_definition_id'] = raw_role_assignment.properties.role_definition_id + role_assignment_dict['role_definition_id'] = raw_role_assignment.role_definition_id role_assignment_dict['type'] = raw_role_assignment.type - role_assignment_dict['scope'] = raw_role_assignment.properties.scope - role_assignment_dict['principal_id'] = raw_role_assignment.properties.principal_id - role_assignment_dict['principal_type'] = "None" + role_assignment_dict['scope'] = raw_role_assignment.scope + role_assignment_dict['principal_id'] = raw_role_assignment.principal_id + role_assignment_dict['principal_type'] = raw_role_assignment.principal_type role_assignment_dict['can_delegate'] = "None" role_assignment_dict['additional_properties'] = raw_role_assignment.additional_properties return role_assignment_dict['id'], role_assignment_dict diff --git a/requirements.txt b/requirements.txt index 2a60d8fdd..7f53a4dfc 100755 --- a/requirements.txt +++ b/requirements.txt @@ -44,7 +44,7 @@ azure-mgmt-network==17.1.0 azure-mgmt-redis==12.0.0 azure-mgmt-web==1.0.0 azure-mgmt-compute==18.2.0 -azure-mgmt-authorization==1.0.0 +azure-mgmt-authorization==3.0.0 azure-mgmt-rdbms==8.0.0 msgraph-core==0.2.2 From ba1b21e0d1518e6dcecdeff664d0cb3e1f6118ce Mon Sep 17 00:00:00 2001 From: Wright Malone Date: Thu, 9 Mar 2023 14:37:46 -0500 Subject: [PATCH 907/979] add dashboard_name to rule --- .../aws/rules/findings/ec2-instance-in-security-group.json | 1 + 1 file changed, 1 insertion(+) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json b/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json index c71d110e3..0ea24f84d 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-instance-in-security-group.json @@ -1,6 +1,7 @@ { "description": "EC2 Instance Belongs to Specific Security Group", "rationale": "This configuration goes against organizational policies.", + "dashboard_name": "Instances", "path": "ec2.regions.id.vpcs.id.instances.id", "conditions": [ "and", From 8f937535edac9a7a2751905f741d39e777be2e72 Mon Sep 17 00:00:00 2001 From: Flomb <52747472+fl0mb@users.noreply.github.com> Date: Mon, 13 Mar 2023 15:53:31 +0100 Subject: [PATCH 908/979] Changing regex to comply with python3.11 Python3.11 changed the re module. Global flags are required to be at the start of the expression. Fixing the error message: "__main__.py L211: Initialization failure: global flags not at the start of the expression at position 6" Also addresses: https://github.com/nccgroup/ScoutSuite/issues/1480#issuecomment-1334332856 --- ScoutSuite/providers/utils.py | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/ScoutSuite/providers/utils.py b/ScoutSuite/providers/utils.py index 89b279020..b5224db0a 100755 --- a/ScoutSuite/providers/utils.py +++ b/ScoutSuite/providers/utils.py @@ -136,9 +136,9 @@ def is_throttled(exception): "Adobe Client ID (Oauth Web)": re.compile("(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]"), "Adobe Client Secret": - re.compile("(p8e-)(?i)[a-z0-9]{32}"), + re.compile("(?i)(p8e-)[a-z0-9]{32}"), "Alibaba AccessKey ID": - re.compile("(LTAI)(?i)[a-z0-9]{20}"), + re.compile("(?i)(LTAI)[a-z0-9]{20}"), "Alibaba Secret Key": re.compile("(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]"), "Asana Client ID": @@ -154,7 +154,7 @@ def is_throttled(exception): "Bitbucket client secret": re.compile("(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]"), "Clojars API token": - re.compile("(CLOJARS_)(?i)[a-z0-9]{60}"), + re.compile("(?i)(CLOJARS_)[a-z0-9]{60}"), "Contentful delivery API token": re.compile("(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]"), "Databricks API token": @@ -166,7 +166,7 @@ def is_throttled(exception): "Discord client secret": re.compile("(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]"), "Doppler API token": - re.compile("['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]"), + re.compile("(?i)['\"](dp\.pt\.)[a-z0-9]{43}['\"]"), "Dropbox API secret/key": re.compile("(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]"), "Dropbox long lived API token": @@ -176,13 +176,13 @@ def is_throttled(exception): re.compile( "(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]"), "Duffel API token": - re.compile("['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]"), + re.compile("(?i)['\"]duffel_(test|live)_[a-z0-9_-]{43}['\"]"), "Dynatrace API token": - re.compile("['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]"), + re.compile("(?i)['\"]dt0c01\.[a-z0-9]{24}\.[a-z0-9]{64}['\"]"), "EasyPost API token": - re.compile("['\"]EZAK(?i)[a-z0-9]{54}['\"]"), + re.compile("(?i)['\"]EZAK[a-z0-9]{54}['\"]"), "EasyPost test API token": - re.compile("['\"]EZTK(?i)[a-z0-9]{54}['\"]"), + re.compile("(?i)['\"]EZTK[a-z0-9]{54}['\"]"), "Fastly API token": re.compile("(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]"), "Finicity API token": @@ -192,11 +192,11 @@ def is_throttled(exception): "Flutterwave encrypted key": re.compile("FLWSECK_TEST[a-h0-9]{12}"), "Flutterwave public key": - re.compile("FLWPUBK_TEST-(?i)[a-h0-9]{32}-X"), + re.compile("(?i)FLWPUBK_TEST-[a-h0-9]{32}-X"), "Flutterwave secret key": - re.compile("FLWSECK_TEST-(?i)[a-h0-9]{32}-X"), + re.compile("(?i)FLWSECK_TEST-[a-h0-9]{32}-X"), "Frame.io API token": - re.compile("fio-u-(?i)[a-z0-9\-_=]{64}"), + re.compile("(?i)fio-u-[a-z0-9\-_=]{64}"), "Generic API Key": re.compile( "((key|api[^Version]|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]"), @@ -215,13 +215,13 @@ def is_throttled(exception): "GitLab Personal Access Token": re.compile("glpat-[0-9a-zA-Z\-\_]{20}"), "GoCardless API token": - re.compile("['\"]live_(?i)[a-z0-9\-_=]{40}['\"]"), + re.compile("(?i)['\"]live_[a-z0-9\-_=]{40}['\"]"), "Google (GCP) Service-account": re.compile("\"type\": \"service_account\""), "Grafana API token": - re.compile("['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]"), + re.compile("(?i)['\"]eyJrIjoi[a-z0-9\-_=]{72,92}['\"]"), "HashiCorp Terraform user/org API token": - re.compile("['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]"), + re.compile("(?i)['\"][a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]"), "Heroku API Key": re.compile( "(heroku[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})['\"]"), @@ -233,7 +233,7 @@ def is_throttled(exception): "Ionic API token": re.compile("(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]"), "Linear API token": - re.compile("lin_api_(?i)[a-z0-9]{40}"), + re.compile("(?i)lin_api_[a-z0-9]{40}"), "Linear client secret/ID": re.compile("(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]"), "LinkedIn Client ID": @@ -267,11 +267,11 @@ def is_throttled(exception): "PKCS8 private key": re.compile("-----BEGIN PRIVATE KEY-----"), "PlanetScale API token": - re.compile("pscale_tkn_(?i)[a-z0-9\-_\.]{43}"), + re.compile("(?i)pscale_tkn_[a-z0-9\-_\.]{43}"), "PlanetScale password": - re.compile("pscale_pw_(?i)[a-z0-9\-_\.]{43}"), + re.compile("(?i)pscale_pw_[a-z0-9\-_\.]{43}"), "Postman API token": - re.compile("PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}"), + re.compile("(?i)PMAK-[a-f0-9]{24}\-[a-f0-9]{34}"), "Pulumi API token": re.compile("pul-[a-f0-9]{40}"), "PyPI upload token": @@ -287,9 +287,9 @@ def is_throttled(exception): "SSH private key": re.compile("-----BEGIN OPENSSH PRIVATE KEY-----"), "SendGrid API token": - re.compile("SG\.(?i)[a-z0-9_\-\.]{66}"), + re.compile("(?i)SG\.[a-z0-9_\-\.]{66}"), "Sendinblue API token": - re.compile("xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}"), + re.compile("(?i)xkeysib-[a-f0-9]{64}\-[a-z0-9]{16}"), "Shippo API token": re.compile("shippo_(live|test)_[a-f0-9]{40}"), "Shopify access token": @@ -311,7 +311,7 @@ def is_throttled(exception): "Typeform API token": re.compile("(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})"), "npm access token": - re.compile("['\"](npm_(?i)[a-z0-9]{36})['\"]") + re.compile("(?i)['\"](npm_[a-z0-9]{36})['\"]") } From 8cd0f3b0cd7cac625b7f9582a5a78898a8b6ca2e Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 23 Mar 2023 14:17:05 +0100 Subject: [PATCH 909/979] Make test case insensitive --- ScoutSuite/core/conditions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 8833d71d3..08aa3a7f0 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -115,9 +115,9 @@ def pass_condition(b, test, a): # Dictionary keys tests elif test == 'withKey': - result = (a in b) + result = a.lower() in map(str.lower, b) elif test == 'withoutKey': - result = a not in b + result = a.lower() not in map(str.lower, b) # String test elif test == 'containString': From e5a30c78f7e36a515f4ffba54e20c0e6403beb1b Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 23 Mar 2023 17:37:41 +0100 Subject: [PATCH 910/979] Add case insensitive conditions --- ScoutSuite/core/conditions.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/core/conditions.py b/ScoutSuite/core/conditions.py index 08aa3a7f0..d0f140beb 100755 --- a/ScoutSuite/core/conditions.py +++ b/ScoutSuite/core/conditions.py @@ -115,8 +115,12 @@ def pass_condition(b, test, a): # Dictionary keys tests elif test == 'withKey': - result = a.lower() in map(str.lower, b) + result = a in b elif test == 'withoutKey': + result = a not in b + elif test == 'withKeyCaseInsensitive': + result = a.lower() in map(str.lower, b) + elif test == 'withoutKeyCaseInsensitive': result = a.lower() not in map(str.lower, b) # String test From 3f456a756dc8a6c76c3b85e9316854062cb293eb Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 23 Mar 2023 17:39:42 +0100 Subject: [PATCH 911/979] Include case insensitive checks --- .../aws/rules/conditions/policy-statement-any-principal.json | 2 +- .../findings/iam-assume-role-lacks-external-id-and-mfa.json | 2 +- .../providers/aws/rules/findings/iam-assume-role-no-mfa.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json index 1ff894a9e..f95e50f46 100755 --- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json +++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-any-principal.json @@ -2,7 +2,7 @@ "conditions": [ "or", [ "_STATEMENT_.Principal", "containAtLeastOneOf", "*" ], [ "and", - [ "_STATEMENT_.Principal", "withKey", "AWS" ], + [ "_STATEMENT_.Principal", "withKeyCaseInsensitive", "AWS" ], [ "_STATEMENT_.Principal.AWS", "containAtLeastOneOf", "*" ] ] ] diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json index e429bf822..1bd5d6549 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-lacks-external-id-and-mfa.json @@ -22,7 +22,7 @@ ], [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal", - "withKey", + "withKeyCaseInsensitive", "AWS" ], [ diff --git a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json index e71e276e3..6a77db59a 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-assume-role-no-mfa.json @@ -21,7 +21,7 @@ ], [ "iam.roles.id.assume_role_policy.PolicyDocument.Statement.id.Principal", - "withKey", + "withKeyCaseInsensitive", "AWS" ], [ From 77388efa83d7552ef4412f9dbace2d50340eebe5 Mon Sep 17 00:00:00 2001 From: x4v13r64 Date: Thu, 23 Mar 2023 17:39:51 +0100 Subject: [PATCH 912/979] Include case insensitive checks and add conditions --- .../policy-statement-poor-condition.json | 219 ++++++++++++------ 1 file changed, 149 insertions(+), 70 deletions(-) diff --git a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json index c70bb5768..cdec67bc2 100755 --- a/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json +++ b/ScoutSuite/providers/aws/rules/conditions/policy-statement-poor-condition.json @@ -1,75 +1,154 @@ { - "conditions": [ "or", - [ "_STATEMENT_.", "withoutKey", "Condition" ], + "conditions": [ "or", + [ "_STATEMENT_.", "withoutKey", "Condition" ], + [ "and", + [ "and", + [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ], + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnEquals" ] + ], + [ "and", + [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ], + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnLike" ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "StringEquals" ], [ "and", - [ "and", - [ "_STATEMENT_.Condition.", "withoutKey", "ArnEquals" ], - [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnEquals" ] - ], - [ "and", - [ "_STATEMENT_.Condition.", "withoutKey", "ArnLike" ], - [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:ArnLike" ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "StringEquals" ], - [ "and", - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.StringEquals.", "withoutKey", "iam:PassedToService" ] - ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "StringEqualsIgnoreCase" ], - [ "and", - [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKey", "iam:PassedToService" ] - ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "StringLike" ], - [ "and", - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.StringLike.", "withoutKey", "iam:PassedToService" ] - ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEquals" ], - [ "and", - [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKey", "iam:PassedToService" ] - ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEqualsIgnoreCase" ], - [ "and", - [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKey", "iam:PassedToService" ] - ] - ], - [ "or", - [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringLike" ], - [ "and", - [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "AWS:SourceArn" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "AWS:SourceOwner" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "kms:ViaService" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "kms:CallerAccount" ], - [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKey", "iam:PassedToService" ] - ] - ] + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringEquals.", "withoutKeyCaseInsensitive", "kms:ViaService" ] ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "StringEqualsIgnoreCase" ], + [ "and", + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "kms:ViaService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "StringLike" ], + [ "and", + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.StringLike.", "withoutKeyCaseInsensitive", "kms:ViaService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEquals" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEquals.", "withoutKeyCaseInsensitive", "kms:ViaService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringEqualsIgnoreCase" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringEqualsIgnoreCase.", "withoutKeyCaseInsensitive", "kms:ViaService" ] + ] + ], + [ "or", + [ "_STATEMENT_.Condition.", "withoutKey", "ForAnyValue:StringLike" ], + [ "and", + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:CalledVia" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:CalledViaFirst" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:CalledViaLast" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgPaths" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalOrgID" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceName" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:PrincipalServiceNamesList" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:ResourceTag" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:SourceAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:SourceArn" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:SourceIdentity" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:SourceOwner" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "aws:ViaAWSService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "iam:PassedToService" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "kms:CallerAccount" ], + [ "_STATEMENT_.Condition.ForAnyValue:StringLike.", "withoutKeyCaseInsensitive", "kms:ViaService" ] + + ] + ] ] + ] } From b9261c88ef5773a9ddda7c1b8efcb4083fb43a69 Mon Sep 17 00:00:00 2001 From: Andrew Kisliakov Date: Thu, 30 Mar 2023 13:44:51 +0100 Subject: [PATCH 913/979] Don't swallow unexpected exceptions --- ScoutSuite/providers/gcp/facade/base.py | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index fd188c6f5..fd110eb29 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -134,16 +134,20 @@ async def _get_projects_recursively(self, parent_type, parent_id): 'you may have specified a non-existing Organization, Folder or Project') except Exception as e: - if 'The service is currently unavailable' in e or 'Internal error encountered' in e: - print_level = print_warning - else: - print_level = print_exception + print_level = print_exception + exception_str = str(e) try: - content = e.content.decode("utf-8") - content_dict = json.loads(content) - print_level(f'Unable to list accessible Projects: {content_dict.get("error").get("message")}') - except Exception as e: - print_level(f'Unable to list accessible Projects: {e}') + if 'The service is currently unavailable' in exception_str or 'Internal error encountered' in exception_str: + print_level = print_warning + if hasattr(e, 'content'): + content = e.content.decode("utf-8") + content_dict = json.loads(content) + exception_str = content_dict.get("error").get("message") + except Exception: + # The default output level and message have been set. Use those in the event of any error processing the exception. + pass + + print_level(f'Unable to list accessible Projects: {exception_str}') finally: return projects From 8ae2a0ac6c70402bb05eb70ceee9dde6e53760bf Mon Sep 17 00:00:00 2001 From: Andrew Kisliakov Date: Fri, 31 Mar 2023 09:58:54 +0100 Subject: [PATCH 914/979] GCP credential expiry check --- ScoutSuite/providers/gcp/authentication_strategy.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ScoutSuite/providers/gcp/authentication_strategy.py b/ScoutSuite/providers/gcp/authentication_strategy.py index a8dca4d54..971169e15 100755 --- a/ScoutSuite/providers/gcp/authentication_strategy.py +++ b/ScoutSuite/providers/gcp/authentication_strategy.py @@ -1,9 +1,11 @@ +from datetime import datetime import logging import os import warnings from google import auth +from ScoutSuite.core.console import print_warning from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException @@ -37,6 +39,11 @@ def authenticate(self, user_account=None, service_account=None, **kwargs): if not credentials: raise AuthenticationException('No credentials') + if hasattr(credentials, 'valid') and not credentials.valid: + if hasattr(credentials, 'expiry') and credentials.expiry < datetime.now(): + print_warning(f'Credentials expired on {credentials.expiry}') + raise AuthenticationException('Credentials are invalid') + credentials.is_service_account = service_account is not None credentials.default_project_id = default_project_id From b75d31592acf9639b5e6d1758459b21815dd716b Mon Sep 17 00:00:00 2001 From: Jean Prat Date: Wed, 5 Apr 2023 09:39:26 +0200 Subject: [PATCH 915/979] fix(gcp): sql-component api is deprecated See https://cloud.google.com/sql/docs/mysql/admin-api/rest --- ScoutSuite/providers/gcp/facade/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index fd110eb29..5fefd2e96 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -210,7 +210,7 @@ async def is_api_enabled(self, project_id, service): elif service == 'CloudStorage': endpoint = 'storage-component' elif service == 'CloudSQL': - endpoint = 'sql-component' + endpoint = 'sqladmin' elif service == 'ComputeEngine': endpoint = 'compute' elif service == 'Functions': From 6cd1de58d355d088cf3dc36056934905517c94eb Mon Sep 17 00:00:00 2001 From: Jean Prat Date: Wed, 5 Apr 2023 09:42:27 +0200 Subject: [PATCH 916/979] fix(gcp): gke cluster subnetwork can be cross project --- ScoutSuite/providers/gcp/facade/gke.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/facade/gke.py b/ScoutSuite/providers/gcp/facade/gke.py index f6cf669aa..8168a494e 100644 --- a/ScoutSuite/providers/gcp/facade/gke.py +++ b/ScoutSuite/providers/gcp/facade/gke.py @@ -27,7 +27,8 @@ async def get_clusters(self, project_id): async def _get_and_set_private_google_access_enabled(self, cluster, project_id): try: region = self._get_cluster_region(cluster) - subnetwork = await self._gce_facade.get_subnetwork(project_id, region, cluster['subnetwork']) + subnetwork_project_id = self._get_cluster_subnetwork_project(cluster) + subnetwork = await self._gce_facade.get_subnetwork(subnetwork_project_id, region, cluster['subnetwork']) if subnetwork: cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess') else: @@ -42,3 +43,8 @@ def _get_cluster_region(self, cluster): region_regex = re.compile("^([\\w]+-[\\w]+)") result = region_regex.search(cluster['location']) return result.group(1) + + # Subnetwork can be in different project + # networkConfig.subnetwork is like projects/{project}/regions/{region}/subnetworks/{subnetworkname} + def _get_cluster_subnetwork_project(self, cluster): + return cluster['networkConfig']['subnetwork'].split('/')[1] From 6584afbc844a66344a7d7440363407107477e3d4 Mon Sep 17 00:00:00 2001 From: Jean Prat Date: Wed, 5 Apr 2023 10:23:17 +0200 Subject: [PATCH 917/979] fix(gcp): False positive on pubsup only cloud functions If an app is not accessible with an http url, we have a false positive on th http exposure --- ScoutSuite/providers/gcp/resources/functions/functions_v1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 0c7d2fcb7..d11aaf123 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -31,7 +31,7 @@ def _parse_function(self, raw_function): function_dict['max_instances'] = raw_function['maxInstances'] function_dict['docker_registry'] = raw_function['dockerRegistry'] function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') - function_dict['security_level'] = raw_function.get('httpsTrigger', {}).get('securityLevel') + function_dict['security_level'] = 'SECURE_ALWAYS' if function_dict['url'] is None else raw_function.get('httpsTrigger', {}).get('securityLevel') function_dict['ingress_settings'] = raw_function['ingressSettings'] function_dict['bindings'] = raw_function['bindings'] From b1d960276b78984c2495b1030a01c2a9fe19b899 Mon Sep 17 00:00:00 2001 From: Jean Prat Date: Wed, 5 Apr 2023 11:11:47 +0200 Subject: [PATCH 918/979] fix(gcp): None as cloudfunctions environment_variables If we have no environment variable on cloud function AttributeError: 'NoneType' object has no attribute 'items' in get_environment_secrets function --- ScoutSuite/providers/gcp/resources/functions/functions_v1.py | 2 +- ScoutSuite/providers/gcp/resources/functions/functions_v2.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index d11aaf123..720910ad0 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -36,7 +36,7 @@ def _parse_function(self, raw_function): function_dict['bindings'] = raw_function['bindings'] - function_dict['environment_variables'] = raw_function['environmentVariables'] + function_dict['environment_variables'] = raw_function.get('environmentVariables', {}) function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels'] diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py index 6a73a4d36..a0cb3a5b1 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py @@ -35,7 +35,7 @@ def _parse_function(self, raw_function): function_dict['service_account'] = raw_function.get('serviceConfig', {}).get('serviceAccountEmail') function_dict['bindings'] = raw_function['bindings'] - function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables') + function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables', {}) function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels'] From b5d0b6c0d36a185a52b25bf7642e52f0d0384400 Mon Sep 17 00:00:00 2001 From: HIKster Date: Thu, 6 Apr 2023 11:07:51 +0900 Subject: [PATCH 919/979] Remove credentials validity checks which cause issues --- ScoutSuite/providers/gcp/authentication_strategy.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ScoutSuite/providers/gcp/authentication_strategy.py b/ScoutSuite/providers/gcp/authentication_strategy.py index 971169e15..a8dca4d54 100755 --- a/ScoutSuite/providers/gcp/authentication_strategy.py +++ b/ScoutSuite/providers/gcp/authentication_strategy.py @@ -1,11 +1,9 @@ -from datetime import datetime import logging import os import warnings from google import auth -from ScoutSuite.core.console import print_warning from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy, AuthenticationException @@ -39,11 +37,6 @@ def authenticate(self, user_account=None, service_account=None, **kwargs): if not credentials: raise AuthenticationException('No credentials') - if hasattr(credentials, 'valid') and not credentials.valid: - if hasattr(credentials, 'expiry') and credentials.expiry < datetime.now(): - print_warning(f'Credentials expired on {credentials.expiry}') - raise AuthenticationException('Credentials are invalid') - credentials.is_service_account = service_account is not None credentials.default_project_id = default_project_id From d18a9c7e568563fe41b539aca9933056030a25a5 Mon Sep 17 00:00:00 2001 From: liyun-li Date: Tue, 11 Apr 2023 12:40:07 -0400 Subject: [PATCH 920/979] Fix JSON formatting of policies --- .../output/data/html/partials/policy.html | 19 +------------------ .../data/inc-scoutsuite/css/scoutsuite.css | 1 - .../output/data/inc-scoutsuite/helpers.js | 10 ++-------- 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/policy.html b/ScoutSuite/output/data/html/partials/policy.html index 8bdc0df62..06299ff2f 100755 --- a/ScoutSuite/output/data/html/partials/policy.html +++ b/ScoutSuite/output/data/html/partials/policy.html @@ -1,23 +1,6 @@ + + + + + + diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 60ab932a3..2557d3573 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -218,4 +218,20 @@ async def get_route_tables(self, region): return route_tables except Exception as e: print_exception('Failed to get route tables: {}'.format(e)) - return [] \ No newline at end of file + return [] + + async def get_ebs_encryption(self, region): + ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region) + try: + encryption_settings = await run_concurrently(lambda: ec2_client.get_ebs_encryption_by_default()['EbsEncryptionByDefault']) + return encryption_settings + except Exception as e: + print_exception(f'Failed to retrieve EBS encryption settings: {e}') + + async def get_ebs_default_encryption_key(self, region): + ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region) + try: + encryption_key = await run_concurrently(lambda: ec2_client.get_ebs_default_kms_key_id()['KmsKeyId']) + return encryption_key + except Exception as e: + print_exception(f'Failed to retrieve EBS encryption key ID: {e}') diff --git a/ScoutSuite/providers/aws/metadata.json b/ScoutSuite/providers/aws/metadata.json index efd223944..804dbb9ed 100755 --- a/ScoutSuite/providers/aws/metadata.json +++ b/ScoutSuite/providers/aws/metadata.json @@ -213,6 +213,10 @@ "images": { "cols": 2, "path": "services.ec2.regions.id.images" + }, + "regional_settings": { + "cols": 2, + "path": "services.ec2.regions.id.regional_settings" } }, "summaries": { diff --git a/ScoutSuite/providers/aws/resources/ec2/base.py b/ScoutSuite/providers/aws/resources/ec2/base.py index 0a82deac7..1b843fb83 100755 --- a/ScoutSuite/providers/aws/resources/ec2/base.py +++ b/ScoutSuite/providers/aws/resources/ec2/base.py @@ -3,6 +3,7 @@ from ScoutSuite.providers.aws.resources.ec2.volumes import Volumes from ScoutSuite.providers.aws.resources.ec2.vpcs import Ec2Vpcs from ScoutSuite.providers.aws.resources.regions import Regions +from ScoutSuite.providers.aws.resources.ec2.regional_settings import RegionalSettings class EC2(Regions): @@ -10,7 +11,8 @@ class EC2(Regions): (Ec2Vpcs, 'vpcs'), (AmazonMachineImages, 'images'), (Snapshots, 'snapshots'), - (Volumes, 'volumes') + (Volumes, 'volumes'), + (RegionalSettings, 'regional_settings') ] def __init__(self, facade): @@ -26,7 +28,7 @@ async def fetch_all(self, regions=None, excluded_regions=None, partition_name='a sum([len(vpc['security_groups']) for vpc in self['regions'][region]['vpcs'].values()]) self['regions'][region]['network_interfaces_count'] =\ sum([len(vpc['network_interfaces']) for vpc in self['regions'][region]['vpcs'].values()]) - + self['instances_count'] =\ sum([region['instances_count'] for region in self['regions'].values()]) self['security_groups_count'] =\ diff --git a/ScoutSuite/providers/aws/resources/ec2/regional_settings.py b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py new file mode 100644 index 000000000..6aae176fb --- /dev/null +++ b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py @@ -0,0 +1,16 @@ +from ScoutSuite.providers.aws.resources.base import AWSResources +from ScoutSuite.providers.aws.facade.base import AWSFacade +from ScoutSuite.providers.aws.utils import get_name, format_arn + + +class RegionalSettings(AWSResources): + def __init__(self, facade: AWSFacade, region: str): + super().__init__(facade) + self.region = region + self.partition = facade.partition + self.service = 'ec2' + self.resource_type = 'regional_setting' + + async def fetch_all(self): + self['ebs_encryption_default'] = await self.facade.ec2.get_ebs_encryption(self.region) + self['ebs_default_encryption_key_id'] = await self.facade.ec2.get_ebs_default_encryption_key(self.region) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json b/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json new file mode 100644 index 000000000..cc623520f --- /dev/null +++ b/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json @@ -0,0 +1,18 @@ +{ + "description": "EBS Encryption By Default Is Disabled", + "rationale": "Enabling EBS encryption by default ensures that all EBS Volumes created in the region are encrypted even if the operator neglects to opt into encryption when creating a Volume.", + "remediation": "Enable encryption by default for EBS volumes in all regions.", + "references": [ + "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default" + ], + "dashboard_name": "Regions", + "path": "ec2.regions.id.regional_settings.ebs_encryption_default", + "conditions": [ + "and", + [ + "ec2.regions.id.regional_settings.ebs_encryption_default", + "false", + "" + ] + ] +} \ No newline at end of file diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index b3afbb226..255c08138 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -142,6 +142,12 @@ "level": "danger" } ], + "ec2_ebs_default_encryption_disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "ec2-instance-in-security-group.json": [ { "args": [ diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index d1043c5c1..004b7a5f6 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -142,6 +142,12 @@ "level": "danger" } ], + "ec2_ebs_default_encryption_disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], "ec2-instance-in-security-group.json": [ { "args": [ From 524b8074216abbf6b83dcf6580ea41ea833fc662 Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Mon, 22 Jan 2024 08:58:42 -0800 Subject: [PATCH 959/979] EBS default encryption rule: now highlights the setting in HTML. --- .../aws/services.ec2.regions.id.regional_settings.html | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html index 2f3017ae8..b4eec1f69 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html @@ -1,15 +1,17 @@ From 54147a09183258b72fcdcf2ef2888c06ed2b5cbb Mon Sep 17 00:00:00 2001 From: Asif Wani Date: Sun, 4 Feb 2024 23:57:13 +0530 Subject: [PATCH 960/979] added-digitalocean-support --- README.md | 1 + ScoutSuite/__main__.py | 17 ++ ScoutSuite/core/cli_parser.py | 32 +++ .../do/services.database.databases.html | 33 +++ .../do/services.droplet.droplets.html | 41 ++++ .../do/services.networking.domains.html | 27 +++ .../do/services.networking.firewalls.html | 35 +++ .../services.networking.load_balancers.html | 25 +++ .../partials/do/services.spaces.buckets.html | 26 +++ .../output/data/html/summaries/do/.gitkeep | 0 ScoutSuite/providers/__init__.py | 3 +- .../base/authentication_strategy_factory.py | 3 +- .../providers/do/authentication_strategy.py | 49 +++++ ScoutSuite/providers/do/facade/__init__.py | 0 ScoutSuite/providers/do/facade/base.py | 17 ++ ScoutSuite/providers/do/facade/database.py | 71 +++++++ ScoutSuite/providers/do/facade/droplet.py | 38 ++++ ScoutSuite/providers/do/facade/networking.py | 39 ++++ ScoutSuite/providers/do/facade/spaces.py | 199 ++++++++++++++++++ ScoutSuite/providers/do/metadata.json | 50 +++++ ScoutSuite/providers/do/provider.py | 50 +++++ ScoutSuite/providers/do/resources/__init__.py | 0 ScoutSuite/providers/do/resources/base.py | 22 ++ .../do/resources/database/__init__.py | 0 .../providers/do/resources/database/base.py | 14 ++ .../do/resources/database/databases.py | 66 ++++++ .../do/resources/droplet/__init__.py | 0 .../providers/do/resources/droplet/base.py | 14 ++ .../do/resources/droplet/droplets.py | 83 ++++++++ .../do/resources/networking/__init__.py | 0 .../providers/do/resources/networking/base.py | 20 ++ .../do/resources/networking/domains.py | 76 +++++++ .../do/resources/networking/firewalls.py | 47 +++++ .../do/resources/networking/load_balancers.py | 29 +++ .../providers/do/resources/spaces/__init__.py | 0 .../providers/do/resources/spaces/base.py | 14 ++ .../providers/do/resources/spaces/buckets.py | 43 ++++ .../providers/do/rules/filters/.gitkeep | 0 ...se-databases-mysql-publically-exposed.json | 20 ++ ...atabases-mysql-user-legacy-encryption.json | 20 ++ ...e-databases-postgres-connection-pools.json | 20 ++ ...base-databases-redis-evicition-policy.json | 20 ++ .../droplet-droplets-all-ports-exposed.json | 15 ++ .../droplet-droplets-backup-not-enabled.json | 17 ++ .../droplet-droplets-backup-not-present.json | 17 ++ ...roplet-droplets-firewall-not-attached.json | 17 ++ .../droplet-droplets-port-22-exposed.json | 15 ++ .../findings/networking-domains-high-ttl.json | 15 ++ .../networking-domains-missing-dkim.json | 15 ++ .../networking-domains-missing-dmarc.json | 15 ++ .../networking-domains-missing-spf.json | 15 ++ ...working-domains-spf-overly-permissive.json | 15 ++ .../networking-firewalls-public-ports.json | 15 ++ .../networking-firewalls-quad-zero.json | 15 ++ ...d-balancer-backend-keepalive-disabled.json | 15 ++ ...g-load-balancer-ssl-redirect-disabled.json | 15 ++ .../findings/spaces-buckets-public-read.json | 17 ++ .../findings/spaces-buckets-public-write.json | 17 ++ .../providers/do/rules/rulesets/default.json | 119 +++++++++++ .../providers/do/rules/rulesets/filters.json | 4 + ScoutSuite/providers/do/services.py | 23 ++ ScoutSuite/providers/do/utils.py | 23 ++ requirements.txt | 8 +- tools/process_raw_response.py | 5 +- 64 files changed, 1692 insertions(+), 4 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/do/services.database.databases.