diff --git a/example/example_01/aws/encryption.feature b/example/example_01/aws/encryption.feature new file mode 100644 index 00000000..3f4b8de0 --- /dev/null +++ b/example/example_01/aws/encryption.feature @@ -0,0 +1,17 @@ +Feature: Resources should be encrypted + In order to improve security + As engineers + We'll enforce encryption + + Scenario: RDS instances + When I define a AWS RDS instance + Then encryption must be enabled + + Scenario: EC2 instance block devices + When I define a AWS EC2 instance + And it contains a ebs_block_device + Then encryption must be enabled + + Scenario: EBS volumes + When I define a AWS EBS volume + Then encryption must be enabled diff --git a/example/example_01/aws/security_groups.feature b/example/example_01/aws/security_groups.feature index efbe3727..168daff4 100644 --- a/example/example_01/aws/security_groups.feature +++ b/example/example_01/aws/security_groups.feature @@ -4,7 +4,7 @@ Feature: Security Groups should be used to protect services/instances We'll use AWS Security Groups as a Perimeter Defence Scenario Outline: Policy Structure - Given I define AWS Security Group + When I define AWS Security Group Then it must contain Examples: @@ -13,7 +13,7 @@ Feature: Security Groups should be used to protect services/instances | egress | Scenario Outline: Well-known insecure protocol exposure on Public Network for ingress traffic - Given I define AWS Security Group + When I define AWS Security Group Then it must contain ingress with protocol and not port for 0.0.0.0/0 diff --git a/example/example_01/aws/subnets.feature b/example/example_01/aws/subnets.feature index 543dbea1..453c80f0 100644 --- a/example/example_01/aws/subnets.feature +++ b/example/example_01/aws/subnets.feature @@ -5,6 +5,6 @@ Feature: Subnets should be defined properly for network security We'll use a layered architecture in our AWS Environment Scenario: Subnet Count - Given I define AWS Subnet + When I define AWS Subnet When I count them Then I expect the result is more than 2 diff --git a/example/example_01/aws/tags.feature b/example/example_01/aws/tags.feature new file mode 100644 index 00000000..765e70f5 --- /dev/null +++ b/example/example_01/aws/tags.feature @@ -0,0 +1,32 @@ +Feature: Resources should be properly tagged + In order to keep track of resource ownership + As engineers + We'll enforce tagging on all resources + + Scenario: Name tag + When I define a resource that supports tags + Then it must have the "Name" tag + And its value must match the "darwin.*" regex + + Scenario: Environment tag + When I define a resource that supports tags + Then it must have the "Environment" tag + And its value must be set by a variable + + Scenario: Project tag + When I define a resource that supports tags + Then it must have the "Project" tag + And its value must match the "Darwin" regex + + Scenario: Service tag + When I define a resource that supports tags + Then it must have the "Service" tag + And its value must match the "modelling|enhancement|routing|scoring" regex + + Scenario: Function tag + When I define a resource that supports tags + Then it must have the "Function" tag + + Scenario: Billing tag + When I define a resource that supports tags + Then it must have the "Billing" tag