-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcustodian.yml
62 lines (62 loc) · 1.61 KB
/
custodian.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
policies:
- name: password-policy-validation
resource: account
region: us-east-1
filters:
- or:
- type: password-policy
key: MinimumPasswordLength
value: 12
op: less-than
- type: password-policy
key: RequireSymbols
value: false
- type: password-policy
key: AllowUsersToChangePassword
value: false
- type: password-policy
key: PasswordPolicyConfigured
value: false
- type: password-policy
key: RequireUppercaseCharacters
value: false
- type: password-policy
key: RequireLowercaseCharacters
value: false
- type: password-policy
key: RequireNumbers
value: false
- type: password-policy
key: ExpirePasswords
value: false
- type: password-policy
key: PasswordReusePrevention
value: 5
op: less-than
- type: password-policy
key: MaxPasswordAge
value: 120
op: less-than
- name: account-cloudtrail-status
resource: account
region: us-east-1
filters:
- type: check-cloudtrail
global-events: true
multi-region: true
running: true
- name: account-check-config-services
resource: account
region: us-east-1
filters:
- type: check-config
all-resources: true
global-resources: false
running: true
- name: root-no-mfa
resource: account
filters:
- type: iam-summary
key: AccountMFAEnabled
value: true
op: ne