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.domains.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html create mode 100644 ScoutSuite/output/data/html/summaries/do/.gitkeep create mode 100644 ScoutSuite/providers/do/authentication_strategy.py create mode 100644 ScoutSuite/providers/do/facade/__init__.py create mode 100644 ScoutSuite/providers/do/facade/base.py create mode 100644 ScoutSuite/providers/do/facade/database.py create mode 100644 ScoutSuite/providers/do/facade/droplet.py create mode 100644 ScoutSuite/providers/do/facade/networking.py create mode 100644 ScoutSuite/providers/do/facade/spaces.py create mode 100644 ScoutSuite/providers/do/metadata.json create mode 100644 ScoutSuite/providers/do/provider.py create mode 100644 ScoutSuite/providers/do/resources/__init__.py create mode 100644 ScoutSuite/providers/do/resources/base.py create mode 100644 ScoutSuite/providers/do/resources/database/__init__.py create mode 100644 ScoutSuite/providers/do/resources/database/base.py create mode 100644 ScoutSuite/providers/do/resources/database/databases.py create mode 100644 ScoutSuite/providers/do/resources/droplet/__init__.py create mode 100644 ScoutSuite/providers/do/resources/droplet/base.py create mode 100644 ScoutSuite/providers/do/resources/droplet/droplets.py create mode 100644 ScoutSuite/providers/do/resources/networking/__init__.py create mode 100644 ScoutSuite/providers/do/resources/networking/base.py create mode 100644 ScoutSuite/providers/do/resources/networking/domains.py create mode 100644 ScoutSuite/providers/do/resources/networking/firewalls.py create mode 100644 ScoutSuite/providers/do/resources/networking/load_balancers.py create mode 100644 ScoutSuite/providers/do/resources/spaces/__init__.py create mode 100644 ScoutSuite/providers/do/resources/spaces/base.py create mode 100644 ScoutSuite/providers/do/resources/spaces/buckets.py create mode 100644 ScoutSuite/providers/do/rules/filters/.gitkeep create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json create mode 100644 ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json create mode 100644 ScoutSuite/providers/do/rules/rulesets/default.json create mode 100644 ScoutSuite/providers/do/rules/rulesets/filters.json create mode 100644 ScoutSuite/providers/do/services.py create mode 100644 ScoutSuite/providers/do/utils.py diff --git a/README.md b/README.md index 93a3d1763..4d5acb98a 100755 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ The following cloud providers are currently supported: - Alibaba Cloud (alpha) - Oracle Cloud Infrastructure (alpha) - Kubernetes clusters on a cloud provider (alpha) +- DigitalOcean Cloud (alpha) ## Installation diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 24fe31300..292267097 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -61,6 +61,10 @@ def run_from_cli(): kubernetes_context=args.get('kubernetes_context'), kubernetes_persist_config=args.get('kubernetes_persist_config'), kubernetes_azure_subscription_id=args.get('kubernetes_azure_subscription_id'), + #DigitalOcean + token=args.get('token'), + access_key=args.get('access_key'), + access_secret=args.get('access_secret'), # General report_name=args.get('report_name'), report_dir=args.get('report_dir'), timestamp=args.get('timestamp'), @@ -113,6 +117,10 @@ def run(provider, kubernetes_context=None, kubernetes_persist_config=True, kubernetes_azure_subscription_id=None, + #DigitalOcean + token=None, + access_key=None, + access_secret=None, # General report_name=None, report_dir=None, timestamp=False, @@ -171,6 +179,10 @@ async def _run(provider, kubernetes_context, kubernetes_persist_config, kubernetes_azure_subscription_id, + #DigitalOcean + token, + access_key, + access_secret, # General report_name, report_dir, timestamp, @@ -221,6 +233,11 @@ async def _run(provider, access_key_id=access_key_id, access_key_secret=access_key_secret, + #DigitalOcean + token=token, + access_key=access_key, + access_secret=access_secret, + # Kubernetes kubernetes_cluster_provider=kubernetes_cluster_provider, kubernetes_config_file=kubernetes_config_file, diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index 9a2d72fc9..161dd417b 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -30,6 +30,7 @@ def __init__(self): self._init_aliyun_parser() self._init_oci_parser() self._init_kubernetes_parser() + self._init_do_parser() def _init_aws_parser(self): parser = self.subparsers.add_parser("aws", @@ -254,6 +255,32 @@ def _init_oci_parser(self): dest='profile', default=None, help='Name of the profile') + + def _init_do_parser(self): + do_parser = self.subparsers.add_parser("do", + parents=[self.common_providers_args_parser], + help="Run Scout against an DigitalOcean account") + + parser = do_parser.add_argument_group('Authentication parameters') + + parser.add_argument('-t', + '--token', + action='store', + default=None, + dest='token', + help='DO Token') + + parser.add_argument('--access_key', + action='store', + default=None, + dest='access_key', + help='Spaces Access Key ID') + parser.add_argument('--access_secret', + action='store', + default=None, + dest='access_secret', + help='Spaces Secret Access Key') + def _init_kubernetes_parser(self): kubernetes_parser = self.subparsers.add_parser("kubernetes", @@ -436,6 +463,11 @@ def parse_args(self, args=None): if v.get('subscription_ids') and v.get('all_subscriptions'): self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options') + # DigitalOcean + if v.get('provider') == 'do': + if (v.get('access_key') or v.get('access_secret')) and not (v.get('access_key') and v.get('access_secret')): + self.parser.error('For DO Spaces service please provide both --access_key and --access_secret') + # Kubernetes elif v.get('provider') == 'kubernetes': cluster_provider = v.get('kubernetes_cluster_provider') diff --git a/ScoutSuite/output/data/html/partials/do/services.database.databases.html b/ScoutSuite/output/data/html/partials/do/services.database.databases.html new file mode 100644 index 000000000..1b2bc6455 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.database.databases.html @@ -0,0 +1,33 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html b/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html new file mode 100644 index 000000000..12229a804 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html @@ -0,0 +1,41 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.domains.html b/ScoutSuite/output/data/html/partials/do/services.networking.domains.html new file mode 100644 index 000000000..fc60c0a8f --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.domains.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html b/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html new file mode 100644 index 000000000..f0647f9a6 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html @@ -0,0 +1,35 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html b/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html new file mode 100644 index 000000000..dda111870 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html @@ -0,0 +1,25 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html b/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html new file mode 100644 index 000000000..53b284f65 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html @@ -0,0 +1,26 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/summaries/do/.gitkeep b/ScoutSuite/output/data/html/summaries/do/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/__init__.py b/ScoutSuite/providers/__init__.py index a00fe0a63..e92d522b6 100755 --- a/ScoutSuite/providers/__init__.py +++ b/ScoutSuite/providers/__init__.py @@ -3,7 +3,8 @@ 'azure': 'AzureProvider', 'aliyun': 'AliyunProvider', 'oci': 'OracleProvider', - 'kubernetes': 'KubernetesProvider'} + 'kubernetes': 'KubernetesProvider', + 'do': 'DigitalOceanProvider'} def get_provider_object(provider): diff --git a/ScoutSuite/providers/base/authentication_strategy_factory.py b/ScoutSuite/providers/base/authentication_strategy_factory.py index a6eee9bdf..6a55c8881 100755 --- a/ScoutSuite/providers/base/authentication_strategy_factory.py +++ b/ScoutSuite/providers/base/authentication_strategy_factory.py @@ -4,7 +4,8 @@ 'azure': 'AzureAuthenticationStrategy', 'aliyun': 'AliyunAuthenticationStrategy', 'oci': 'OracleAuthenticationStrategy', - 'kubernetes': 'KubernetesAuthenticationStrategy' + 'kubernetes': 'KubernetesAuthenticationStrategy', + 'do': 'DigitalOceanAuthenticationStrategy' } diff --git a/ScoutSuite/providers/do/authentication_strategy.py b/ScoutSuite/providers/do/authentication_strategy.py new file mode 100644 index 000000000..1d4e17b1f --- /dev/null +++ b/ScoutSuite/providers/do/authentication_strategy.py @@ -0,0 +1,49 @@ +from ScoutSuite.providers.do import utils +from ScoutSuite.providers.base.authentication_strategy import AuthenticationException +from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy +from ScoutSuite.core.console import print_warning +from pydo import Client +import logging +import boto3 + + +class DoCredentials: + def __init__(self, client, session=None): + self.client = client + self.session = session + + +class DigitalOceanAuthenticationStrategy(AuthenticationStrategy): + + def authenticate(self, token=None, access_key=None, access_secret=None, **kwargs): + """ + Handles authentication to DigitalOcean. + """ + try: + self.client = Client(token) + # a simple request here to make sure the authentication is successful + self.client.account.get() + + if not (access_key and access_secret): + print_warning( + f"Missing credentials for spaces: Skipping DO Spaces service" + ) + return DoCredentials(client=self.client) + else: + # Set logging level to error for libraries as otherwise generates a lot of warnings + logging.getLogger("botocore").setLevel(logging.ERROR) + logging.getLogger("botocore.auth").setLevel(logging.ERROR) + logging.getLogger("urllib3").setLevel(logging.ERROR) + + session = boto3.Session( + aws_access_key_id=access_key, + aws_secret_access_key=access_secret, + ) + # make sure the DO spaces authentication is successful + region = "blr1" + spaces_client = utils.get_client("s3", session, region) + spaces_client.list_buckets() + return DoCredentials(client=self.client, session=session) + + except Exception as e: + raise AuthenticationException(e) diff --git a/ScoutSuite/providers/do/facade/__init__.py b/ScoutSuite/providers/do/facade/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/facade/base.py b/ScoutSuite/providers/do/facade/base.py new file mode 100644 index 000000000..5c601d44a --- /dev/null +++ b/ScoutSuite/providers/do/facade/base.py @@ -0,0 +1,17 @@ +from ScoutSuite.providers.do.facade.droplet import DropletFacade +from ScoutSuite.providers.do.facade.networking import Networkingfacade +from ScoutSuite.providers.do.facade.database import DatabasesFacade +from ScoutSuite.providers.do.facade.spaces import SpacesFacade +from ScoutSuite.providers.do.authentication_strategy import DoCredentials + + +class DoFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._instantiate_facades() + + def _instantiate_facades(self): + self.droplet = DropletFacade(self._credentials) + self.networking = Networkingfacade(self._credentials) + self.database = DatabasesFacade(self._credentials) + self.spaces = SpacesFacade(self._credentials) diff --git a/ScoutSuite/providers/do/facade/database.py b/ScoutSuite/providers/do/facade/database.py new file mode 100644 index 000000000..ea59adce4 --- /dev/null +++ b/ScoutSuite/providers/do/facade/database.py @@ -0,0 +1,71 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class DatabasesFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + + async def get_databases(self): + try: + databases = await run_concurrently( + lambda: self._client.databases.list_clusters()["databases"] + ) + return databases + except Exception as e: + print_exception(f"Failed to get databases: {e}") + return [] + + async def get_databaseusers(self, db_uuid): + try: + db_users = await run_concurrently( + lambda: self._client.databases.list_users(db_uuid)["users"] + ) + return db_users + except Exception as e: + print_exception(f"Failed to get db users: {e}") + return [] + + async def get_eviction_policy(self, db_uuid): + try: + eviction_policy = await run_concurrently( + lambda: self._client.databases.get_eviction_policy(db_uuid)[ + "eviction_policy" + ] + ) + return eviction_policy + except Exception as e: + print_exception(f"Failed to get Redis eviction policy: {e}") + return [] + + async def get_connection_pools(self, db_uuid): + try: + connection_pools = await run_concurrently( + lambda: self._client.databases.list_connection_pools(db_uuid)["pools"] + ) + return connection_pools + except Exception as e: + print_exception(f"Failed to get Postgres connection pools: {e}") + return [] + + async def get_firewalls(self, db_uuid): + try: + firewall_rules = await run_concurrently( + lambda: self._client.databases.list_firewall_rules(db_uuid) + ) + return firewall_rules + except Exception as e: + print_exception(f"Failed to get db firewalls: {e}") + return [] + + async def get_resources(self, tag): + try: + resources = await run_concurrently( + lambda: self._client.tags.get(tag)["tag"]["resources"] + ) + return resources + except Exception as e: + print_exception(f"Failed to get tag resources: {e}") + return [] diff --git a/ScoutSuite/providers/do/facade/droplet.py b/ScoutSuite/providers/do/facade/droplet.py new file mode 100644 index 000000000..03b47049f --- /dev/null +++ b/ScoutSuite/providers/do/facade/droplet.py @@ -0,0 +1,38 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class DropletFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + + async def get_droplets(self): + try: + droplets = await run_concurrently( + lambda: self._client.droplets.list()["droplets"] + ) + return droplets + except Exception as e: + print_exception(f"Failed to get droplets: {e}") + return [] + + async def get_droplet_fwconfig(self, id): + try: + droplet_fwconfig = await run_concurrently( + lambda: self._client.droplets.list_firewalls(id) + ) + return droplet_fwconfig + except Exception as e: + print_exception(f"Failed to get droplet firewall config: {e}") + return [] + + # TODO not required for now + # async def get_droplet_details(self, id): + # try: + # droplets = await run_concurrently(lambda: self._client.droplets.list()['droplets']) + # return droplets + # except Exception as e: + # print_exception(f'Failed to get do droplets: {e}') + # return [] diff --git a/ScoutSuite/providers/do/facade/networking.py b/ScoutSuite/providers/do/facade/networking.py new file mode 100644 index 000000000..fc5e2ae83 --- /dev/null +++ b/ScoutSuite/providers/do/facade/networking.py @@ -0,0 +1,39 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class Networkingfacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + + async def get_firewalls(self): + try: + firewalls = await run_concurrently( + lambda: self._client.firewalls.list()["firewalls"] + ) + return firewalls + except Exception as e: + print_exception(f"Failed to get firewalls: {e}") + return [] + + async def get_domains(self): + try: + domains = await run_concurrently( + lambda: self._client.domains.list()["domains"] + ) + return domains + except Exception as e: + print_exception(f"Failed to get domains: {e}") + return [] + + async def get_load_balancers(self): + try: + load_balancers = await run_concurrently( + lambda: self._client.load_balancers.list()["load_balancers"] + ) + return load_balancers + except Exception as e: + print_exception(f"Failed to get load balancers: {e}") + return [] diff --git a/ScoutSuite/providers/do/facade/spaces.py b/ScoutSuite/providers/do/facade/spaces.py new file mode 100644 index 000000000..f8fb377a1 --- /dev/null +++ b/ScoutSuite/providers/do/facade/spaces.py @@ -0,0 +1,199 @@ +from botocore.exceptions import ClientError +import boto3 +from ScoutSuite.core.console import print_exception, print_debug, print_warning +from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils +from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials + + +class SpacesFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + self.session = credentials.session + + async def get_all_buckets(self): + buckets = [] + # TODO no api avaialible to get do regions that support spaces. + region_list = ["nyc3", "sfo2", "sfo3", "ams3", "fra1", "sgp1", "syd1", "blr1"] + + for region in region_list: + buckets = await self.get_buckets(region) + + return buckets + + async def get_buckets(self, region=None): + try: + buckets = [] + exception = None + try: + client = self.get_client("s3", self.session, region) + buckets = await run_concurrently( + lambda: client.list_buckets()["Buckets"] + ) + except Exception as e: + exception = e + else: + exception = None # Fix for https://github.com/nccgroup/ScoutSuite/issues/916#issuecomment-728783965 + if not buckets: + if exception: + print_exception(f"Failed to list buckets: {exception}") + return [] + except Exception as e: + print_exception(f"Failed to list buckets: {e}") + return [] + else: + # We need first to retrieve bucket locations before retrieving bucket details + await get_and_set_concurrently( + [self._get_and_set_s3_bucket_location], buckets, region=region + ) + + # Then we can retrieve bucket details concurrently + await get_and_set_concurrently( + [ + self._get_and_set_s3_acls, + ], + buckets, + ) + + return buckets + + async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None): + client = self.get_client("s3", self.session, region) + try: + location = await run_concurrently( + lambda: client.get_bucket_location(Bucket=bucket["Name"]) + ) + except Exception as e: + if "NoSuchBucket" in str(e) or "InvalidToken" in str(e): + print_warning( + "Failed to get bucket location for {}: {}".format(bucket["Name"], e) + ) + else: + print_exception( + "Failed to get bucket location for {}: {}".format(bucket["Name"], e) + ) + location = None + + if location: + region = ( + location["LocationConstraint"] + if location["LocationConstraint"] + else "us-east-1" + ) + + # Fixes issue #59: location constraint can be either EU or eu-west-1 for Ireland... + if region == "EU": + region = "eu-west-1" + else: + region = None + + bucket["region"] = region + + async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): + bucket_name = bucket["Name"] + client = self.get_client("s3", self.session, bucket["region"]) + + try: + grantees = {} + if key_name: + grants = await run_concurrently( + lambda: client.get_object_acl(Bucket=bucket_name, Key=key_name) + ) + else: + grants = await run_concurrently( + lambda: client.get_bucket_acl(Bucket=bucket_name) + ) + for grant in grants["Grants"]: + if "ID" in grant["Grantee"]: + grantee = grant["Grantee"]["ID"] + display_name = ( + grant["Grantee"]["DisplayName"] + if "DisplayName" in grant["Grantee"] + else grant["Grantee"]["ID"] + ) + elif "URI" in grant["Grantee"]: + grantee = grant["Grantee"]["URI"].split("/")[-1] + display_name = self._s3_group_to_string(grant["Grantee"]["URI"]) + else: + grantee = display_name = "Unknown" + permission = grant["Permission"] + grantees.setdefault(grantee, {}) + grantees[grantee]["DisplayName"] = display_name + if "URI" in grant["Grantee"]: + grantees[grantee]["URI"] = grant["Grantee"]["URI"] + grantees[grantee].setdefault("permissions", self._init_s3_permissions()) + self._set_s3_permissions(grantees[grantee]["permissions"], permission) + bucket["grantees"] = grantees + except Exception as e: + if "NoSuchBucket" in str(e) or "InvalidToken" in str(e): + print_warning(f"Failed to get ACL configuration for {bucket_name}: {e}") + else: + print_exception( + f"Failed to get ACL configuration for {bucket_name}: {e}" + ) + bucket["grantees"] = {} + + @staticmethod + def get_client(service: str, session: boto3.session.Session, region: str = None): + """ + Instantiates an AWS API client + + :param service: Service targeted, e.g. ec2 + :param session: The aws session + :param region: Region desired, e.g. us-east-2 + + :return: + """ + + try: + return ( + session.client( + service, + region_name=region, + endpoint_url="https://" + region + ".digitaloceanspaces.com", + ) + if region + else session.client(service) + ) + except Exception as e: + print_exception(f"Failed to create client for the {service} service: {e}") + return None + + @staticmethod + def _init_s3_permissions(): + permissions = { + "read": False, + "write": False, + "read_acp": False, + "write_acp": False, + } + return permissions + + @staticmethod + def _set_s3_permissions(permissions: str, name: str): + if name == "READ" or name == "FULL_CONTROL": + permissions["read"] = True + if name == "WRITE" or name == "FULL_CONTROL": + permissions["write"] = True + if name == "READ_ACP" or name == "FULL_CONTROL": + permissions["read_acp"] = True + if name == "WRITE_ACP" or name == "FULL_CONTROL": + permissions["write_acp"] = True + + @staticmethod + def _s3_group_to_string(uri: str): + if uri == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers": + return "Authenticated users" + elif uri == "http://acs.amazonaws.com/groups/global/AllUsers": + return "Everyone" + elif uri == "http://acs.amazonaws.com/groups/s3/LogDelivery": + return "Log delivery" + else: + return uri + + @staticmethod + def _status_to_bool(value: str): + """Converts a string to True if it is equal to 'Enabled' or to False otherwise.""" + return value == "Enabled" diff --git a/ScoutSuite/providers/do/metadata.json b/ScoutSuite/providers/do/metadata.json new file mode 100644 index 000000000..1dedc9e80 --- /dev/null +++ b/ScoutSuite/providers/do/metadata.json @@ -0,0 +1,50 @@ +{ + "Compute": { + "droplet": { + "resources": { + "droplets": { + "cols": 2, + "path": "services.droplet.droplets" + } + } + } + }, + "Storage": { + "spaces": { + "resources": { + "buckets": { + "cols": 2, + "path": "services.spaces.buckets" + } + } + } + }, + "Network": { + "networking": { + "resources": { + "firewalls": { + "cols": 2, + "path": "services.networking.firewalls" + }, + "domains": { + "cols": 2, + "path": "services.networking.domains" + }, + "load_balancers": { + "cols": 2, + "path": "services.networking.load_balancers" + } + } + } + }, + "DatabaseClusters": { + "database": { + "resources": { + "databases": { + "cols": 2, + "path": "services.database.databases" + } + } + } + } +} diff --git a/ScoutSuite/providers/do/provider.py b/ScoutSuite/providers/do/provider.py new file mode 100644 index 000000000..ba2987e68 --- /dev/null +++ b/ScoutSuite/providers/do/provider.py @@ -0,0 +1,50 @@ +import os +from ScoutSuite.providers.do.services import DigitalOceanServicesConfig +from ScoutSuite.providers.base.provider import BaseProvider + + +class DigitalOceanProvider(BaseProvider): + """ + Implements provider for DigitalOcean + """ + + def __init__( + self, + report_dir=None, + timestamp=None, + services=None, + skipped_services=None, + **kwargs, + ): + + services = [] if services is None else services + skipped_services = [] if skipped_services is None else skipped_services + + self.metadata_path = ( + "%s/metadata.json" % os.path.split(os.path.abspath(__file__))[0] + ) + + self.provider_code = "do" + self.provider_name = "DigitalOcean" + self.environment = "default" + + self.services_config = DigitalOceanServicesConfig + + self.credentials = kwargs["credentials"] + self.account_id = self.credentials.client.account.get() + self.account_id = self.account_id["account"]["uuid"] + + super().__init__(report_dir, timestamp, services, skipped_services) + + def get_report_name(self): + """ + Returns the name of the report using the provider's configuration + """ + if self.account_id: + return f"do-{self.account_id}" + else: + return "do" + + def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): + + super().preprocessing() diff --git a/ScoutSuite/providers/do/resources/__init__.py b/ScoutSuite/providers/do/resources/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/base.py b/ScoutSuite/providers/do/resources/base.py new file mode 100644 index 000000000..eeb13e981 --- /dev/null +++ b/ScoutSuite/providers/do/resources/base.py @@ -0,0 +1,22 @@ +"""This module provides implementations for Resources and CompositeResources for DO.""" + +import abc + +from ScoutSuite.providers.base.resources.base import Resources, CompositeResources + + +class DoResources(Resources, metaclass=abc.ABCMeta): + """This is the base class for DO resources.""" + + pass + + +class DoCompositeResources(DoResources, CompositeResources, metaclass=abc.ABCMeta): + """This class represents a collection of composite Resources (resources that include nested resources referred as + their children). Classes extending DoCompositeResources have to define a '_children' attribute which consists of + a list of tuples describing the children. The tuples are expected to respect the following format: + (, ). 'child_name' is used to indicate the name under which the child resources will be + stored in the parent object. + """ + + pass diff --git a/ScoutSuite/providers/do/resources/database/__init__.py b/ScoutSuite/providers/do/resources/database/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/database/base.py b/ScoutSuite/providers/do/resources/database/base.py new file mode 100644 index 000000000..6baec57a5 --- /dev/null +++ b/ScoutSuite/providers/do/resources/database/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.database.databases import Databases + + +class Databases(DoCompositeResources): + _children = [(Databases, "databases")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "database" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/database/databases.py b/ScoutSuite/providers/do/resources/database/databases.py new file mode 100644 index 000000000..4a7677e06 --- /dev/null +++ b/ScoutSuite/providers/do/resources/database/databases.py @@ -0,0 +1,66 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Databases(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + clusters = await self.facade.database.get_databases() + if clusters: + for cluster in clusters: + id, cluster = await self._parse_cluster(cluster) + self[id] = cluster + + async def _parse_cluster(self, raw_cluster): + cluster_dict = {} + + cluster_dict["id"] = raw_cluster["id"] + cluster_dict["cluster_name"] = raw_cluster["name"] + cluster_dict["engine"] = raw_cluster["engine"] + cluster_dict["version"] = raw_cluster["version"] + cluster_dict["semantic_version"] = raw_cluster["semantic_version"] + cluster_dict["tags"] = raw_cluster["tags"] + cluster_dict["databases"] = str(raw_cluster["db_names"]) + + trusted_sources = set() + cluster_databases = await self.facade.database.get_firewalls(raw_cluster["id"]) + if cluster_databases: + for cluster_rule in cluster_databases["rules"]: + trusted_sources.add(f"{cluster_rule['type']}s:{cluster_rule['value']}") + + cluster_dict["trusted_sources"] = ( + trusted_sources if trusted_sources else "False" + ) + + if raw_cluster["engine"] == "mysql": + legacy_encryption_users = set() + db_users = await self.facade.database.get_databaseusers(raw_cluster["id"]) + if db_users: + for db_user in db_users: + if ( + db_user["mysql_settings"]["auth_plugin"] + == "mysql_native_password" + ): + legacy_encryption_users.add(db_user["name"]) + + if legacy_encryption_users: + cluster_dict["legacy_encryption_users"] = ( + str(legacy_encryption_users) if legacy_encryption_users else "False" + ) + + elif raw_cluster["engine"] == "redis": + cluster_dict["eviction_policy"] = ( + await self.facade.database.get_eviction_policy(raw_cluster["id"]) + ) + + elif raw_cluster["engine"] == "pg": + connection_pools = await self.facade.database.get_connection_pools( + raw_cluster["id"] + ) + cluster_dict["connection_pools"] = ( + connection_pools if connection_pools else "False" + ) + + return cluster_dict["id"], cluster_dict diff --git a/ScoutSuite/providers/do/resources/droplet/__init__.py b/ScoutSuite/providers/do/resources/droplet/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/droplet/base.py b/ScoutSuite/providers/do/resources/droplet/base.py new file mode 100644 index 000000000..5a5ebdf1a --- /dev/null +++ b/ScoutSuite/providers/do/resources/droplet/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.droplet.droplets import Droplets + + +class Droplets(DoCompositeResources): + _children = [(Droplets, "droplets")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "droplet" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/droplet/droplets.py b/ScoutSuite/providers/do/resources/droplet/droplets.py new file mode 100644 index 000000000..32198ad43 --- /dev/null +++ b/ScoutSuite/providers/do/resources/droplet/droplets.py @@ -0,0 +1,83 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Droplets(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + droplets = await self.facade.droplet.get_droplets() + if droplets: + for droplet in droplets: + id, droplet = await self._parse_droplet(droplet) + self[id] = droplet + + async def _parse_droplet(self, raw_droplet): + droplet_dict = {} + + droplet_dict["id"] = raw_droplet["id"] + droplet_dict["name"] = raw_droplet["name"] + droplet_dict["memory"] = raw_droplet["memory"] + droplet_dict["vcpus"] = raw_droplet["vcpus"] + droplet_dict["disk"] = raw_droplet["disk"] + droplet_dict["locked"] = raw_droplet["locked"] + droplet_dict["status"] = raw_droplet["status"] + droplet_dict["kernel"] = raw_droplet["kernel"] + droplet_dict["created_at"] = raw_droplet["created_at"] + droplet_dict["features"] = raw_droplet["features"] + droplet_dict["backup_ids"] = str(raw_droplet["backup_ids"]) + droplet_dict["next_backup_window"] = raw_droplet["next_backup_window"] + droplet_dict["snapshot_ids"] = str(raw_droplet["snapshot_ids"]) + droplet_dict["image"] = raw_droplet["image"]["slug"] + droplet_dict["volume_ids"] = str(raw_droplet["volume_ids"]) + droplet_dict["size"] = raw_droplet["size"]["slug"] + droplet_dict["size_slug"] = raw_droplet["size_slug"] + droplet_dict["networks"] = str(raw_droplet["networks"]) + droplet_dict["region"] = raw_droplet["region"]["slug"] + droplet_dict["tags"] = raw_droplet["tags"] + droplet_dict["vpc_uuid"] = raw_droplet["vpc_uuid"] + droplet_dict["firewalls"] = None + + droplet_fwconfig = await self.facade.droplet.get_droplet_fwconfig( + raw_droplet["id"] + ) + public_ports = {} + + if droplet_fwconfig: + if droplet_fwconfig["firewalls"]: + droplet_dict["firewalls"] = "" + for firewall in droplet_fwconfig["firewalls"]: + droplet_dict["firewalls"] = ( + droplet_dict["firewalls"] + " , " + firewall["id"] + if droplet_dict["firewalls"] + else firewall["id"] + ) + + for rules in firewall["inbound_rules"]: + if ( + "0.0.0.0/0" in rules["sources"]["addresses"] + or "::/0" in rules["sources"]["addresses"] + ): + public_ports[rules["ports"]] = rules["sources"]["addresses"] + + droplet_dict["all_ports_exposed"] = ( + "True" + if ("0" in public_ports.keys() or not droplet_fwconfig["firewalls"]) + else "False" + ) + droplet_dict["port_22_exposed"] = ( + "True" + if ("22" in public_ports.keys() or droplet_dict["all_ports_exposed"]) + else "False" + ) + + droplet_dict["public_ports_enabled"] = "True" if public_ports else "False" + droplet_dict["public_port_detail"] = ( + f"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}" + if public_ports + else "" + ) + + return droplet_dict["id"], droplet_dict diff --git a/ScoutSuite/providers/do/resources/networking/__init__.py b/ScoutSuite/providers/do/resources/networking/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/networking/base.py b/ScoutSuite/providers/do/resources/networking/base.py new file mode 100644 index 000000000..f9079148c --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/base.py @@ -0,0 +1,20 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.networking.firewalls import Firewalls +from ScoutSuite.providers.do.resources.networking.domains import Domains +from ScoutSuite.providers.do.resources.networking.load_balancers import LoadBalancers + + +class Networking(DoCompositeResources): + _children = [ + (Firewalls, "firewalls"), + (Domains, "domains"), + (LoadBalancers, "load_balancers"), + ] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "networking" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/networking/domains.py b/ScoutSuite/providers/do/resources/networking/domains.py new file mode 100644 index 000000000..c0598df5c --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/domains.py @@ -0,0 +1,76 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade +import zonefile_parser +import re + + +class Domains(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + domains = await self.facade.networking.get_domains() + if domains: + for domain in domains: + id, domain = await self._parse_domain(domain) + if domain: + self[id] = domain + + async def _parse_domain(self, raw_domain): + domain_dict = {} + + domain_dict["id"] = raw_domain["name"] + zone_file = raw_domain["zone_file"] + + try: + records = zonefile_parser.parse(zone_file) + except Exception as e: + print_exception( + f"Failed to parse DNS records check your TXT records for {e}" + ) + return None, None + + record_types = {} + highttl_records = set() + for record in records: + if record.rtype == "TXT": + if record.rdata["value"].startswith("v=spf"): + record_types.update({"SPF": record}) + elif record.rdata["value"].startswith("v=DKIM"): + record_types.update({"DKIM": record}) + elif record.rdata["value"].startswith("v=DMARC"): + record_types.update({"DMARC": record}) + if record.ttl and int(record.ttl) > 3600: + highttl_records.add(record) + record_types.update({record.rtype: record}) + + if "SPF" in record_types: + spf_value = record_types["SPF"].rdata["value"] + + domain_dict["spf_record"] = spf_value if "SPF" in record_types else "False" + domain_dict["dmarc_record"] = ( + record_types["DMARC"].rdata["value"] if "DMARC" in record_types else "False" + ) + domain_dict["dkim_record"] = ( + record_types["DKIM"].rdata["value"] if "DKIM" in record_types else "False" + ) + + domain_dict["highttl_records"] = ( + str( + [ + f"Type[{record.rtype}]::Name[{record.name}]::ttl[{record.ttl}]" + for record in highttl_records + ] + ) + if highttl_records + else "False" + ) + + domain_dict["spf_record_all"] = ( + spf_value + if ("SPF" in record_types and ("+all" in spf_value or "~all" in spf_value)) + else "False" + ) + + return domain_dict["id"], domain_dict diff --git a/ScoutSuite/providers/do/resources/networking/firewalls.py b/ScoutSuite/providers/do/resources/networking/firewalls.py new file mode 100644 index 000000000..566b3f59a --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/firewalls.py @@ -0,0 +1,47 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Firewalls(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + firewalls = await self.facade.networking.get_firewalls() + if firewalls: + for firewall in firewalls: + id, firewall = await self._parse_firewall(firewall) + self[id] = firewall + + async def _parse_firewall(self, raw_firewall): + firewall_dict = {} + + firewall_dict["id"] = raw_firewall["id"] + firewall_dict["name"] = raw_firewall["name"] + firewall_dict["status"] = raw_firewall["status"] + firewall_dict["inbound_rules"] = raw_firewall["inbound_rules"] + firewall_dict["outbound_rules"] = raw_firewall["outbound_rules"] + firewall_dict["created_at"] = raw_firewall["created_at"] + firewall_dict["droplet_ids"] = str(raw_firewall["droplet_ids"]) + firewall_dict["tags"] = str(raw_firewall["tags"]) + firewall_dict["pending_changes"] = str(raw_firewall["pending_changes"]) + public_ports = {} + for rules in raw_firewall["inbound_rules"]: + if ( + "0.0.0.0/0" in rules["sources"]["addresses"] + or "::/0" in rules["sources"]["addresses"] + ): + public_ports[rules["ports"]] = rules["sources"]["addresses"] + + firewall_dict["all_ports_exposed"] = ( + "True" if ("0" in public_ports.keys()) else "False" + ) + firewall_dict["public_ports_enabled"] = "True" if public_ports else "False" + firewall_dict["public_port_detail"] = ( + f"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}" + if public_ports + else "" + ) + + return firewall_dict["id"], firewall_dict diff --git a/ScoutSuite/providers/do/resources/networking/load_balancers.py b/ScoutSuite/providers/do/resources/networking/load_balancers.py new file mode 100644 index 000000000..ba8109036 --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/load_balancers.py @@ -0,0 +1,29 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class LoadBalancers(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + load_balancers = await self.facade.networking.get_load_balancers() + if load_balancers: + for load_balancer in load_balancers: + id, load_balancer = await self._parse_load_balancer(load_balancer) + self[id] = load_balancer + + async def _parse_load_balancer(self, raw_load_balancer): + load_balancer_dict = {} + + load_balancer_dict["id"] = raw_load_balancer["id"] + load_balancer_dict["name"] = raw_load_balancer["name"] + load_balancer_dict["name"] = raw_load_balancer["name"] + load_balancer_dict["redirect_http_to_https"] = str( + raw_load_balancer["redirect_http_to_https"] + ) + load_balancer_dict["enable_backend_keepalive"] = str( + raw_load_balancer["enable_backend_keepalive"] + ) + + return load_balancer_dict["id"], load_balancer_dict diff --git a/ScoutSuite/providers/do/resources/spaces/__init__.py b/ScoutSuite/providers/do/resources/spaces/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/spaces/base.py b/ScoutSuite/providers/do/resources/spaces/base.py new file mode 100644 index 000000000..2f3d4fec5 --- /dev/null +++ b/ScoutSuite/providers/do/resources/spaces/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.spaces.buckets import Buckets + + +class Spaces(DoCompositeResources): + _children = [(Buckets, "buckets")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "buckets" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/spaces/buckets.py b/ScoutSuite/providers/do/resources/spaces/buckets.py new file mode 100644 index 000000000..935df88b8 --- /dev/null +++ b/ScoutSuite/providers/do/resources/spaces/buckets.py @@ -0,0 +1,43 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade +import json + + +class Buckets(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + buckets = await self.facade.spaces.get_all_buckets() + if buckets: + for bucket in buckets: + id, bucket = await self._parse_buckets(bucket) + self[id] = bucket + + async def _parse_buckets(self, raw_buckets): + buckets_dict = {} + + buckets_dict["name"] = raw_buckets["Name"] + buckets_dict["public_read"] = ( + str(raw_buckets["grantees"]["AllUsers"]["permissions"]["read"]) + if raw_buckets["grantees"] + else None + ) + buckets_dict["public_write"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["write"] + if raw_buckets["grantees"] + else None + ) + buckets_dict["read_acp"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["read_acp"] + if raw_buckets["grantees"] + else None + ) + buckets_dict["write_acp"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["write_acp"] + if raw_buckets["grantees"] + else None + ) + + return buckets_dict["name"], buckets_dict diff --git a/ScoutSuite/providers/do/rules/filters/.gitkeep b/ScoutSuite/providers/do/rules/filters/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json new file mode 100644 index 000000000..28b350e02 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json @@ -0,0 +1,20 @@ +{ + "description": "Mysql Database cluster publically exposed", + "rationale": "Typically, only the application servers should be allowed to connect to the database cluster.", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.trusted_sources", + "equal", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "mysql" + ] + ], + "id_suffix": "trusted_sources" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json new file mode 100644 index 000000000..1138f2b28 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json @@ -0,0 +1,20 @@ +{ + "description": "Mysql Database user with Legacy MySQL 5.x encryption", + "rationale": "DigitalOcean Managed Databases using MySQL 8+ are automatically configured to use caching_sha2_password authentication by default. caching_sha2_password uses a stronger password encryption than prior versions of MySQL.", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.legacy_encryption_users", + "notEqual", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "mysql" + ] + ], + "id_suffix": "legacy_encryption_users" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json new file mode 100644 index 000000000..cd6eb64e5 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json @@ -0,0 +1,20 @@ +{ + "description": "No connection pools found for Postgres database", + "rationale": "When you use PostgreSQL without a connection pool, each client request creates a new connection to the database. This can lead to a high number of connections, which can cause performance issues and slow down your application. Connection pooling can help mitigate these issues by reusing existing connections instead of creating new ones for each request", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.connection_pools", + "equal", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "pg" + ] + ], + "id_suffix": "connection_pools" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json b/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json new file mode 100644 index 000000000..c862f5d27 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json @@ -0,0 +1,20 @@ +{ + "description": "Eviction policy for Redis database cluster not set to 'allkeys-lru'", + "rationale": "When Redis is used as a cache, it is often convenient to let it automatically evict old data as you add new data. Redis provides several eviction policies to choose from, including allkeys-lru, allkeys-lfu, volatile-lru, volatile-lfu, allkeys-random, volatile-random, and volatile-ttl 1. If you do not set an eviction policy, Redis will use the noeviction policy by default. This means that Redis will not evict any keys when the memory limit is reached, and any new values will not be saved 1. If you do not set an eviction policy and Redis runs out of memory, it will start to return errors for commands that could result in more memory being used 1. In general, it is recommended to use the allkeys-lru policy when you expect a power-law distribution in the popularity of your requests. That is, you expect a subset of elements will be accessed far more often than the rest", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.eviction_policy", + "notEqual", + "allkeys-lru" + ], + [ + "database.databases.id.engine", + "equal", + "redis" + ] + ], + "id_suffix": "eviction_policy" +} diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json new file mode 100644 index 000000000..a491c5164 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json @@ -0,0 +1,15 @@ +{ + "description": "Droplets with all ports exposed to public", + "rationale": "Droplets should expose only required/intented ports to public internet", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.all_ports_exposed", + "equal", + "True" + ] + ], + "id_suffix": "all_ports_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json new file mode 100644 index 000000000..0ba65c386 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets with auto backups disabled", + "rationale": "Droplet backups feature should be enabled for disaster recovery.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.next_backup_window", + "null", + "" + ] + ], + "id_suffix": "next_backup_window" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json new file mode 100644 index 000000000..3ee3f6868 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets having no backups present", + "rationale": "Droplets should have atleast 1 backup present for disaster recovery.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.backup_ids", + "equal", + "[]" + ] + ], + "id_suffix": "backup_ids" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json new file mode 100644 index 000000000..e8f1937c7 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets with no firewall attached", + "rationale": "Droplet should have a firewall atatched for enabling secure network configuration", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.firewalls", + "null", + "" + ] + ], + "id_suffix": "firewalls" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json new file mode 100644 index 000000000..cc9d7a86a --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json @@ -0,0 +1,15 @@ +{ + "description": "Droplets with port 22 exposed to public", + "rationale": "Droplets should have port 22 restricted to trusted networks", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.port_22_exposed", + "equal", + "True" + ] + ], + "id_suffix": "port_22_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json b/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json new file mode 100644 index 000000000..9a8a42487 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json @@ -0,0 +1,15 @@ +{ + "description": "Domain has a high TTL record", + "rationale": "Long TTLs delay the propagation of changes. For instance, if you update an IP address or switch services, clients will continue using old cached data until the TTL expires", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.highttl_records", + "notEqual", + "False" + ] + ], + "id_suffix": "highttl_records" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json new file mode 100644 index 000000000..d9c64dd38 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing DKIM record", + "rationale": "DKIM helps prevent email spoofing by adding cryptographic signatures to your outgoing emails", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.dkim_record", + "equal", + "False" + ] + ], + "id_suffix": "dkim_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json new file mode 100644 index 000000000..350d18a28 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing DMARC record", + "rationale": "A DMARC policy tells a receiving email server what to do after checking a domain's Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records, which are additional email authentication methods. Addtionally without DMARC, you won't be able receive reports about legitimate and unauthorized emails sent on behalf of your domain", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.dmarc_record", + "equal", + "False" + ] + ], + "id_suffix": "dmarc_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json new file mode 100644 index 000000000..d4f540b0b --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing SPF record", + "rationale": "Without an SPF record, attackers can spoof your domain by sending emails that appear to originate from your legitimate domain", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.spf_record", + "equal", + "False" + ] + ], + "id_suffix": "spf_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json b/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json new file mode 100644 index 000000000..2b997e1aa --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json @@ -0,0 +1,15 @@ +{ + "description": "Domain has a overly permissive SPF record", + "rationale": "Overly permissive SPF record allows the anyone to send emails on your domain's behalf", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.spf_record_all", + "notEqual", + "False" + ] + ], + "id_suffix": "spf_record_all" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json b/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json new file mode 100644 index 000000000..fc037a57d --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json @@ -0,0 +1,15 @@ +{ + "description": "Firewalls with publically exposed ports", + "rationale": "Firewalls should not expose sensitive exposed to public internet.", + "dashboard_name": "Networking", + "path": "networking.firewalls.id", + "conditions": [ + "and", + [ + "networking.firewalls.id.public_ports_enabled", + "equal", + "True" + ] + ], + "id_suffix": "public_ports_enabled" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json b/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json new file mode 100644 index 000000000..3087e3a14 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json @@ -0,0 +1,15 @@ +{ + "description": "Firewalls with quad zero configuration", + "rationale": "Firewalls with quad zero configuration expose all ports to public internet", + "dashboard_name": "Networking", + "path": "networking.firewalls.id", + "conditions": [ + "and", + [ + "networking.firewalls.id.all_ports_exposed", + "equal", + "True" + ] + ], + "id_suffix": "all_ports_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json new file mode 100644 index 000000000..c32919003 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json @@ -0,0 +1,15 @@ +{ + "description": "Load Balancer with backend Keepalive disabled", + "rationale": "Consider enabling Keep-Alive to improve performance, reduce latency and load", + "dashboard_name": "Networking", + "path": "networking.load_balancers.id", + "conditions": [ + "and", + [ + "networking.load_balancers.id.enable_backend_keepalive", + "equal", + "False" + ] + ], + "id_suffix": "enable_backend_keepalive" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json new file mode 100644 index 000000000..8473227c7 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json @@ -0,0 +1,15 @@ +{ + "description": "Load Balancer with SSL redirects disabled", + "rationale": "SSL redirects should be enabled to enforce https connection", + "dashboard_name": "Networking", + "path": "networking.load_balancers.id", + "conditions": [ + "and", + [ + "networking.load_balancers.id.redirect_http_to_https", + "equal", + "False" + ] + ], + "id_suffix": "redirect_http_to_https" +} diff --git a/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json new file mode 100644 index 000000000..500a641b2 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json @@ -0,0 +1,17 @@ +{ + "description": "Bucket with public read access", + "rationale": "Buckets with sensitive data must be private only.", + "dashboard_name": "Spaces", + "path": "spaces.buckets.id", + "conditions": [ + "and", + [ + "spaces.buckets.id.public_read", + "equal", + "True" + ] + ], + "id_suffix": "public_read" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json new file mode 100644 index 000000000..ed3005fd9 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json @@ -0,0 +1,17 @@ +{ + "description": "Bucket with public write access", + "rationale": "Buckets with sensitive data must be private only.", + "dashboard_name": "Spaces", + "path": "spaces.buckets.id", + "conditions": [ + "and", + [ + "spaces.buckets.id.public_write", + "equal", + "true" + ] + ], + "id_suffix": "public_write" +} + + diff --git a/ScoutSuite/providers/do/rules/rulesets/default.json b/ScoutSuite/providers/do/rules/rulesets/default.json new file mode 100644 index 000000000..02d471e4a --- /dev/null +++ b/ScoutSuite/providers/do/rules/rulesets/default.json @@ -0,0 +1,119 @@ +{ + "about": "Default ruleset for DigitalOcean.", + "rules": { + "droplet-droplets-backup-not-enabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "droplet-droplets-backup-not-present.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-firewall-not-attached.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "droplet-droplets-port-22-exposed.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-all-ports-exposed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "spaces-buckets-public-read.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-firewalls-public-ports.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-firewalls-quad-zero.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-load-balancer-ssl-redirect-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-load-balancer-backend-keepalive-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-missing-spf.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-domains-missing-dkim.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-missing-dmarc.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-spf-overly-permissive.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-domains-high-ttl.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "database-databases-mysql-publically-exposed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "database-databases-mysql-user-legacy-encryption.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "database-databases-redis-evicition-policy.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "database-databases-postgres-connection-pools.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} diff --git a/ScoutSuite/providers/do/rules/rulesets/filters.json b/ScoutSuite/providers/do/rules/rulesets/filters.json new file mode 100644 index 000000000..d6a73a987 --- /dev/null +++ b/ScoutSuite/providers/do/rules/rulesets/filters.json @@ -0,0 +1,4 @@ +{ + "about": "Default set of filters for Scout", + "rules": {} +} diff --git a/ScoutSuite/providers/do/services.py b/ScoutSuite/providers/do/services.py new file mode 100644 index 000000000..d3523e4cf --- /dev/null +++ b/ScoutSuite/providers/do/services.py @@ -0,0 +1,23 @@ +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.do.resources.droplet.base import Droplets +from ScoutSuite.providers.do.resources.spaces.base import Spaces +from ScoutSuite.providers.do.resources.networking.base import Networking +from ScoutSuite.providers.do.resources.database.base import Databases +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.base.services import BaseServicesConfig + + +class DigitalOceanServicesConfig(BaseServicesConfig): + def __init__(self, credentials: DoCredentials = None, **kwargs): + super().__init__(credentials) + + facade = DoFacade(credentials) + + self.droplet = Droplets(facade) + self.networking = Networking(facade) + self.database = Databases(facade) + if self.credentials.session: + self.spaces = Spaces(facade) + + def _is_provider(self, provider_name): + return provider_name == "do" diff --git a/ScoutSuite/providers/do/utils.py b/ScoutSuite/providers/do/utils.py new file mode 100644 index 000000000..c08c8becb --- /dev/null +++ b/ScoutSuite/providers/do/utils.py @@ -0,0 +1,23 @@ +import boto3 +from ScoutSuite.core.console import print_exception, print_debug, print_warning + + +def get_client(service: str, session: boto3.session.Session, region: str = None): + """ + Instantiates an DO Spaces API client + + """ + + try: + return ( + session.client( + service, + region_name=region, + endpoint_url="https://" + region + ".digitaloceanspaces.com", + ) + if region + else session.client(service) + ) + except Exception as e: + print_exception(f"Failed to create client for the {service} service: {e}") + return None diff --git a/requirements.txt b/requirements.txt index 7f53a4dfc..3e95690bc 100755 --- a/requirements.txt +++ b/requirements.txt @@ -65,4 +65,10 @@ oss2>=2.8.0 oci>=2.2.4 # Kubernetes SDK -kubernetes \ No newline at end of file +kubernetes + +# DigitalOcean Cloud Provider +pydo >=0.2.0 + +#zone file parser for DigitalOcean domains service +zonefile_parser >=0.1.14 \ No newline at end of file diff --git a/tools/process_raw_response.py b/tools/process_raw_response.py index eec1a5c51..c2044f69d 100755 --- a/tools/process_raw_response.py +++ b/tools/process_raw_response.py @@ -52,7 +52,7 @@ def camel_to_snake(name, upper=False): parser.add_argument('-v', '--value', required=True, help="The raw response") args = parser.parse_args() - if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'kubernetes']: + if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'do', 'kubernetes']: # TODO support more providers print('Provider not implemented') exit() @@ -79,6 +79,9 @@ def camel_to_snake(name, upper=False): elif args.provider == 'oci': object_format = 'raw_{}.{}' object_value_dict = json.loads(args.value) + elif args.provider == 'do': + object_format = 'raw_{}.{}' + object_value_dict = json.loads(args.value) elif args.provider == 'kubernetes': object_format = 'raw_{}.{}' object_value_dict = json.loads(args.value) From 63b1b4036d16e29e708bd8ac705c1ca572a48e0b Mon Sep 17 00:00:00 2001 From: Asif Wani Date: Fri, 9 Feb 2024 20:32:50 +0530 Subject: [PATCH 961/979] added-pagination-support --- ScoutSuite/providers/do/facade/droplet.py | 18 ++++++++---- ScoutSuite/providers/do/facade/networking.py | 27 +++++++++++------ ScoutSuite/providers/do/facade/utils.py | 31 ++++++++++++++++++++ 3 files changed, 62 insertions(+), 14 deletions(-) create mode 100644 ScoutSuite/providers/do/facade/utils.py diff --git a/ScoutSuite/providers/do/facade/droplet.py b/ScoutSuite/providers/do/facade/droplet.py index 03b47049f..32944a7db 100644 --- a/ScoutSuite/providers/do/facade/droplet.py +++ b/ScoutSuite/providers/do/facade/droplet.py @@ -1,27 +1,35 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.do.authentication_strategy import DoCredentials from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.providers.do.facade.utils import DOFacadeUtils class DropletFacade: def __init__(self, credentials: DoCredentials): self._credentials = credentials self._client = credentials.client + self.current_page = 1 + self.per_page = 50 async def get_droplets(self): try: - droplets = await run_concurrently( - lambda: self._client.droplets.list()["droplets"] + droplets = await DOFacadeUtils.get_all_from_pagination( + self._client.droplets.list, self.current_page, self.per_page, "droplets" ) - return droplets + return droplets["droplets"] except Exception as e: print_exception(f"Failed to get droplets: {e}") return [] async def get_droplet_fwconfig(self, id): try: - droplet_fwconfig = await run_concurrently( - lambda: self._client.droplets.list_firewalls(id) + filters = {"droplet_id": id} + droplet_fwconfig = await DOFacadeUtils.get_all_from_pagination( + self._client.droplets.list_firewalls, + self.current_page, + self.per_page, + "firewalls", + filters, ) return droplet_fwconfig except Exception as e: diff --git a/ScoutSuite/providers/do/facade/networking.py b/ScoutSuite/providers/do/facade/networking.py index fc5e2ae83..1b5b760b6 100644 --- a/ScoutSuite/providers/do/facade/networking.py +++ b/ScoutSuite/providers/do/facade/networking.py @@ -1,5 +1,6 @@ from ScoutSuite.core.console import print_exception from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.do.facade.utils import DOFacadeUtils from ScoutSuite.providers.utils import run_concurrently @@ -7,33 +8,41 @@ class Networkingfacade: def __init__(self, credentials: DoCredentials): self._credentials = credentials self._client = credentials.client + self.current_page = 1 + self.per_page = 50 async def get_firewalls(self): try: - firewalls = await run_concurrently( - lambda: self._client.firewalls.list()["firewalls"] + firewalls = await DOFacadeUtils.get_all_from_pagination( + self._client.firewalls.list, + self.current_page, + self.per_page, + "firewalls", ) - return firewalls + return firewalls["firewalls"] except Exception as e: print_exception(f"Failed to get firewalls: {e}") return [] async def get_domains(self): try: - domains = await run_concurrently( - lambda: self._client.domains.list()["domains"] + domains = await DOFacadeUtils.get_all_from_pagination( + self._client.domains.list, self.current_page, self.per_page, "domains" ) - return domains + return domains["domains"] except Exception as e: print_exception(f"Failed to get domains: {e}") return [] async def get_load_balancers(self): try: - load_balancers = await run_concurrently( - lambda: self._client.load_balancers.list()["load_balancers"] + load_balancers = await DOFacadeUtils.get_all_from_pagination( + self._client.load_balancers.list, + self.current_page, + self.per_page, + "load_balancers", ) - return load_balancers + return load_balancers["load_balancers"] except Exception as e: print_exception(f"Failed to get load balancers: {e}") return [] diff --git a/ScoutSuite/providers/do/facade/utils.py b/ScoutSuite/providers/do/facade/utils.py new file mode 100644 index 000000000..b377bc7a7 --- /dev/null +++ b/ScoutSuite/providers/do/facade/utils.py @@ -0,0 +1,31 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class DOFacadeUtils: + + @staticmethod + async def get_all_from_pagination( + list_client, current_page, per_page, object_name, filters=None + ): + final_output = {} + next_page = True + while next_page: + if filters: + resp = await run_concurrently( + lambda: list_client(**filters, per_page=per_page, page=current_page) + ) + else: + resp = await run_concurrently( + lambda: list_client(per_page=per_page, page=current_page) + ) + if object_name in final_output.keys(): + final_output[object_name].extend(resp[object_name]) + else: + final_output[object_name] = resp[object_name] + + pages = resp.get("links").get("pages", {}) + next_page = "next" in pages.keys() + current_page += 1 + return final_output From f7350ba2b40d88b7a26533153d34f18c0f9034f4 Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Mon, 8 Jan 2024 17:09:32 +0100 Subject: [PATCH 962/979] Fixes 'Key Vault Not Recoverable' check ScoutSuite previously did not flag key vaults for which the API returned enable_soft_delete = null. Such key vaults have neither soft-delete nor purge protecton enabled and are also not recoverable. The check would only flag key vaults for which enable_soft_delete = false. --- ScoutSuite/providers/azure/resources/keyvault/vaults.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py index 4d5005898..e4be072ca 100755 --- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py +++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py @@ -30,7 +30,7 @@ def _parse_key_vault(self, raw_vault): vault['resource_group_name'] = get_resource_group_name(raw_vault.id) vault['properties'] = raw_vault.properties vault[ - 'recovery_protection_enabled'] = raw_vault.properties.enable_soft_delete and \ + 'recovery_protection_enabled'] = bool(raw_vault.properties.enable_soft_delete) and \ bool(raw_vault.properties.enable_purge_protection) vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault) vault['rbac_authorization_enabled'] = raw_vault.properties.enable_rbac_authorization From 137228e3030288c51be891bfc16e9ff53108e9e7 Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Tue, 9 Jan 2024 10:31:20 +0100 Subject: [PATCH 963/979] Fixes 'Key Vault Role Based Access Control Disabled' check ScoutSuite failed to flag key vaults where the enable_rbac_authorization field was set to null. Through manual configuration in the Azure portal I confirmed that RBAC Access Control is disabled if this field is set to null. --- ScoutSuite/providers/azure/resources/keyvault/vaults.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/resources/keyvault/vaults.py b/ScoutSuite/providers/azure/resources/keyvault/vaults.py index 4d5005898..8e030bdb8 100755 --- a/ScoutSuite/providers/azure/resources/keyvault/vaults.py +++ b/ScoutSuite/providers/azure/resources/keyvault/vaults.py @@ -33,7 +33,7 @@ def _parse_key_vault(self, raw_vault): 'recovery_protection_enabled'] = raw_vault.properties.enable_soft_delete and \ bool(raw_vault.properties.enable_purge_protection) vault['public_access_allowed'] = self._is_public_access_allowed(raw_vault) - vault['rbac_authorization_enabled'] = raw_vault.properties.enable_rbac_authorization + vault['rbac_authorization_enabled'] = bool(raw_vault.properties.enable_rbac_authorization) return vault['id'], vault def _is_public_access_allowed(self, raw_vault): From e011d48e9b46d50dc974790a49a44d30fce40a48 Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Tue, 9 Jan 2024 14:42:21 +0100 Subject: [PATCH 964/979] Corrected display name for 'Blob Containers Allowing Public Access' The test scans Blob Containers, not Storage Accounts. There is a 1:n relationship between Storage Accounts and Blob Containers. --- .../rules/findings/storageaccount-public-blob-container.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json index ab3e6bd5b..e40ede450 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-public-blob-container.json @@ -18,7 +18,7 @@ "https://learn.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources", "https://learn.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-privileged-access" ], - "dashboard_name": "Storage Accounts", + "dashboard_name": "Blob Containers", "display_path": "storageaccounts.subscriptions.id.storage_accounts.id", "path": "storageaccounts.subscriptions.id.storage_accounts.id.blob_containers.id", "conditions": [ From 22c5bf6344f34791432c294115e7f483f0400c98 Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Wed, 10 Jan 2024 17:42:30 +0100 Subject: [PATCH 965/979] Improves 'Access Keys Not Rotated' check - Updates azure-mgmt-storage to 17.0.0 - Only consider storage accounts that allow access key access for the check - Display the access key status in the results --- ...nts.subscriptions.id.storage_accounts.html | 1 + .../storageaccounts/storage_accounts.py | 2 ++ ...torageaccount-access-keys-not-rotated.json | 24 ++++++++++++------- requirements.txt | 2 +- 4 files changed, 20 insertions(+), 9 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html index 4d1352845..d39754fa7 100755 --- a/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html +++ b/ScoutSuite/output/data/html/partials/azure/services.storageaccounts.subscriptions.id.storage_accounts.html @@ -10,6 +10,7 @@

    Information

    Public Traffic: {{convert_bool_to_enabled public_traffic_allowed }}
    HTTPS Required: {{convert_bool_to_enabled https_traffic_enabled}}
    Microsoft Trusted Services: {{convert_bool_to_enabled trusted_microsoft_services_enabled }}
    +
    Access Key Usage: {{convert_bool_to_enabled shared_key_access_allowed}}
    Last Access Key Rotation: {{#if access_keys_last_rotation_date }} diff --git a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py index 83812511c..855c535df 100755 --- a/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py +++ b/ScoutSuite/providers/azure/resources/storageaccounts/storage_accounts.py @@ -45,6 +45,8 @@ def _parse_storage_account(self, raw_storage_account): storage_account['trusted_microsoft_services_enabled'] = \ self._is_trusted_microsoft_services_enabled(raw_storage_account) storage_account['bypass'] = raw_storage_account.network_rule_set.bypass + # The default value (null) is equivalent to True + storage_account['shared_key_access_allowed'] = raw_storage_account.allow_shared_key_access != False storage_account['access_keys_last_rotation_date'] = \ self._parse_access_keys_last_rotation_date(raw_storage_account.activity_logs) storage_account['encryption_key_source'] = raw_storage_account.encryption.key_source diff --git a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json index da580f77e..c35755525 100755 --- a/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json +++ b/ScoutSuite/providers/azure/rules/findings/storageaccount-access-keys-not-rotated.json @@ -21,18 +21,26 @@ "dashboard_name": "Storage Accounts", "path": "storageaccounts.subscriptions.id.storage_accounts.id", "conditions": [ - "or", + "and", [ - "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date", - "equal", - "None" + "storageaccounts.subscriptions.id.storage_accounts.id.shared_key_access_allowed", + "true", + "" ], [ - "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date", - "olderThan", + "or", [ - "_ARG_0_", - "days" + "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date", + "equal", + "None" + ], + [ + "storageaccounts.subscriptions.id.storage_accounts.id.access_keys_last_rotation_date", + "olderThan", + [ + "_ARG_0_", + "days" + ] ] ] ], diff --git a/requirements.txt b/requirements.txt index 7f53a4dfc..691eb6fc0 100755 --- a/requirements.txt +++ b/requirements.txt @@ -35,7 +35,7 @@ azure-identity==1.5.0 ## for resources azure-mgmt-resource==15.0.0 -azure-mgmt-storage==16.0.0 +azure-mgmt-storage==17.0.0 azure-mgmt-monitor==2.0.0 azure-mgmt-sql==1.0.0 azure-mgmt-security==1.0.0 From d7485d2d0e1123272132362ac954727fbb8a3840 Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Mon, 4 Mar 2024 15:09:23 -0800 Subject: [PATCH 966/979] AWS EBS default encryption: fixed display problems. Apparently ScoutSuite makes the implicit assumption that all settings are associated with resources, rather than directly to the region + service. So we move the regional EBS settings into a fake resource. This means that paths now need to include an ID for the "resource". --- .../aws/services.ec2.regions.id.regional_settings.html | 7 ++----- .../providers/aws/resources/ec2/regional_settings.py | 8 ++++++-- .../findings/ec2_ebs_default_encryption_disabled.json | 7 ++++--- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html index b4eec1f69..86b0f687d 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html @@ -4,13 +4,10 @@

    {{region}}

    - - -

    Regional settings

      -
    • Encryption enabled for EBS Volumes by default: {{getValueAt 'services.ec2.regions' region 'regional_settings.ebs_encryption_default'}}
      • -
    • Default encryption key: {{getValueAt 'services.ec2.regions' region 'regional_settings.ebs_default_encryption_key_id'}}
      • +
    • Encryption enabled for EBS Volumes by default: {{ebs_encryption_default}}
      • +
    • Default encryption key: {{ebs_default_encryption_key_id}}
    diff --git a/ScoutSuite/providers/aws/resources/ec2/regional_settings.py b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py index 6aae176fb..73ac10b62 100644 --- a/ScoutSuite/providers/aws/resources/ec2/regional_settings.py +++ b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py @@ -12,5 +12,9 @@ def __init__(self, facade: AWSFacade, region: str): self.resource_type = 'regional_setting' async def fetch_all(self): - self['ebs_encryption_default'] = await self.facade.ec2.get_ebs_encryption(self.region) - self['ebs_default_encryption_key_id'] = await self.facade.ec2.get_ebs_default_encryption_key(self.region) + # These settings are associated directly with the service+region, not with any resource. + # However, ScoutSuite seems to assume that every setting is tied to a resource so we make + # up a fake resource to hold them. + self[0] = {} + self[0]['ebs_encryption_default'] = await self.facade.ec2.get_ebs_encryption(self.region) + self[0]['ebs_default_encryption_key_id'] = await self.facade.ec2.get_ebs_default_encryption_key(self.region) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json b/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json index cc623520f..a37acef3f 100644 --- a/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json @@ -6,13 +6,14 @@ "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default" ], "dashboard_name": "Regions", - "path": "ec2.regions.id.regional_settings.ebs_encryption_default", + "path": "ec2.regions.id.regional_settings.id", "conditions": [ "and", [ - "ec2.regions.id.regional_settings.ebs_encryption_default", + "ebs_encryption_default", "false", "" ] - ] + ], + "id_suffix": "NoDefaultEBSEncryption" } \ No newline at end of file From f90bcd04d96a1f4db4394049693b38e2c0ac3c13 Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Mon, 4 Mar 2024 16:12:17 -0800 Subject: [PATCH 967/979] AWS EBS default encryption: renamed files for consistency. --- ...n_disabled.json => ec2-ebs-default-encryption-disabled.json} | 0 ScoutSuite/providers/aws/rules/rulesets/default.json | 2 +- ScoutSuite/providers/aws/rules/rulesets/detailed.json | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) rename ScoutSuite/providers/aws/rules/findings/{ec2_ebs_default_encryption_disabled.json => ec2-ebs-default-encryption-disabled.json} (100%) diff --git a/ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-default-encryption-disabled.json similarity index 100% rename from ScoutSuite/providers/aws/rules/findings/ec2_ebs_default_encryption_disabled.json rename to ScoutSuite/providers/aws/rules/findings/ec2-ebs-default-encryption-disabled.json diff --git a/ScoutSuite/providers/aws/rules/rulesets/default.json b/ScoutSuite/providers/aws/rules/rulesets/default.json index 255c08138..61dfeb5d7 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/default.json +++ b/ScoutSuite/providers/aws/rules/rulesets/default.json @@ -142,7 +142,7 @@ "level": "danger" } ], - "ec2_ebs_default_encryption_disabled.json": [ + "ec2-ebs-default-encryption-disabled.json": [ { "enabled": true, "level": "warning" diff --git a/ScoutSuite/providers/aws/rules/rulesets/detailed.json b/ScoutSuite/providers/aws/rules/rulesets/detailed.json index 004b7a5f6..38d6f366f 100755 --- a/ScoutSuite/providers/aws/rules/rulesets/detailed.json +++ b/ScoutSuite/providers/aws/rules/rulesets/detailed.json @@ -142,7 +142,7 @@ "level": "danger" } ], - "ec2_ebs_default_encryption_disabled.json": [ + "ec2-ebs-default-encryption-disabled.json": [ { "enabled": true, "level": "warning" From 01de9d0f1146f130cd27425345676f41658a093f Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Mon, 4 Mar 2024 16:13:03 -0800 Subject: [PATCH 968/979] AWS EBS default encryption: added tests. --- .../ec2-ebs-default-encryption-disabled.json | 1 + tests/data/rule-configs/ec2.json | 30 +++++++++++++++++++ .../ec2-ebs-default-encryption-disabled.json | 5 ++++ 3 files changed, 36 insertions(+) create mode 120000 tests/data/rule-configs/ec2-ebs-default-encryption-disabled.json create mode 100644 tests/data/rule-results/ec2-ebs-default-encryption-disabled.json diff --git a/tests/data/rule-configs/ec2-ebs-default-encryption-disabled.json b/tests/data/rule-configs/ec2-ebs-default-encryption-disabled.json new file mode 120000 index 000000000..667f7b250 --- /dev/null +++ b/tests/data/rule-configs/ec2-ebs-default-encryption-disabled.json @@ -0,0 +1 @@ +ec2.json \ No newline at end of file diff --git a/tests/data/rule-configs/ec2.json b/tests/data/rule-configs/ec2.json index 79e7173b2..ac8d2a3df 100755 --- a/tests/data/rule-configs/ec2.json +++ b/tests/data/rule-configs/ec2.json @@ -7,6 +7,12 @@ "ap-northeast-2": { "instances_count": 0, "region": "ap-northeast-2", + "regional_settings": { + "0": { + "ebs_default_encryption_key_id": "alias/aws/ebs", + "ebs_encryption_default": false + } + }, "security_groups_count": 1, "snapshots": {}, "snapshots_count": 0, @@ -59,6 +65,12 @@ "ap-south-1": { "instances_count": 0, "region": "ap-south-1", + "regional_settings": { + "0": { + "ebs_default_encryption_key_id": "alias/aws/ebs", + "ebs_encryption_default": false + } + }, "security_groups_count": 1, "snapshots": {}, "snapshots_count": 0, @@ -108,6 +120,12 @@ "eu-central-1": { "instances_count": 0, "region": "eu-central-1", + "regional_settings": { + "0": { + "ebs_default_encryption_key_id": "alias/aws/ebs", + "ebs_encryption_default": false + } + }, "security_groups_count": 1, "snapshots": {}, "snapshots_count": 0, @@ -146,6 +164,12 @@ "eu-west-1": { "instances_count": 35, "region": "eu-west-1", + "regional_settings": { + "0": { + "ebs_default_encryption_key_id": "arn:aws:kms:us-east-1:123456789012:key/12345678-90ab-cdef-1234-567890abcdef", + "ebs_encryption_default": true + } + }, "security_groups_count": 30, "vpcs": { "vpc-eu111111": { @@ -248,6 +272,12 @@ "sa-east-1": { "instances_count": 0, "region": "sa-east-1", + "regional_settings": { + "0": { + "ebs_default_encryption_key_id": "arn:aws:kms:us-east-1:123456789012:key/12345678-90ab-cdef-1234-567890abcdef", + "ebs_encryption_default": true + } + }, "security_groups_count": 1, "snapshots": {}, "snapshots_count": 0, diff --git a/tests/data/rule-results/ec2-ebs-default-encryption-disabled.json b/tests/data/rule-results/ec2-ebs-default-encryption-disabled.json new file mode 100644 index 000000000..9192b13d5 --- /dev/null +++ b/tests/data/rule-results/ec2-ebs-default-encryption-disabled.json @@ -0,0 +1,5 @@ +[ + "ec2.regions.ap-northeast-2.regional_settings.0.NoDefaultEBSEncryption", + "ec2.regions.ap-south-1.regional_settings.0.NoDefaultEBSEncryption", + "ec2.regions.eu-central-1.regional_settings.0.NoDefaultEBSEncryption" +] From d640d66d5d10a5a49cf79497ce8535de4b48f3f5 Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Tue, 5 Mar 2024 09:40:14 -0800 Subject: [PATCH 969/979] AWS EBS default encryption: enabled the single region template. --- .../aws/services.ec2.regions.id.regional_settings.html | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html index 86b0f687d..93e039e81 100644 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.regional_settings.html @@ -16,12 +16,11 @@

    Regional settings

    Handlebars.registerPartial("services.ec2.regions.id.regional_settings", $("#services\\.ec2\\.regions\\.id\\.regional_settings\\.partial").html()); - - + - --> + From 68e919900cbf29673ed8a187e68c82bffced1660 Mon Sep 17 00:00:00 2001 From: Rennie deGraaf Date: Tue, 5 Mar 2024 09:41:24 -0800 Subject: [PATCH 970/979] AWS EBS default encryption: moved parsing logic out of the facade. --- ScoutSuite/providers/aws/facade/ec2.py | 4 ++-- ScoutSuite/providers/aws/resources/ec2/regional_settings.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ScoutSuite/providers/aws/facade/ec2.py b/ScoutSuite/providers/aws/facade/ec2.py index 2557d3573..cca940c6a 100755 --- a/ScoutSuite/providers/aws/facade/ec2.py +++ b/ScoutSuite/providers/aws/facade/ec2.py @@ -223,7 +223,7 @@ async def get_route_tables(self, region): async def get_ebs_encryption(self, region): ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region) try: - encryption_settings = await run_concurrently(lambda: ec2_client.get_ebs_encryption_by_default()['EbsEncryptionByDefault']) + encryption_settings = await run_concurrently(lambda: ec2_client.get_ebs_encryption_by_default()) return encryption_settings except Exception as e: print_exception(f'Failed to retrieve EBS encryption settings: {e}') @@ -231,7 +231,7 @@ async def get_ebs_encryption(self, region): async def get_ebs_default_encryption_key(self, region): ec2_client = AWSFacadeUtils.get_client('ec2', self.session, region) try: - encryption_key = await run_concurrently(lambda: ec2_client.get_ebs_default_kms_key_id()['KmsKeyId']) + encryption_key = await run_concurrently(lambda: ec2_client.get_ebs_default_kms_key_id()) return encryption_key except Exception as e: print_exception(f'Failed to retrieve EBS encryption key ID: {e}') diff --git a/ScoutSuite/providers/aws/resources/ec2/regional_settings.py b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py index 73ac10b62..3e00cb40e 100644 --- a/ScoutSuite/providers/aws/resources/ec2/regional_settings.py +++ b/ScoutSuite/providers/aws/resources/ec2/regional_settings.py @@ -16,5 +16,5 @@ async def fetch_all(self): # However, ScoutSuite seems to assume that every setting is tied to a resource so we make # up a fake resource to hold them. self[0] = {} - self[0]['ebs_encryption_default'] = await self.facade.ec2.get_ebs_encryption(self.region) - self[0]['ebs_default_encryption_key_id'] = await self.facade.ec2.get_ebs_default_encryption_key(self.region) + self[0]['ebs_encryption_default'] = (await self.facade.ec2.get_ebs_encryption(self.region))['EbsEncryptionByDefault'] + self[0]['ebs_default_encryption_key_id'] = (await self.facade.ec2.get_ebs_default_encryption_key(self.region))['KmsKeyId'] From e500930dd1faf742735aaffbf48ca3a907cf4b0c Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Fri, 12 Apr 2024 14:16:29 +0200 Subject: [PATCH 971/979] Updates credential report to not highlight inactive credentials --- .../aws/services.iam.credential_reports.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html index 2a33dc8ed..0d49c3bce 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html +++ b/ScoutSuite/output/data/html/partials/aws/services.iam.credential_reports.html @@ -8,16 +8,16 @@

    {{name}}

    Credentials Report

    Creation Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'user_creation_time')}}
    Last Used Date: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'last_used')}}
    -
    Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
    -
    Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
    +
    Password Enabled: {{getValueAt 'services' 'iam' 'credential_reports' @key 'password_enabled'}}
    +
    Password Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_used')}}
    Password Last Changed: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'password_last_changed')}}
    MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active'}}
    Hardware MFA Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'mfa_active_hardware'}}
    -
    Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
    -
    Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
    +
    Access Key 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_active'}}
    +
    Access Key 1 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_used_date')}}
    Access Key 1 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_1_last_rotated')}}
    -
    Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
    -
    Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
    +
    Access Key 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_active'}}
    +
    Access Key 2 Last Used: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_used_date')}}
    Access Key 2 Last Rotated: {{ format_date (getValueAt 'services' 'iam' 'credential_reports' @key 'access_key_2_last_rotated')}}
    Signing Cert 1 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_1_active'}}
    Signing Cert 2 Active: {{getValueAt 'services' 'iam' 'credential_reports' @key 'cert_2_active'}}
    From 6bd204a589e2f7a825dc101b17430e4dd50c296f Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Tue, 16 Apr 2024 11:08:15 +0200 Subject: [PATCH 972/979] Improves iam-user-no-key-rotation rule --- .../providers/aws/rules/findings/iam-user-no-key-rotation.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json index e26c0cde0..984b7f317 100755 --- a/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json +++ b/ScoutSuite/providers/aws/rules/findings/iam-user-no-key-rotation.json @@ -1,5 +1,5 @@ { - "description": "Lack of Key Rotation for (_ARG_0_) Days", + "description": "Lack of Key Rotation for _ARG_1_ Days (Key Status: _ARG_0_)", "rationale": "In case of access key compromise, the lack of credential rotation increases the period during which an attacker has access to the AWS account.", "remediation": "Rotate access keys that have not been changed recently", "compliance": [ From 869919ce5c0973348686d779473527d80b71bc7b Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Wed, 17 Apr 2024 10:14:01 +0200 Subject: [PATCH 973/979] Adds highlighting for "EBS Volume Not Encrypted" detail view --- .../partials/aws/services.ec2.regions.id.volumes.html | 11 +++++++++-- .../rules/findings/ec2-ebs-volume-not-encrypted.json | 3 ++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html index c1e6a113c..4da0bf016 100755 --- a/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html +++ b/ScoutSuite/output/data/html/partials/aws/services.ec2.regions.id.volumes.html @@ -4,8 +4,15 @@

    {{name}}

    -

    Attributes

    - {{> generic_object this}} +

    Information

    +
    ID: {{value_or_none id}}
    +
    ARN: {{value_or_none arn}}
    +
    Name: {{value_or_none name}}
    +
    State: {{value_or_none State}}
    +
    Size: {{value_or_none Size}} GiB
    +
    Volume Type: {{value_or_none VolumeType}}
    +
    Create Time: {{value_or_none CreateTime}}
    +
    Encryption: {{convert_bool_to_enabled Encrypted}}
    diff --git a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json index f2c721730..224c49eb1 100755 --- a/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json +++ b/ScoutSuite/providers/aws/rules/findings/ec2-ebs-volume-not-encrypted.json @@ -13,5 +13,6 @@ "false", "" ] - ] + ], + "id_suffix": "encrypted" } From f06df79fe0934d8601a334cbd2017e266a624e54 Mon Sep 17 00:00:00 2001 From: ltoroncc Date: Tue, 7 May 2024 09:37:11 -0400 Subject: [PATCH 974/979] Digital Ocean Integration --- README.md | 1 + ScoutSuite/__main__.py | 17 ++ ScoutSuite/core/cli_parser.py | 32 +++ .../do/services.database.databases.html | 33 +++ .../do/services.droplet.droplets.html | 42 ++++ .../do/services.kubernetes.cluster.html | 26 +++ .../do/services.networking.domains.html | 27 +++ .../do/services.networking.firewalls.html | 35 +++ .../services.networking.load_balancers.html | 26 +++ .../partials/do/services.spaces.buckets.html | 27 +++ .../output/data/html/summaries/do/.gitkeep | 0 ScoutSuite/providers/__init__.py | 3 +- .../base/authentication_strategy_factory.py | 3 +- .../providers/do/authentication_strategy.py | 49 ++++ ScoutSuite/providers/do/facade/__init__.py | 0 ScoutSuite/providers/do/facade/base.py | 19 ++ ScoutSuite/providers/do/facade/database.py | 71 ++++++ ScoutSuite/providers/do/facade/droplet.py | 46 ++++ ScoutSuite/providers/do/facade/kubernetes.py | 21 ++ ScoutSuite/providers/do/facade/networking.py | 48 ++++ ScoutSuite/providers/do/facade/spaces.py | 212 ++++++++++++++++++ ScoutSuite/providers/do/facade/utils.py | 31 +++ ScoutSuite/providers/do/metadata.json | 60 +++++ ScoutSuite/providers/do/provider.py | 50 +++++ ScoutSuite/providers/do/resources/__init__.py | 0 ScoutSuite/providers/do/resources/base.py | 22 ++ .../do/resources/database/__init__.py | 0 .../providers/do/resources/database/base.py | 14 ++ .../do/resources/database/databases.py | 70 ++++++ .../do/resources/droplet/__init__.py | 0 .../providers/do/resources/droplet/base.py | 14 ++ .../do/resources/droplet/droplets.py | 91 ++++++++ .../do/resources/kubernetes/__init__.py | 0 .../providers/do/resources/kubernetes/base.py | 14 ++ .../do/resources/kubernetes/kubernetes.py | 25 +++ .../do/resources/networking/__init__.py | 0 .../providers/do/resources/networking/base.py | 20 ++ .../do/resources/networking/domains.py | 50 +++++ .../do/resources/networking/firewalls.py | 47 ++++ .../do/resources/networking/load_balancers.py | 30 +++ .../providers/do/resources/spaces/__init__.py | 0 .../providers/do/resources/spaces/base.py | 14 ++ .../providers/do/resources/spaces/buckets.py | 50 +++++ .../providers/do/rules/filters/.gitkeep | 0 ...se-databases-mysql-publically-exposed.json | 20 ++ ...atabases-mysql-user-legacy-encryption.json | 20 ++ ...e-databases-postgres-connection-pools.json | 20 ++ ...se-databases-postgres-trusted-sources.json | 15 ++ ...base-databases-redis-evicition-policy.json | 20 ++ .../droplet-droplets-all-ports-exposed.json | 15 ++ .../droplet-droplets-backup-not-enabled.json | 17 ++ .../droplet-droplets-backup-not-present.json | 17 ++ .../droplet-droplets-custom-image.json | 16 ++ .../droplet-droplets-features-monitoring.json | 16 ++ ...roplet-droplets-firewall-not-attached.json | 17 ++ .../droplet-droplets-port-22-exposed.json | 15 ++ ...droplet-droplets-snapshot-not-present.json | 17 ++ ...bernetes-kubernetes-autoupgrade-minor.json | 17 ++ .../kubernetes-kubernetes-ha-enabled.json | 17 ++ .../kubernetes-kubernetes-surge-upgrade.json | 17 ++ .../findings/networking-domains-high-ttl.json | 15 ++ .../networking-domains-missing-dkim.json | 15 ++ .../networking-domains-missing-dmarc.json | 15 ++ .../networking-domains-missing-spf.json | 15 ++ ...working-domains-spf-overly-permissive.json | 15 ++ .../networking-firewalls-public-ports.json | 15 ++ .../networking-firewalls-quad-zero.json | 15 ++ ...d-balancer-backend-keepalive-disabled.json | 15 ++ ...g-load-balancer-ssl-redirect-disabled.json | 15 ++ ...working-load-balancer-without-droplet.json | 15 ++ .../rules/findings/spaces-buckets-cors.json | 17 ++ .../findings/spaces-buckets-public-read.json | 17 ++ .../findings/spaces-buckets-public-write.json | 17 ++ .../providers/do/rules/rulesets/default.json | 167 ++++++++++++++ .../providers/do/rules/rulesets/filters.json | 4 + ScoutSuite/providers/do/services.py | 25 +++ ScoutSuite/providers/do/utils.py | 23 ++ requirements.txt | 5 +- tools/process_raw_response.py | 5 +- 79 files changed, 2042 insertions(+), 4 deletions(-) create mode 100644 ScoutSuite/output/data/html/partials/do/services.database.databases.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.domains.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html create mode 100644 ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html create mode 100644 ScoutSuite/output/data/html/summaries/do/.gitkeep create mode 100644 ScoutSuite/providers/do/authentication_strategy.py create mode 100644 ScoutSuite/providers/do/facade/__init__.py create mode 100644 ScoutSuite/providers/do/facade/base.py create mode 100644 ScoutSuite/providers/do/facade/database.py create mode 100644 ScoutSuite/providers/do/facade/droplet.py create mode 100644 ScoutSuite/providers/do/facade/kubernetes.py create mode 100644 ScoutSuite/providers/do/facade/networking.py create mode 100644 ScoutSuite/providers/do/facade/spaces.py create mode 100644 ScoutSuite/providers/do/facade/utils.py create mode 100644 ScoutSuite/providers/do/metadata.json create mode 100644 ScoutSuite/providers/do/provider.py create mode 100644 ScoutSuite/providers/do/resources/__init__.py create mode 100644 ScoutSuite/providers/do/resources/base.py create mode 100644 ScoutSuite/providers/do/resources/database/__init__.py create mode 100644 ScoutSuite/providers/do/resources/database/base.py create mode 100644 ScoutSuite/providers/do/resources/database/databases.py create mode 100644 ScoutSuite/providers/do/resources/droplet/__init__.py create mode 100644 ScoutSuite/providers/do/resources/droplet/base.py create mode 100644 ScoutSuite/providers/do/resources/droplet/droplets.py create mode 100644 ScoutSuite/providers/do/resources/kubernetes/__init__.py create mode 100644 ScoutSuite/providers/do/resources/kubernetes/base.py create mode 100644 ScoutSuite/providers/do/resources/kubernetes/kubernetes.py create mode 100644 ScoutSuite/providers/do/resources/networking/__init__.py create mode 100644 ScoutSuite/providers/do/resources/networking/base.py create mode 100644 ScoutSuite/providers/do/resources/networking/domains.py create mode 100644 ScoutSuite/providers/do/resources/networking/firewalls.py create mode 100644 ScoutSuite/providers/do/resources/networking/load_balancers.py create mode 100644 ScoutSuite/providers/do/resources/spaces/__init__.py create mode 100644 ScoutSuite/providers/do/resources/spaces/base.py create mode 100644 ScoutSuite/providers/do/resources/spaces/buckets.py create mode 100644 ScoutSuite/providers/do/rules/filters/.gitkeep create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-postgres-trusted-sources.json create mode 100644 ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-custom-image.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-features-monitoring.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json create mode 100644 ScoutSuite/providers/do/rules/findings/droplet-droplets-snapshot-not-present.json create mode 100644 ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-autoupgrade-minor.json create mode 100644 ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-ha-enabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-surge-upgrade.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json create mode 100644 ScoutSuite/providers/do/rules/findings/networking-load-balancer-without-droplet.json create mode 100644 ScoutSuite/providers/do/rules/findings/spaces-buckets-cors.json create mode 100644 ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json create mode 100644 ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json create mode 100644 ScoutSuite/providers/do/rules/rulesets/default.json create mode 100644 ScoutSuite/providers/do/rules/rulesets/filters.json create mode 100644 ScoutSuite/providers/do/services.py create mode 100644 ScoutSuite/providers/do/utils.py diff --git a/README.md b/README.md index 93a3d1763..4d5acb98a 100755 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ The following cloud providers are currently supported: - Alibaba Cloud (alpha) - Oracle Cloud Infrastructure (alpha) - Kubernetes clusters on a cloud provider (alpha) +- DigitalOcean Cloud (alpha) ## Installation diff --git a/ScoutSuite/__main__.py b/ScoutSuite/__main__.py index 24fe31300..292267097 100755 --- a/ScoutSuite/__main__.py +++ b/ScoutSuite/__main__.py @@ -61,6 +61,10 @@ def run_from_cli(): kubernetes_context=args.get('kubernetes_context'), kubernetes_persist_config=args.get('kubernetes_persist_config'), kubernetes_azure_subscription_id=args.get('kubernetes_azure_subscription_id'), + #DigitalOcean + token=args.get('token'), + access_key=args.get('access_key'), + access_secret=args.get('access_secret'), # General report_name=args.get('report_name'), report_dir=args.get('report_dir'), timestamp=args.get('timestamp'), @@ -113,6 +117,10 @@ def run(provider, kubernetes_context=None, kubernetes_persist_config=True, kubernetes_azure_subscription_id=None, + #DigitalOcean + token=None, + access_key=None, + access_secret=None, # General report_name=None, report_dir=None, timestamp=False, @@ -171,6 +179,10 @@ async def _run(provider, kubernetes_context, kubernetes_persist_config, kubernetes_azure_subscription_id, + #DigitalOcean + token, + access_key, + access_secret, # General report_name, report_dir, timestamp, @@ -221,6 +233,11 @@ async def _run(provider, access_key_id=access_key_id, access_key_secret=access_key_secret, + #DigitalOcean + token=token, + access_key=access_key, + access_secret=access_secret, + # Kubernetes kubernetes_cluster_provider=kubernetes_cluster_provider, kubernetes_config_file=kubernetes_config_file, diff --git a/ScoutSuite/core/cli_parser.py b/ScoutSuite/core/cli_parser.py index 9a2d72fc9..161dd417b 100755 --- a/ScoutSuite/core/cli_parser.py +++ b/ScoutSuite/core/cli_parser.py @@ -30,6 +30,7 @@ def __init__(self): self._init_aliyun_parser() self._init_oci_parser() self._init_kubernetes_parser() + self._init_do_parser() def _init_aws_parser(self): parser = self.subparsers.add_parser("aws", @@ -254,6 +255,32 @@ def _init_oci_parser(self): dest='profile', default=None, help='Name of the profile') + + def _init_do_parser(self): + do_parser = self.subparsers.add_parser("do", + parents=[self.common_providers_args_parser], + help="Run Scout against an DigitalOcean account") + + parser = do_parser.add_argument_group('Authentication parameters') + + parser.add_argument('-t', + '--token', + action='store', + default=None, + dest='token', + help='DO Token') + + parser.add_argument('--access_key', + action='store', + default=None, + dest='access_key', + help='Spaces Access Key ID') + parser.add_argument('--access_secret', + action='store', + default=None, + dest='access_secret', + help='Spaces Secret Access Key') + def _init_kubernetes_parser(self): kubernetes_parser = self.subparsers.add_parser("kubernetes", @@ -436,6 +463,11 @@ def parse_args(self, args=None): if v.get('subscription_ids') and v.get('all_subscriptions'): self.parser.error('--subscription-ids and --all-subscriptions are mutually exclusive options') + # DigitalOcean + if v.get('provider') == 'do': + if (v.get('access_key') or v.get('access_secret')) and not (v.get('access_key') and v.get('access_secret')): + self.parser.error('For DO Spaces service please provide both --access_key and --access_secret') + # Kubernetes elif v.get('provider') == 'kubernetes': cluster_provider = v.get('kubernetes_cluster_provider') diff --git a/ScoutSuite/output/data/html/partials/do/services.database.databases.html b/ScoutSuite/output/data/html/partials/do/services.database.databases.html new file mode 100644 index 000000000..c31b818b8 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.database.databases.html @@ -0,0 +1,33 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html b/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html new file mode 100644 index 000000000..b4987d0f9 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.droplet.droplets.html @@ -0,0 +1,42 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html b/ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html new file mode 100644 index 000000000..c22dbce8d --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.kubernetes.cluster.html @@ -0,0 +1,26 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.domains.html b/ScoutSuite/output/data/html/partials/do/services.networking.domains.html new file mode 100644 index 000000000..ed04717f7 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.domains.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html b/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html new file mode 100644 index 000000000..f0647f9a6 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.firewalls.html @@ -0,0 +1,35 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html b/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html new file mode 100644 index 000000000..afb2ba988 --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.networking.load_balancers.html @@ -0,0 +1,26 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html b/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html new file mode 100644 index 000000000..7b550677d --- /dev/null +++ b/ScoutSuite/output/data/html/partials/do/services.spaces.buckets.html @@ -0,0 +1,27 @@ + + + + + + + + \ No newline at end of file diff --git a/ScoutSuite/output/data/html/summaries/do/.gitkeep b/ScoutSuite/output/data/html/summaries/do/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/__init__.py b/ScoutSuite/providers/__init__.py index a00fe0a63..e92d522b6 100755 --- a/ScoutSuite/providers/__init__.py +++ b/ScoutSuite/providers/__init__.py @@ -3,7 +3,8 @@ 'azure': 'AzureProvider', 'aliyun': 'AliyunProvider', 'oci': 'OracleProvider', - 'kubernetes': 'KubernetesProvider'} + 'kubernetes': 'KubernetesProvider', + 'do': 'DigitalOceanProvider'} def get_provider_object(provider): diff --git a/ScoutSuite/providers/base/authentication_strategy_factory.py b/ScoutSuite/providers/base/authentication_strategy_factory.py index a6eee9bdf..6a55c8881 100755 --- a/ScoutSuite/providers/base/authentication_strategy_factory.py +++ b/ScoutSuite/providers/base/authentication_strategy_factory.py @@ -4,7 +4,8 @@ 'azure': 'AzureAuthenticationStrategy', 'aliyun': 'AliyunAuthenticationStrategy', 'oci': 'OracleAuthenticationStrategy', - 'kubernetes': 'KubernetesAuthenticationStrategy' + 'kubernetes': 'KubernetesAuthenticationStrategy', + 'do': 'DigitalOceanAuthenticationStrategy' } diff --git a/ScoutSuite/providers/do/authentication_strategy.py b/ScoutSuite/providers/do/authentication_strategy.py new file mode 100644 index 000000000..1d4e17b1f --- /dev/null +++ b/ScoutSuite/providers/do/authentication_strategy.py @@ -0,0 +1,49 @@ +from ScoutSuite.providers.do import utils +from ScoutSuite.providers.base.authentication_strategy import AuthenticationException +from ScoutSuite.providers.base.authentication_strategy import AuthenticationStrategy +from ScoutSuite.core.console import print_warning +from pydo import Client +import logging +import boto3 + + +class DoCredentials: + def __init__(self, client, session=None): + self.client = client + self.session = session + + +class DigitalOceanAuthenticationStrategy(AuthenticationStrategy): + + def authenticate(self, token=None, access_key=None, access_secret=None, **kwargs): + """ + Handles authentication to DigitalOcean. + """ + try: + self.client = Client(token) + # a simple request here to make sure the authentication is successful + self.client.account.get() + + if not (access_key and access_secret): + print_warning( + f"Missing credentials for spaces: Skipping DO Spaces service" + ) + return DoCredentials(client=self.client) + else: + # Set logging level to error for libraries as otherwise generates a lot of warnings + logging.getLogger("botocore").setLevel(logging.ERROR) + logging.getLogger("botocore.auth").setLevel(logging.ERROR) + logging.getLogger("urllib3").setLevel(logging.ERROR) + + session = boto3.Session( + aws_access_key_id=access_key, + aws_secret_access_key=access_secret, + ) + # make sure the DO spaces authentication is successful + region = "blr1" + spaces_client = utils.get_client("s3", session, region) + spaces_client.list_buckets() + return DoCredentials(client=self.client, session=session) + + except Exception as e: + raise AuthenticationException(e) diff --git a/ScoutSuite/providers/do/facade/__init__.py b/ScoutSuite/providers/do/facade/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/facade/base.py b/ScoutSuite/providers/do/facade/base.py new file mode 100644 index 000000000..993df320b --- /dev/null +++ b/ScoutSuite/providers/do/facade/base.py @@ -0,0 +1,19 @@ +from ScoutSuite.providers.do.facade.droplet import DropletFacade +from ScoutSuite.providers.do.facade.networking import Networkingfacade +from ScoutSuite.providers.do.facade.database import DatabasesFacade +from ScoutSuite.providers.do.facade.spaces import SpacesFacade +from ScoutSuite.providers.do.facade.kubernetes import KubernetesDoFacade +from ScoutSuite.providers.do.authentication_strategy import DoCredentials + + +class DoFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._instantiate_facades() + + def _instantiate_facades(self): + self.droplet = DropletFacade(self._credentials) + self.networking = Networkingfacade(self._credentials) + self.database = DatabasesFacade(self._credentials) + self.spaces = SpacesFacade(self._credentials) + self.kubernetes = KubernetesDoFacade(self._credentials) diff --git a/ScoutSuite/providers/do/facade/database.py b/ScoutSuite/providers/do/facade/database.py new file mode 100644 index 000000000..ea59adce4 --- /dev/null +++ b/ScoutSuite/providers/do/facade/database.py @@ -0,0 +1,71 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class DatabasesFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + + async def get_databases(self): + try: + databases = await run_concurrently( + lambda: self._client.databases.list_clusters()["databases"] + ) + return databases + except Exception as e: + print_exception(f"Failed to get databases: {e}") + return [] + + async def get_databaseusers(self, db_uuid): + try: + db_users = await run_concurrently( + lambda: self._client.databases.list_users(db_uuid)["users"] + ) + return db_users + except Exception as e: + print_exception(f"Failed to get db users: {e}") + return [] + + async def get_eviction_policy(self, db_uuid): + try: + eviction_policy = await run_concurrently( + lambda: self._client.databases.get_eviction_policy(db_uuid)[ + "eviction_policy" + ] + ) + return eviction_policy + except Exception as e: + print_exception(f"Failed to get Redis eviction policy: {e}") + return [] + + async def get_connection_pools(self, db_uuid): + try: + connection_pools = await run_concurrently( + lambda: self._client.databases.list_connection_pools(db_uuid)["pools"] + ) + return connection_pools + except Exception as e: + print_exception(f"Failed to get Postgres connection pools: {e}") + return [] + + async def get_firewalls(self, db_uuid): + try: + firewall_rules = await run_concurrently( + lambda: self._client.databases.list_firewall_rules(db_uuid) + ) + return firewall_rules + except Exception as e: + print_exception(f"Failed to get db firewalls: {e}") + return [] + + async def get_resources(self, tag): + try: + resources = await run_concurrently( + lambda: self._client.tags.get(tag)["tag"]["resources"] + ) + return resources + except Exception as e: + print_exception(f"Failed to get tag resources: {e}") + return [] diff --git a/ScoutSuite/providers/do/facade/droplet.py b/ScoutSuite/providers/do/facade/droplet.py new file mode 100644 index 000000000..32944a7db --- /dev/null +++ b/ScoutSuite/providers/do/facade/droplet.py @@ -0,0 +1,46 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently +from ScoutSuite.providers.do.facade.utils import DOFacadeUtils + + +class DropletFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + self.current_page = 1 + self.per_page = 50 + + async def get_droplets(self): + try: + droplets = await DOFacadeUtils.get_all_from_pagination( + self._client.droplets.list, self.current_page, self.per_page, "droplets" + ) + return droplets["droplets"] + except Exception as e: + print_exception(f"Failed to get droplets: {e}") + return [] + + async def get_droplet_fwconfig(self, id): + try: + filters = {"droplet_id": id} + droplet_fwconfig = await DOFacadeUtils.get_all_from_pagination( + self._client.droplets.list_firewalls, + self.current_page, + self.per_page, + "firewalls", + filters, + ) + return droplet_fwconfig + except Exception as e: + print_exception(f"Failed to get droplet firewall config: {e}") + return [] + + # TODO not required for now + # async def get_droplet_details(self, id): + # try: + # droplets = await run_concurrently(lambda: self._client.droplets.list()['droplets']) + # return droplets + # except Exception as e: + # print_exception(f'Failed to get do droplets: {e}') + # return [] diff --git a/ScoutSuite/providers/do/facade/kubernetes.py b/ScoutSuite/providers/do/facade/kubernetes.py new file mode 100644 index 000000000..59716e5dd --- /dev/null +++ b/ScoutSuite/providers/do/facade/kubernetes.py @@ -0,0 +1,21 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class KubernetesDoFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + + async def get_kubernetes(self): + try: + kubernetes = await run_concurrently( + lambda: self._client.kubernetes.list_clusters()["kubernetes_clusters"] + ) + return kubernetes + except Exception as e: + print_exception(f"Failed to get kubernetes clusters: {e}") + return [] + + \ No newline at end of file diff --git a/ScoutSuite/providers/do/facade/networking.py b/ScoutSuite/providers/do/facade/networking.py new file mode 100644 index 000000000..1b5b760b6 --- /dev/null +++ b/ScoutSuite/providers/do/facade/networking.py @@ -0,0 +1,48 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.do.facade.utils import DOFacadeUtils +from ScoutSuite.providers.utils import run_concurrently + + +class Networkingfacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + self.current_page = 1 + self.per_page = 50 + + async def get_firewalls(self): + try: + firewalls = await DOFacadeUtils.get_all_from_pagination( + self._client.firewalls.list, + self.current_page, + self.per_page, + "firewalls", + ) + return firewalls["firewalls"] + except Exception as e: + print_exception(f"Failed to get firewalls: {e}") + return [] + + async def get_domains(self): + try: + domains = await DOFacadeUtils.get_all_from_pagination( + self._client.domains.list, self.current_page, self.per_page, "domains" + ) + return domains["domains"] + except Exception as e: + print_exception(f"Failed to get domains: {e}") + return [] + + async def get_load_balancers(self): + try: + load_balancers = await DOFacadeUtils.get_all_from_pagination( + self._client.load_balancers.list, + self.current_page, + self.per_page, + "load_balancers", + ) + return load_balancers["load_balancers"] + except Exception as e: + print_exception(f"Failed to get load balancers: {e}") + return [] diff --git a/ScoutSuite/providers/do/facade/spaces.py b/ScoutSuite/providers/do/facade/spaces.py new file mode 100644 index 000000000..cda4c3ac3 --- /dev/null +++ b/ScoutSuite/providers/do/facade/spaces.py @@ -0,0 +1,212 @@ +from botocore.exceptions import ClientError +import boto3 +from ScoutSuite.core.console import print_exception, print_debug, print_warning +from ScoutSuite.providers.aws.facade.utils import AWSFacadeUtils +from ScoutSuite.providers.utils import run_concurrently, get_and_set_concurrently +from ScoutSuite.providers.do.authentication_strategy import DoCredentials + + +class SpacesFacade: + def __init__(self, credentials: DoCredentials): + self._credentials = credentials + self._client = credentials.client + self.session = credentials.session + + async def get_all_buckets(self): + buckets = [] + # TODO no api avaialible to get do regions that support spaces. + region_list = ["nyc3", "sfo2", "sfo3", "ams3", "fra1", "sgp1", "syd1", "blr1"] + + for region in region_list: + region_buckets = await self.get_buckets(region) + buckets.extend(region_buckets) + return buckets + + async def get_buckets(self, region=None): + try: + buckets = [] + exception = None + try: + client = self.get_client("s3", self.session, region) + buckets = await run_concurrently( + lambda: client.list_buckets()["Buckets"] + ) + except Exception as e: + exception = e + else: + exception = None # Fix for https://github.com/nccgroup/ScoutSuite/issues/916#issuecomment-728783965 + if not buckets: + if exception: + print_exception(f"Failed to list buckets: {exception}") + return [] + except Exception as e: + print_exception(f"Failed to list buckets: {e}") + return [] + else: + # We need first to retrieve bucket locations before retrieving bucket details + await get_and_set_concurrently( + [self._get_and_set_s3_bucket_location], buckets, region=region + ) + + # Then we can retrieve bucket details concurrently + await get_and_set_concurrently( + [ + self._get_and_set_s3_acls, + self._get_CORS + ], + buckets, + ) + return buckets + + async def _get_CORS(self, bucket: {}, region=None): + client = self.get_client("s3", self.session, bucket["region"]) + try: + # Attempt to get the CORS configuration + response = client.get_bucket_cors(Bucket=bucket["Name"]) + if 'CORSRules' in response: + bucket["CORS"] = response['CORSRules'] + else: + print("CORS rules are not set for this bucket.") + except ClientError as e: + if e.response['Error']['Code'] == 'InvalidAccessKeyId': + print("The AWS Access Key Id provided does not exist in our records.") + except Exception as e: + print(f"An unexpected error occurred: {str(e)}") + + async def _get_and_set_s3_bucket_location(self, bucket: {}, region=None): + client = self.get_client("s3", self.session, region) + try: + location = await run_concurrently( + lambda: client.get_bucket_location(Bucket=bucket["Name"]) + ) + except Exception as e: + if "NoSuchBucket" in str(e) or "InvalidToken" in str(e): + print_warning( + "Failed to get bucket location for {}: {}".format(bucket["Name"], e) + ) + else: + print_exception( + "Failed to get bucket location for {}: {}".format(bucket["Name"], e) + ) + location = None + + if location: + region = ( + location["LocationConstraint"] + if location["LocationConstraint"] + else "us-east-1" + ) + + # Fixes issue #59: location constraint can be either EU or eu-west-1 for Ireland... + if region == "EU": + region = "eu-west-1" + else: + region = None + + bucket["region"] = region + + async def _get_and_set_s3_acls(self, bucket: {}, key_name=None): + bucket_name = bucket["Name"] + client = self.get_client("s3", self.session, bucket["region"]) + try: + grantees = {} + if key_name: + grants = await run_concurrently( + lambda: client.get_object_acl(Bucket=bucket_name, Key=key_name) + ) + else: + grants = await run_concurrently( + lambda: client.get_bucket_acl(Bucket=bucket_name) + ) + for grant in grants["Grants"]: + if "ID" in grant["Grantee"]: + grantee = grant["Grantee"]["ID"] + display_name = ( + grant["Grantee"]["DisplayName"] + if "DisplayName" in grant["Grantee"] + else grant["Grantee"]["ID"] + ) + elif "URI" in grant["Grantee"]: + grantee = grant["Grantee"]["URI"].split("/")[-1] + display_name = self._s3_group_to_string(grant["Grantee"]["URI"]) + else: + grantee = display_name = "Unknown" + permission = grant["Permission"] + grantees.setdefault(grantee, {}) + grantees[grantee]["DisplayName"] = display_name + if "URI" in grant["Grantee"]: + grantees[grantee]["URI"] = grant["Grantee"]["URI"] + grantees[grantee].setdefault("permissions", self._init_s3_permissions()) + self._set_s3_permissions(grantees[grantee]["permissions"], permission) + bucket["grantees"] = grantees + except Exception as e: + if "NoSuchBucket" in str(e) or "InvalidToken" in str(e): + print_warning(f"Failed to get ACL configuration for {bucket_name}: {e}") + else: + print_exception( + f"Failed to get ACL configuration for {bucket_name}: {e}" + ) + bucket["grantees"] = {} + + @staticmethod + def get_client(service: str, session: boto3.session.Session, region: str = None): + """ + Instantiates an AWS API client + + :param service: Service targeted, e.g. ec2 + :param session: The aws session + :param region: Region desired, e.g. us-east-2 + + :return: + """ + + try: + return ( + session.client( + service, + region_name=region, + endpoint_url="https://" + region + ".digitaloceanspaces.com", + ) + if region + else session.client(service) + ) + except Exception as e: + print_exception(f"Failed to create client for the {service} service: {e}") + return None + + @staticmethod + def _init_s3_permissions(): + permissions = { + "read": False, + "write": False, + "read_acp": False, + "write_acp": False, + } + return permissions + + @staticmethod + def _set_s3_permissions(permissions: str, name: str): + if name == "READ" or name == "FULL_CONTROL": + permissions["read"] = True + if name == "WRITE" or name == "FULL_CONTROL": + permissions["write"] = True + if name == "READ_ACP" or name == "FULL_CONTROL": + permissions["read_acp"] = True + if name == "WRITE_ACP" or name == "FULL_CONTROL": + permissions["write_acp"] = True + + @staticmethod + def _s3_group_to_string(uri: str): + if uri == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers": + return "Authenticated users" + elif uri == "http://acs.amazonaws.com/groups/global/AllUsers": + return "Everyone" + elif uri == "http://acs.amazonaws.com/groups/s3/LogDelivery": + return "Log delivery" + else: + return uri + + @staticmethod + def _status_to_bool(value: str): + """Converts a string to True if it is equal to 'Enabled' or to False otherwise.""" + return value == "Enabled" diff --git a/ScoutSuite/providers/do/facade/utils.py b/ScoutSuite/providers/do/facade/utils.py new file mode 100644 index 000000000..b377bc7a7 --- /dev/null +++ b/ScoutSuite/providers/do/facade/utils.py @@ -0,0 +1,31 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.utils import run_concurrently + + +class DOFacadeUtils: + + @staticmethod + async def get_all_from_pagination( + list_client, current_page, per_page, object_name, filters=None + ): + final_output = {} + next_page = True + while next_page: + if filters: + resp = await run_concurrently( + lambda: list_client(**filters, per_page=per_page, page=current_page) + ) + else: + resp = await run_concurrently( + lambda: list_client(per_page=per_page, page=current_page) + ) + if object_name in final_output.keys(): + final_output[object_name].extend(resp[object_name]) + else: + final_output[object_name] = resp[object_name] + + pages = resp.get("links").get("pages", {}) + next_page = "next" in pages.keys() + current_page += 1 + return final_output diff --git a/ScoutSuite/providers/do/metadata.json b/ScoutSuite/providers/do/metadata.json new file mode 100644 index 000000000..1b78bbfe8 --- /dev/null +++ b/ScoutSuite/providers/do/metadata.json @@ -0,0 +1,60 @@ +{ + "Droplets": { + "droplet": { + "resources": { + "droplets": { + "cols": 2, + "path": "services.droplet.droplets" + } + } + } + }, + "Storage": { + "spaces": { + "resources": { + "buckets": { + "cols": 2, + "path": "services.spaces.buckets" + } + } + } + }, + "Network": { + "networking": { + "resources": { + "firewalls": { + "cols": 2, + "path": "services.networking.firewalls" + }, + "domains": { + "cols": 2, + "path": "services.networking.domains" + }, + "load_balancers": { + "cols": 2, + "path": "services.networking.load_balancers" + } + } + } + }, + "Kubernetes": { + "kubernetes": { + "resources": { + "kubernetes": { + "cols": 2, + "path": "services.kubernetes.kubernetes" + } + } + } + }, + "Databases": { + "database": { + "resources": { + "databases": { + "cols": 2, + "path": "services.database.databases" + } + } + } + } +} diff --git a/ScoutSuite/providers/do/provider.py b/ScoutSuite/providers/do/provider.py new file mode 100644 index 000000000..ba2987e68 --- /dev/null +++ b/ScoutSuite/providers/do/provider.py @@ -0,0 +1,50 @@ +import os +from ScoutSuite.providers.do.services import DigitalOceanServicesConfig +from ScoutSuite.providers.base.provider import BaseProvider + + +class DigitalOceanProvider(BaseProvider): + """ + Implements provider for DigitalOcean + """ + + def __init__( + self, + report_dir=None, + timestamp=None, + services=None, + skipped_services=None, + **kwargs, + ): + + services = [] if services is None else services + skipped_services = [] if skipped_services is None else skipped_services + + self.metadata_path = ( + "%s/metadata.json" % os.path.split(os.path.abspath(__file__))[0] + ) + + self.provider_code = "do" + self.provider_name = "DigitalOcean" + self.environment = "default" + + self.services_config = DigitalOceanServicesConfig + + self.credentials = kwargs["credentials"] + self.account_id = self.credentials.client.account.get() + self.account_id = self.account_id["account"]["uuid"] + + super().__init__(report_dir, timestamp, services, skipped_services) + + def get_report_name(self): + """ + Returns the name of the report using the provider's configuration + """ + if self.account_id: + return f"do-{self.account_id}" + else: + return "do" + + def preprocessing(self, ip_ranges=None, ip_ranges_name_key=None): + + super().preprocessing() diff --git a/ScoutSuite/providers/do/resources/__init__.py b/ScoutSuite/providers/do/resources/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/base.py b/ScoutSuite/providers/do/resources/base.py new file mode 100644 index 000000000..eeb13e981 --- /dev/null +++ b/ScoutSuite/providers/do/resources/base.py @@ -0,0 +1,22 @@ +"""This module provides implementations for Resources and CompositeResources for DO.""" + +import abc + +from ScoutSuite.providers.base.resources.base import Resources, CompositeResources + + +class DoResources(Resources, metaclass=abc.ABCMeta): + """This is the base class for DO resources.""" + + pass + + +class DoCompositeResources(DoResources, CompositeResources, metaclass=abc.ABCMeta): + """This class represents a collection of composite Resources (resources that include nested resources referred as + their children). Classes extending DoCompositeResources have to define a '_children' attribute which consists of + a list of tuples describing the children. The tuples are expected to respect the following format: + (, ). 'child_name' is used to indicate the name under which the child resources will be + stored in the parent object. + """ + + pass diff --git a/ScoutSuite/providers/do/resources/database/__init__.py b/ScoutSuite/providers/do/resources/database/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/database/base.py b/ScoutSuite/providers/do/resources/database/base.py new file mode 100644 index 000000000..6baec57a5 --- /dev/null +++ b/ScoutSuite/providers/do/resources/database/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.database.databases import Databases + + +class Databases(DoCompositeResources): + _children = [(Databases, "databases")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "database" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/database/databases.py b/ScoutSuite/providers/do/resources/database/databases.py new file mode 100644 index 000000000..2a880c342 --- /dev/null +++ b/ScoutSuite/providers/do/resources/database/databases.py @@ -0,0 +1,70 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Databases(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + clusters = await self.facade.database.get_databases() + if clusters: + for cluster in clusters: + id, cluster = await self._parse_cluster(cluster) + self[id] = cluster + + async def _parse_cluster(self, raw_cluster): + cluster_dict = {} + + cluster_dict["id"] = raw_cluster["id"] + cluster_dict["name"] = raw_cluster["name"] + cluster_dict["engine"] = raw_cluster["engine"] + cluster_dict["version"] = raw_cluster["version"] + if raw_cluster["engine"] != "mongodb": + cluster_dict["semantic_version"] = raw_cluster["semantic_version"] + cluster_dict["tags"] = raw_cluster["tags"] + cluster_dict["databases"] = str(raw_cluster["db_names"]) + + trusted_sources = set() + cluster_databases = await self.facade.database.get_firewalls(raw_cluster["id"]) + if cluster_databases: + for cluster_rule in cluster_databases["rules"]: + trusted_sources.add(f"{cluster_rule['type']}s:{cluster_rule['value']}") + + cluster_dict["trusted_sources"] = ( + trusted_sources if trusted_sources else "False" + ) + + if raw_cluster["engine"] == "mysql": + legacy_encryption_users = set() + db_users = await self.facade.database.get_databaseusers(raw_cluster["id"]) + if db_users: + for db_user in db_users: + if ( + db_user["mysql_settings"]["auth_plugin"] + == "mysql_native_password" + ): + legacy_encryption_users.add(db_user["name"]) + + if legacy_encryption_users == "None": + cluster_dict["legacy_encryption_users"] = "True" + else: + cluster_dict["legacy_encryption_users"] = ( + str(legacy_encryption_users) if legacy_encryption_users else "False" + ) + + + elif raw_cluster["engine"] == "redis": + cluster_dict["eviction_policy"] = ( + await self.facade.database.get_eviction_policy(raw_cluster["id"]) + ) + + elif raw_cluster["engine"] == "pg": + connection_pools = await self.facade.database.get_connection_pools( + raw_cluster["id"] + ) + cluster_dict["connection_pools"] = ( + connection_pools if connection_pools else "False" + ) + + return cluster_dict["id"], cluster_dict diff --git a/ScoutSuite/providers/do/resources/droplet/__init__.py b/ScoutSuite/providers/do/resources/droplet/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/droplet/base.py b/ScoutSuite/providers/do/resources/droplet/base.py new file mode 100644 index 000000000..5a5ebdf1a --- /dev/null +++ b/ScoutSuite/providers/do/resources/droplet/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.droplet.droplets import Droplets + + +class Droplets(DoCompositeResources): + _children = [(Droplets, "droplets")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "droplet" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/droplet/droplets.py b/ScoutSuite/providers/do/resources/droplet/droplets.py new file mode 100644 index 000000000..4444af5da --- /dev/null +++ b/ScoutSuite/providers/do/resources/droplet/droplets.py @@ -0,0 +1,91 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Droplets(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + droplets = await self.facade.droplet.get_droplets() + if droplets: + for droplet in droplets: + id, droplet = await self._parse_droplet(droplet) + self[id] = droplet + + async def _parse_droplet(self, raw_droplet): + droplet_dict = {} + + droplet_dict["id"] = raw_droplet["id"] + droplet_dict["name"] = raw_droplet["name"] + droplet_dict["memory"] = raw_droplet["memory"] + droplet_dict["vcpus"] = raw_droplet["vcpus"] + droplet_dict["disk"] = raw_droplet["disk"] + droplet_dict["locked"] = raw_droplet["locked"] + droplet_dict["status"] = raw_droplet["status"] + droplet_dict["kernel"] = raw_droplet["kernel"] + droplet_dict["created_at"] = raw_droplet["created_at"] + droplet_dict["features"] = raw_droplet["features"] + droplet_dict["backup_ids"] = str(raw_droplet["backup_ids"]) + droplet_dict["next_backup_window"] = raw_droplet["next_backup_window"] + droplet_dict["snapshot_ids"] = str(raw_droplet["snapshot_ids"]) + droplet_dict["image"] = raw_droplet["image"]["slug"] + droplet_dict["image_type"] = raw_droplet["image"]["type"] + droplet_dict["volume_ids"] = str(raw_droplet["volume_ids"]) + droplet_dict["size"] = raw_droplet["size"]["slug"] + droplet_dict["size_slug"] = raw_droplet["size_slug"] + droplet_dict["networks"] = str(raw_droplet["networks"]) + droplet_dict["region"] = raw_droplet["region"]["slug"] + droplet_dict["tags"] = raw_droplet["tags"] + droplet_dict["vpc_uuid"] = raw_droplet["vpc_uuid"] + droplet_dict["firewalls"] = None + + droplet_fwconfig = await self.facade.droplet.get_droplet_fwconfig( + raw_droplet["id"] + ) + public_ports = {} + + if droplet_fwconfig: + if droplet_fwconfig["firewalls"]: + droplet_dict["firewalls"] = "" + for firewall in droplet_fwconfig["firewalls"]: + droplet_dict["firewalls"] = ( + droplet_dict["firewalls"] + " , " + firewall["id"] + if droplet_dict["firewalls"] + else firewall["id"] + ) + + for rules in firewall["inbound_rules"]: + if ( + "0.0.0.0/0" in rules["sources"]["addresses"] + or "::/0" in rules["sources"]["addresses"] + ): + public_ports[rules["ports"]] = rules["sources"]["addresses"] + + droplet_dict["all_ports_exposed"] = ( + "True" + if ("0" in public_ports.keys() or not droplet_fwconfig["firewalls"]) + else "False" + ) + droplet_dict["port_22_exposed"] = ( + "True" + if ("22" in public_ports.keys() or droplet_dict["all_ports_exposed"]) + else "False" + ) + + droplet_dict["public_ports_enabled"] = "True" if public_ports else "False" + droplet_dict["public_port_detail"] = ( + f"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}" + if public_ports + else "" + ) + + droplet_dict["features_monitoring"] = ( + "True" + if ("monitoring" in droplet_dict["features"]) + else "False" + ) + + + return droplet_dict["id"], droplet_dict diff --git a/ScoutSuite/providers/do/resources/kubernetes/__init__.py b/ScoutSuite/providers/do/resources/kubernetes/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/kubernetes/base.py b/ScoutSuite/providers/do/resources/kubernetes/base.py new file mode 100644 index 000000000..f48090fbc --- /dev/null +++ b/ScoutSuite/providers/do/resources/kubernetes/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.kubernetes.kubernetes import Kubernetes + + +class Kubernetes(DoCompositeResources): + _children = [(Kubernetes, "kubernetes")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "kubernetes" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/kubernetes/kubernetes.py b/ScoutSuite/providers/do/resources/kubernetes/kubernetes.py new file mode 100644 index 000000000..d83e5ab2d --- /dev/null +++ b/ScoutSuite/providers/do/resources/kubernetes/kubernetes.py @@ -0,0 +1,25 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Kubernetes(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + clusters = await self.facade.kubernetes.get_kubernetes() + if clusters: + for cluster in clusters: + id, cluster = await self._parse_cluster(cluster) + self[id] = cluster + + async def _parse_cluster(self, raw_cluster): + cluster_dict = {} + + cluster_dict["id"] = raw_cluster["id"] + cluster_dict["name"] = raw_cluster["name"] + cluster_dict["ha"] = raw_cluster["ha"] + cluster_dict["auto_upgrade"] = raw_cluster["auto_upgrade"] + cluster_dict["surge_upgrade"] = raw_cluster["surge_upgrade"] + + return cluster_dict["id"], cluster_dict diff --git a/ScoutSuite/providers/do/resources/networking/__init__.py b/ScoutSuite/providers/do/resources/networking/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/networking/base.py b/ScoutSuite/providers/do/resources/networking/base.py new file mode 100644 index 000000000..f9079148c --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/base.py @@ -0,0 +1,20 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.networking.firewalls import Firewalls +from ScoutSuite.providers.do.resources.networking.domains import Domains +from ScoutSuite.providers.do.resources.networking.load_balancers import LoadBalancers + + +class Networking(DoCompositeResources): + _children = [ + (Firewalls, "firewalls"), + (Domains, "domains"), + (LoadBalancers, "load_balancers"), + ] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "networking" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/networking/domains.py b/ScoutSuite/providers/do/resources/networking/domains.py new file mode 100644 index 000000000..1413278e6 --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/domains.py @@ -0,0 +1,50 @@ +from ScoutSuite.core.console import print_exception +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade +import re + + +class Domains(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + domains = await self.facade.networking.get_domains() + if domains: + for domain in domains: + name, domain = await self._parse_domain(domain) + if domain: + self[name] = domain + + async def _parse_domain(self, raw_domain): + domain_dict = {} + + domain_dict["name"] = raw_domain["name"] + zone_file = raw_domain["zone_file"] + + spf_pattern = re.compile(r'.*TXT.*v=spf.*', re.IGNORECASE) + domain_dict["spf_record"] = "True" if bool(re.search(spf_pattern, zone_file)) else "False" + dmarc_pattern = re.compile(r'.*TXT.*v=DMARC.*', re.IGNORECASE) + domain_dict["dmarc_record"] = "True" if bool(re.search(dmarc_pattern, zone_file)) else "False" + dkim_pattern = re.compile(r'.*TXT.*v=DKIM.*', re.IGNORECASE) + domain_dict["dkim_record"] = "True" if bool(re.search(dkim_pattern, zone_file)) else "False" + + ttl_regex = r"\.\s*(\d+)\s*IN" + ttl_matches = re.findall(ttl_regex, zone_file) + numbers = [int(match) for match in ttl_matches] + + domain_dict["highttl_records"] = ( + "True" + if max(numbers) > 3600 + else "False" + ) + + pattern1 = re.compile(r'.*TXT.*v=spf.*~all', re.IGNORECASE) + pattern2 = re.compile(r'.*TXT.*v=spf.*\+all', re.IGNORECASE) + domain_dict["spf_record_all"] = ( + "True" + if bool(re.search(pattern1, zone_file)) or bool(re.search(pattern2, zone_file)) + else "False" + ) + + return domain_dict["name"], domain_dict diff --git a/ScoutSuite/providers/do/resources/networking/firewalls.py b/ScoutSuite/providers/do/resources/networking/firewalls.py new file mode 100644 index 000000000..566b3f59a --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/firewalls.py @@ -0,0 +1,47 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class Firewalls(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + firewalls = await self.facade.networking.get_firewalls() + if firewalls: + for firewall in firewalls: + id, firewall = await self._parse_firewall(firewall) + self[id] = firewall + + async def _parse_firewall(self, raw_firewall): + firewall_dict = {} + + firewall_dict["id"] = raw_firewall["id"] + firewall_dict["name"] = raw_firewall["name"] + firewall_dict["status"] = raw_firewall["status"] + firewall_dict["inbound_rules"] = raw_firewall["inbound_rules"] + firewall_dict["outbound_rules"] = raw_firewall["outbound_rules"] + firewall_dict["created_at"] = raw_firewall["created_at"] + firewall_dict["droplet_ids"] = str(raw_firewall["droplet_ids"]) + firewall_dict["tags"] = str(raw_firewall["tags"]) + firewall_dict["pending_changes"] = str(raw_firewall["pending_changes"]) + public_ports = {} + for rules in raw_firewall["inbound_rules"]: + if ( + "0.0.0.0/0" in rules["sources"]["addresses"] + or "::/0" in rules["sources"]["addresses"] + ): + public_ports[rules["ports"]] = rules["sources"]["addresses"] + + firewall_dict["all_ports_exposed"] = ( + "True" if ("0" in public_ports.keys()) else "False" + ) + firewall_dict["public_ports_enabled"] = "True" if public_ports else "False" + firewall_dict["public_port_detail"] = ( + f"Port {','.join(public_ports.keys())} exposed to public internet due to this configuration {str(public_ports)}" + if public_ports + else "" + ) + + return firewall_dict["id"], firewall_dict diff --git a/ScoutSuite/providers/do/resources/networking/load_balancers.py b/ScoutSuite/providers/do/resources/networking/load_balancers.py new file mode 100644 index 000000000..7ce6ca493 --- /dev/null +++ b/ScoutSuite/providers/do/resources/networking/load_balancers.py @@ -0,0 +1,30 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade + + +class LoadBalancers(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + load_balancers = await self.facade.networking.get_load_balancers() + if load_balancers: + for load_balancer in load_balancers: + id, load_balancer = await self._parse_load_balancer(load_balancer) + self[id] = load_balancer + + async def _parse_load_balancer(self, raw_load_balancer): + load_balancer_dict = {} + + load_balancer_dict["id"] = raw_load_balancer["id"] + load_balancer_dict["name"] = raw_load_balancer["name"] + load_balancer_dict["name"] = raw_load_balancer["name"] + load_balancer_dict["redirect_http_to_https"] = str( + raw_load_balancer["redirect_http_to_https"] + ) + load_balancer_dict["enable_backend_keepalive"] = str( + raw_load_balancer["enable_backend_keepalive"] + ) + load_balancer_dict["droplet_ids"] = str(raw_load_balancer["droplet_ids"]) + + return load_balancer_dict["id"], load_balancer_dict diff --git a/ScoutSuite/providers/do/resources/spaces/__init__.py b/ScoutSuite/providers/do/resources/spaces/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/resources/spaces/base.py b/ScoutSuite/providers/do/resources/spaces/base.py new file mode 100644 index 000000000..2f3d4fec5 --- /dev/null +++ b/ScoutSuite/providers/do/resources/spaces/base.py @@ -0,0 +1,14 @@ +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.do.resources.base import DoCompositeResources +from ScoutSuite.providers.do.resources.spaces.buckets import Buckets + + +class Spaces(DoCompositeResources): + _children = [(Buckets, "buckets")] + + def __init__(self, facade: DoFacade): + super().__init__(facade) + self.service = "buckets" + + async def fetch_all(self, **kwargs): + await self._fetch_children(resource_parent=self) diff --git a/ScoutSuite/providers/do/resources/spaces/buckets.py b/ScoutSuite/providers/do/resources/spaces/buckets.py new file mode 100644 index 000000000..7edc2dcb6 --- /dev/null +++ b/ScoutSuite/providers/do/resources/spaces/buckets.py @@ -0,0 +1,50 @@ +from ScoutSuite.providers.do.resources.base import DoResources +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.core.console import print_exception +import json + + +class Buckets(DoResources): + def __init__(self, facade: DoFacade): + super().__init__(facade) + + async def fetch_all(self): + + buckets = await self.facade.spaces.get_all_buckets() + if buckets: + for bucket in buckets: + id, bucket = await self._parse_buckets(bucket) + self[id] = bucket + + async def _parse_buckets(self, raw_buckets): + buckets_dict = {} + + buckets_dict["name"] = raw_buckets["Name"] + buckets_dict["public_read"] = ( + str(raw_buckets["grantees"]["AllUsers"]["permissions"]["read"]) + if "AllUsers" in raw_buckets.get("grantees", {}) + else False + ) + buckets_dict["public_write"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["write"] + if "AllUsers" in raw_buckets.get("grantees", {}) + else False + ) + buckets_dict["read_acp"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["read_acp"] + if "AllUsers" in raw_buckets.get("grantees", {}) + else False + ) + buckets_dict["write_acp"] = ( + raw_buckets["grantees"]["AllUsers"]["permissions"]["write_acp"] + if "AllUsers" in raw_buckets.get("grantees", {}) + else False + ) + buckets_dict["CORS"] = ( + True + if "CORS" in raw_buckets and raw_buckets["CORS"] and "AllowedOrigins" in raw_buckets["CORS"][0] + else False + ) + + + return buckets_dict["name"], buckets_dict diff --git a/ScoutSuite/providers/do/rules/filters/.gitkeep b/ScoutSuite/providers/do/rules/filters/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json new file mode 100644 index 000000000..28b350e02 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-publically-exposed.json @@ -0,0 +1,20 @@ +{ + "description": "Mysql Database cluster publically exposed", + "rationale": "Typically, only the application servers should be allowed to connect to the database cluster.", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.trusted_sources", + "equal", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "mysql" + ] + ], + "id_suffix": "trusted_sources" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json new file mode 100644 index 000000000..1138f2b28 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-mysql-user-legacy-encryption.json @@ -0,0 +1,20 @@ +{ + "description": "Mysql Database user with Legacy MySQL 5.x encryption", + "rationale": "DigitalOcean Managed Databases using MySQL 8+ are automatically configured to use caching_sha2_password authentication by default. caching_sha2_password uses a stronger password encryption than prior versions of MySQL.", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.legacy_encryption_users", + "notEqual", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "mysql" + ] + ], + "id_suffix": "legacy_encryption_users" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json new file mode 100644 index 000000000..cd6eb64e5 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-connection-pools.json @@ -0,0 +1,20 @@ +{ + "description": "No connection pools found for Postgres database", + "rationale": "When you use PostgreSQL without a connection pool, each client request creates a new connection to the database. This can lead to a high number of connections, which can cause performance issues and slow down your application. Connection pooling can help mitigate these issues by reusing existing connections instead of creating new ones for each request", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.connection_pools", + "equal", + "False" + ], + [ + "database.databases.id.engine", + "equal", + "pg" + ] + ], + "id_suffix": "connection_pools" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-postgres-trusted-sources.json b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-trusted-sources.json new file mode 100644 index 000000000..5d798845e --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-postgres-trusted-sources.json @@ -0,0 +1,15 @@ +{ + "description": "Databases publicly exposed", + "rationale": "Database services should restrict incoming requests only from trusted sources.", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.trusted_sources", + "equal", + "False" + ] + ], + "id_suffix": "trusted_sources" +} diff --git a/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json b/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json new file mode 100644 index 000000000..ad4055f5f --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/database-databases-redis-evicition-policy.json @@ -0,0 +1,20 @@ +{ + "description": "Eviction policy for Redis database cluster not set to 'allkeys-lru'", + "rationale": "When Redis is used as a cache, it is often convenient to let it automatically evict old data as you add new data. Redis provides several eviction policies to choose from, including allkeys-lru, allkeys-lfu, volatile-lru, volatile-lfu, allkeys-random, volatile-random, and volatile-ttl 1. If you do not set an eviction policy, Redis will use the noeviction policy by default. This means that Redis will not evict any keys when the memory limit is reached, and any new values will not be saved 1. If you do not set an eviction policy and Redis runs out of memory, it will start to return errors for commands that could result in more memory being used 1. In general, it is recommended to use the allkeys-lru policy when you expect a power-law distribution in the popularity of your requests. That is, you expect a subset of elements will be accessed far more often than the rest", + "dashboard_name": "Databases", + "path": "database.databases.id", + "conditions": [ + "and", + [ + "database.databases.id.eviction_policy", + "notEqual", + "allkeys_lru" + ], + [ + "database.databases.id.engine", + "equal", + "redis" + ] + ], + "id_suffix": "eviction_policy" +} diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json new file mode 100644 index 000000000..a491c5164 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-all-ports-exposed.json @@ -0,0 +1,15 @@ +{ + "description": "Droplets with all ports exposed to public", + "rationale": "Droplets should expose only required/intented ports to public internet", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.all_ports_exposed", + "equal", + "True" + ] + ], + "id_suffix": "all_ports_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json new file mode 100644 index 000000000..0ba65c386 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-enabled.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets with auto backups disabled", + "rationale": "Droplet backups feature should be enabled for disaster recovery.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.next_backup_window", + "null", + "" + ] + ], + "id_suffix": "next_backup_window" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json new file mode 100644 index 000000000..3ee3f6868 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-backup-not-present.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets having no backups present", + "rationale": "Droplets should have atleast 1 backup present for disaster recovery.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.backup_ids", + "equal", + "[]" + ] + ], + "id_suffix": "backup_ids" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-custom-image.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-custom-image.json new file mode 100644 index 000000000..123e68e1f --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-custom-image.json @@ -0,0 +1,16 @@ +{ + "description": "Droplets with custom image", + "rationale": "Using custom images instead of those provided by Digital Ocean may result in reduced security control, as user-created images may not include the latest security patches and configurations that are routinely maintained and updated in provider-supplied images.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.image_type", + "equal", + "custom" + ] + ], + "id_suffix": "image_type" +} + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-features-monitoring.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-features-monitoring.json new file mode 100644 index 000000000..477c6740d --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-features-monitoring.json @@ -0,0 +1,16 @@ +{ + "description": "Droplets without improved metrics monitoring enabled", + "rationale": "Droplets without improved metrics monitoring enabled", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.features_monitoring", + "equal", + "False" + ] + ], + "id_suffix": "features_monitoring" +} + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json new file mode 100644 index 000000000..e8f1937c7 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-firewall-not-attached.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets with no firewall attached", + "rationale": "Droplet should have a firewall atatched for enabling secure network configuration", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.firewalls", + "null", + "" + ] + ], + "id_suffix": "firewalls" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json new file mode 100644 index 000000000..cc9d7a86a --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-port-22-exposed.json @@ -0,0 +1,15 @@ +{ + "description": "Droplets with port 22 exposed to public", + "rationale": "Droplets should have port 22 restricted to trusted networks", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.port_22_exposed", + "equal", + "True" + ] + ], + "id_suffix": "port_22_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/droplet-droplets-snapshot-not-present.json b/ScoutSuite/providers/do/rules/findings/droplet-droplets-snapshot-not-present.json new file mode 100644 index 000000000..62b956eff --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/droplet-droplets-snapshot-not-present.json @@ -0,0 +1,17 @@ +{ + "description": "Droplets having no snapshots present", + "rationale": "Droplets should have at least 1 snapshot present for strategic points of recovery, for instance, before a major change or update.", + "dashboard_name": "Droplets", + "path": "droplet.droplets.id", + "conditions": [ + "and", + [ + "droplet.droplets.id.snapshot_ids", + "equal", + "[]" + ] + ], + "id_suffix": "snapshot_ids" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-autoupgrade-minor.json b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-autoupgrade-minor.json new file mode 100644 index 000000000..fec18603a --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-autoupgrade-minor.json @@ -0,0 +1,17 @@ +{ + "description": "Auto-Upgrade Minor Version Patches Disabled", + "rationale": "Enabling auto-upgrade for minor version patches in Kubernetes on Digital Ocean enhances security by automatically applying the latest security patches and bug fixes, ensuring that the system is protected against vulnerabilities without upgrading to a new minor version.", + "dashboard_name": "Kubernetes", + "path": "kubernetes.kubernetes.id", + "conditions": [ + "and", + [ + "kubernetes.kubernetes.id.auto_upgrade", + "equal", + "False" + ] + ], + "id_suffix": "auto_upgrade" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-ha-enabled.json b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-ha-enabled.json new file mode 100644 index 000000000..c6bb1f8f3 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-ha-enabled.json @@ -0,0 +1,17 @@ +{ + "description": "High Availability for Control Plane", + "rationale": "Enabling the High Availability Control Plane feature in Kubernetes on Digital Ocean ensures that the cluster remains operational even if one or more control nodes fail, enhancing the reliability and resilience of your applications. Please note that this feature cannot be disabled once it has been enabled.", + "dashboard_name": "Kubernetes", + "path": "kubernetes.kubernetes.id", + "conditions": [ + "and", + [ + "kubernetes.kubernetes.id.ha", + "equal", + "False" + ] + ], + "id_suffix": "ha" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-surge-upgrade.json b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-surge-upgrade.json new file mode 100644 index 000000000..d041b4f1d --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/kubernetes-kubernetes-surge-upgrade.json @@ -0,0 +1,17 @@ +{ + "description": "Surge Upgrade Disabled", + "rationale": "Enabling surge updates in Digital Ocean allows for the creation of additional nodes during updates before pods draining, ensuring that new versions are fully operational before old ones are terminated, thus avoiding downtime.", + "dashboard_name": "Kubernetes", + "path": "kubernetes.kubernetes.id", + "conditions": [ + "and", + [ + "kubernetes.kubernetes.id.surge_upgrade", + "equal", + "False" + ] + ], + "id_suffix": "surge_upgrade" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json b/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json new file mode 100644 index 000000000..9a8a42487 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-high-ttl.json @@ -0,0 +1,15 @@ +{ + "description": "Domain has a high TTL record", + "rationale": "Long TTLs delay the propagation of changes. For instance, if you update an IP address or switch services, clients will continue using old cached data until the TTL expires", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.highttl_records", + "notEqual", + "False" + ] + ], + "id_suffix": "highttl_records" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json new file mode 100644 index 000000000..d9c64dd38 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dkim.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing DKIM record", + "rationale": "DKIM helps prevent email spoofing by adding cryptographic signatures to your outgoing emails", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.dkim_record", + "equal", + "False" + ] + ], + "id_suffix": "dkim_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json new file mode 100644 index 000000000..350d18a28 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-dmarc.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing DMARC record", + "rationale": "A DMARC policy tells a receiving email server what to do after checking a domain's Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records, which are additional email authentication methods. Addtionally without DMARC, you won't be able receive reports about legitimate and unauthorized emails sent on behalf of your domain", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.dmarc_record", + "equal", + "False" + ] + ], + "id_suffix": "dmarc_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json new file mode 100644 index 000000000..d4f540b0b --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-missing-spf.json @@ -0,0 +1,15 @@ +{ + "description": "Domain is missing SPF record", + "rationale": "Without an SPF record, attackers can spoof your domain by sending emails that appear to originate from your legitimate domain", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.spf_record", + "equal", + "False" + ] + ], + "id_suffix": "spf_record" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json b/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json new file mode 100644 index 000000000..2b997e1aa --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-domains-spf-overly-permissive.json @@ -0,0 +1,15 @@ +{ + "description": "Domain has a overly permissive SPF record", + "rationale": "Overly permissive SPF record allows the anyone to send emails on your domain's behalf", + "dashboard_name": "Networking", + "path": "networking.domains.id", + "conditions": [ + "and", + [ + "networking.domains.id.spf_record_all", + "notEqual", + "False" + ] + ], + "id_suffix": "spf_record_all" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json b/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json new file mode 100644 index 000000000..fc037a57d --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-firewalls-public-ports.json @@ -0,0 +1,15 @@ +{ + "description": "Firewalls with publically exposed ports", + "rationale": "Firewalls should not expose sensitive exposed to public internet.", + "dashboard_name": "Networking", + "path": "networking.firewalls.id", + "conditions": [ + "and", + [ + "networking.firewalls.id.public_ports_enabled", + "equal", + "True" + ] + ], + "id_suffix": "public_ports_enabled" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json b/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json new file mode 100644 index 000000000..3087e3a14 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-firewalls-quad-zero.json @@ -0,0 +1,15 @@ +{ + "description": "Firewalls with quad zero configuration", + "rationale": "Firewalls with quad zero configuration expose all ports to public internet", + "dashboard_name": "Networking", + "path": "networking.firewalls.id", + "conditions": [ + "and", + [ + "networking.firewalls.id.all_ports_exposed", + "equal", + "True" + ] + ], + "id_suffix": "all_ports_exposed" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json new file mode 100644 index 000000000..c32919003 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-backend-keepalive-disabled.json @@ -0,0 +1,15 @@ +{ + "description": "Load Balancer with backend Keepalive disabled", + "rationale": "Consider enabling Keep-Alive to improve performance, reduce latency and load", + "dashboard_name": "Networking", + "path": "networking.load_balancers.id", + "conditions": [ + "and", + [ + "networking.load_balancers.id.enable_backend_keepalive", + "equal", + "False" + ] + ], + "id_suffix": "enable_backend_keepalive" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json new file mode 100644 index 000000000..8473227c7 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-ssl-redirect-disabled.json @@ -0,0 +1,15 @@ +{ + "description": "Load Balancer with SSL redirects disabled", + "rationale": "SSL redirects should be enabled to enforce https connection", + "dashboard_name": "Networking", + "path": "networking.load_balancers.id", + "conditions": [ + "and", + [ + "networking.load_balancers.id.redirect_http_to_https", + "equal", + "False" + ] + ], + "id_suffix": "redirect_http_to_https" +} diff --git a/ScoutSuite/providers/do/rules/findings/networking-load-balancer-without-droplet.json b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-without-droplet.json new file mode 100644 index 000000000..38b6cdd8c --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/networking-load-balancer-without-droplet.json @@ -0,0 +1,15 @@ +{ + "description": "Load Balancer without attached Droplets", + "rationale": "Load Balancer without attached Droplets", + "dashboard_name": "Networking", + "path": "networking.load_balancers.id", + "conditions": [ + "and", + [ + "networking.load_balancers.id.droplet_ids", + "equal", + "[]" + ] + ], + "id_suffix": "droplet_ids" +} diff --git a/ScoutSuite/providers/do/rules/findings/spaces-buckets-cors.json b/ScoutSuite/providers/do/rules/findings/spaces-buckets-cors.json new file mode 100644 index 000000000..72bfca120 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/spaces-buckets-cors.json @@ -0,0 +1,17 @@ +{ + "description": "CORS not configured in bucket", + "rationale": "CORS configuration in a bucket may significantly restrict web-based applications from accessing resources across different domains, potentially limiting the bucket's usefulness for content delivery and integration with external web services.", + "dashboard_name": "Spaces", + "path": "spaces.buckets.id", + "conditions": [ + "and", + [ + "spaces.buckets.id.CORS", + "equal", + "False" + ] + ], + "id_suffix": "CORS" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json new file mode 100644 index 000000000..500a641b2 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-read.json @@ -0,0 +1,17 @@ +{ + "description": "Bucket with public read access", + "rationale": "Buckets with sensitive data must be private only.", + "dashboard_name": "Spaces", + "path": "spaces.buckets.id", + "conditions": [ + "and", + [ + "spaces.buckets.id.public_read", + "equal", + "True" + ] + ], + "id_suffix": "public_read" +} + + diff --git a/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json new file mode 100644 index 000000000..ed3005fd9 --- /dev/null +++ b/ScoutSuite/providers/do/rules/findings/spaces-buckets-public-write.json @@ -0,0 +1,17 @@ +{ + "description": "Bucket with public write access", + "rationale": "Buckets with sensitive data must be private only.", + "dashboard_name": "Spaces", + "path": "spaces.buckets.id", + "conditions": [ + "and", + [ + "spaces.buckets.id.public_write", + "equal", + "true" + ] + ], + "id_suffix": "public_write" +} + + diff --git a/ScoutSuite/providers/do/rules/rulesets/default.json b/ScoutSuite/providers/do/rules/rulesets/default.json new file mode 100644 index 000000000..a56c2e8e0 --- /dev/null +++ b/ScoutSuite/providers/do/rules/rulesets/default.json @@ -0,0 +1,167 @@ +{ + "about": "Default ruleset for DigitalOcean.", + "rules": { + "droplet-droplets-backup-not-enabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "droplet-droplets-snapshot-not-present.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-load-balancer-without-droplet.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-custom-image.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-backup-not-present.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-firewall-not-attached.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "droplet-droplets-port-22-exposed.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "droplet-droplets-all-ports-exposed.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "spaces-buckets-public-read.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "spaces-buckets-cors.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-firewalls-public-ports.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-firewalls-quad-zero.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-load-balancer-ssl-redirect-disabled.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-load-balancer-backend-keepalive-disabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-missing-spf.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-domains-missing-dkim.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-missing-dmarc.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "networking-domains-spf-overly-permissive.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "networking-domains-high-ttl.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "database-databases-mysql-user-legacy-encryption.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "database-databases-redis-evicition-policy.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "database-databases-postgres-connection-pools.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "database-databases-postgres-trusted-sources.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "droplet-droplets-features-monitoring.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetes-kubernetes-ha-enabled.json": [ + { + "enabled": true, + "level": "warning" + } + ], + "kubernetes-kubernetes-surge-upgrade.json": [ + { + "enabled": true, + "level": "danger" + } + ], + "kubernetes-kubernetes-autoupgrade-minor.json": [ + { + "enabled": true, + "level": "warning" + } + ] + } +} diff --git a/ScoutSuite/providers/do/rules/rulesets/filters.json b/ScoutSuite/providers/do/rules/rulesets/filters.json new file mode 100644 index 000000000..d6a73a987 --- /dev/null +++ b/ScoutSuite/providers/do/rules/rulesets/filters.json @@ -0,0 +1,4 @@ +{ + "about": "Default set of filters for Scout", + "rules": {} +} diff --git a/ScoutSuite/providers/do/services.py b/ScoutSuite/providers/do/services.py new file mode 100644 index 000000000..80eab0ae3 --- /dev/null +++ b/ScoutSuite/providers/do/services.py @@ -0,0 +1,25 @@ +from ScoutSuite.providers.do.authentication_strategy import DoCredentials +from ScoutSuite.providers.do.resources.droplet.base import Droplets +from ScoutSuite.providers.do.resources.spaces.base import Spaces +from ScoutSuite.providers.do.resources.networking.base import Networking +from ScoutSuite.providers.do.resources.database.base import Databases +from ScoutSuite.providers.do.resources.kubernetes.base import Kubernetes +from ScoutSuite.providers.do.facade.base import DoFacade +from ScoutSuite.providers.base.services import BaseServicesConfig + + +class DigitalOceanServicesConfig(BaseServicesConfig): + def __init__(self, credentials: DoCredentials = None, **kwargs): + super().__init__(credentials) + + facade = DoFacade(credentials) + + self.droplet = Droplets(facade) + self.networking = Networking(facade) + self.database = Databases(facade) + self.kubernetes = Kubernetes(facade) + if self.credentials.session: + self.spaces = Spaces(facade) + + def _is_provider(self, provider_name): + return provider_name == "do" diff --git a/ScoutSuite/providers/do/utils.py b/ScoutSuite/providers/do/utils.py new file mode 100644 index 000000000..c08c8becb --- /dev/null +++ b/ScoutSuite/providers/do/utils.py @@ -0,0 +1,23 @@ +import boto3 +from ScoutSuite.core.console import print_exception, print_debug, print_warning + + +def get_client(service: str, session: boto3.session.Session, region: str = None): + """ + Instantiates an DO Spaces API client + + """ + + try: + return ( + session.client( + service, + region_name=region, + endpoint_url="https://" + region + ".digitaloceanspaces.com", + ) + if region + else session.client(service) + ) + except Exception as e: + print_exception(f"Failed to create client for the {service} service: {e}") + return None diff --git a/requirements.txt b/requirements.txt index 7f53a4dfc..eb8c8cdda 100755 --- a/requirements.txt +++ b/requirements.txt @@ -65,4 +65,7 @@ oss2>=2.8.0 oci>=2.2.4 # Kubernetes SDK -kubernetes \ No newline at end of file +kubernetes + +# DigitalOcean Cloud Provider +pydo >=0.2.0 diff --git a/tools/process_raw_response.py b/tools/process_raw_response.py index eec1a5c51..c2044f69d 100755 --- a/tools/process_raw_response.py +++ b/tools/process_raw_response.py @@ -52,7 +52,7 @@ def camel_to_snake(name, upper=False): parser.add_argument('-v', '--value', required=True, help="The raw response") args = parser.parse_args() - if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'kubernetes']: + if args.provider not in ['aws', 'azure', 'aliyun', 'gcp', 'oci', 'do', 'kubernetes']: # TODO support more providers print('Provider not implemented') exit() @@ -79,6 +79,9 @@ def camel_to_snake(name, upper=False): elif args.provider == 'oci': object_format = 'raw_{}.{}' object_value_dict = json.loads(args.value) + elif args.provider == 'do': + object_format = 'raw_{}.{}' + object_value_dict = json.loads(args.value) elif args.provider == 'kubernetes': object_format = 'raw_{}.{}' object_value_dict = json.loads(args.value) From 4ff22f30af2a3f18e0974fb9be036d5b21e2de0b Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Wed, 8 May 2024 12:12:33 +0200 Subject: [PATCH 975/979] Revert "Fixed incompatible packages - Update requirements.txt" --- requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 0df01cc5a..7f53a4dfc 100755 --- a/requirements.txt +++ b/requirements.txt @@ -19,10 +19,10 @@ google-cloud-container>=2.1.0 google-cloud-core>=0.29.1 google-cloud-iam>=0.1.0 google-cloud-logging>=2.2.0 -google-cloud-monitoring==1.1.1 +google-cloud-monitoring==1.1.0 google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 -google-cloud-kms==1.4.1 +google-cloud-kms==1.3.0 ## API Client Libraries google-api-python-client>=2.47.0 oauth2client>=4.1.3 @@ -65,4 +65,4 @@ oss2>=2.8.0 oci>=2.2.4 # Kubernetes SDK -kubernetes +kubernetes \ No newline at end of file From 8dbdf2f27616625d04a35679088b8339ea3adac2 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Wed, 8 May 2024 12:16:13 +0200 Subject: [PATCH 976/979] Update requirements.txt Update some GCP dependencies as in https://github.com/nccgroup/ScoutSuite/pull/1589 and pin protobuf 3.20.1 since more recent versions break GCP libs --- requirements.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index b43a0e8b8..d43d62487 100755 --- a/requirements.txt +++ b/requirements.txt @@ -6,6 +6,7 @@ cherrypy>=18.1.0 cherrypy-cors>=1.6 coloredlogs<=10.0 asyncio-throttle==0.1.1 +protobuf==3.20.1 # AWS Provider botocore>=1.20.21 @@ -19,10 +20,10 @@ google-cloud-container>=2.1.0 google-cloud-core>=0.29.1 google-cloud-iam>=0.1.0 google-cloud-logging>=2.2.0 -google-cloud-monitoring==1.1.0 +google-cloud-monitoring==1.1.1 google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 -google-cloud-kms==1.3.0 +google-cloud-kms==1.4.1 ## API Client Libraries google-api-python-client>=2.47.0 oauth2client>=4.1.3 @@ -68,4 +69,4 @@ oci>=2.2.4 kubernetes # DigitalOcean Cloud Provider -pydo >=0.2.0 \ No newline at end of file +pydo >=0.2.0 From 869455694b55f04efd93150741d7122d364ef439 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Wed, 8 May 2024 12:51:58 +0200 Subject: [PATCH 977/979] Update requirements.txt --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index d43d62487..e014a86c6 100755 --- a/requirements.txt +++ b/requirements.txt @@ -20,10 +20,10 @@ google-cloud-container>=2.1.0 google-cloud-core>=0.29.1 google-cloud-iam>=0.1.0 google-cloud-logging>=2.2.0 -google-cloud-monitoring==1.1.1 +google-cloud-monitoring==1.1.0 google-cloud-resource-manager>=0.28.3 google-cloud-storage>=1.13.2 -google-cloud-kms==1.4.1 +google-cloud-kms==1.3.0 ## API Client Libraries google-api-python-client>=2.47.0 oauth2client>=4.1.3 From 3654d547b44ed01fe826106cf0937729ad0139db Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Wed, 8 May 2024 12:52:08 +0200 Subject: [PATCH 978/979] Update requirements.txt --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e014a86c6..eb8c8cdda 100755 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,6 @@ cherrypy>=18.1.0 cherrypy-cors>=1.6 coloredlogs<=10.0 asyncio-throttle==0.1.1 -protobuf==3.20.1 # AWS Provider botocore>=1.20.21 From 4194142c0433c1211901e08365b3722e173788c0 Mon Sep 17 00:00:00 2001 From: fernando-gallego <102300106+fernando-gallego@users.noreply.github.com> Date: Fri, 10 May 2024 11:09:31 +0200 Subject: [PATCH 979/979] Update __init__.py Update to v5.14.0 --- ScoutSuite/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScoutSuite/__init__.py b/ScoutSuite/__init__.py index b791ff203..7a45051d3 100755 --- a/ScoutSuite/__init__.py +++ b/ScoutSuite/__init__.py @@ -1,5 +1,5 @@ __author__ = 'NCC Group' -__version__ = '5.13.0' +__version__ = '5.14.0' ERRORS_LIST = []