Various test updates

jkamenik · jkamenik · commit e6d71886ed9e · 2025-08-26T13:35:01.000-04:00
diff --git a/aws/cloudformation/abstract/vpc-flow-logs-misconfig/README.md b/aws/cloudformation/abstract/vpc-flow-logs-misconfig/README.md
@@ -6,4 +6,4 @@ Here a flow log set to the wrong bucket.  It should be fixed.
 
 The expectation assumes the following:
 
-- VPC Flow Log LogDestination: `!Sub "arn:aws:s3:::gomboc-security-flowlogs-480437182633/${VPC}/"`
+1. The VPC Flow Log LogDestination: `!Sub "arn:aws:s3:::gomboc-security-flowlogs-480437182633/${VPC}/"`
diff --git a/aws/cloudformation/iac-scanning-poc/README.md b/aws/cloudformation/iac-scanning-poc/README.md
@@ -14,7 +14,8 @@ This is a combination of several scenarios:
 
 The expected results assumes the following:
 
-1. The VPC flowlog destination is gomboc specific bucket with the VPC id as the prefix:
+1. The VPC flowlog object name is "FlowLogBucket"
+2. The VPC flowlog destination is gomboc specific bucket with the VPC id as the prefix:
   1. `!Sub "arn:aws:s3:::gomboc-security-flowlogs-480437182633/${VPC}/"`
-2. The VPC SG safe port is "65535"
-3. The VPC SG safe CIDR is "1.1.1.1/32"
+3. The VPC SG safe port is "65535"
+4. The VPC SG safe CIDR is "1.1.1.1/32"
diff --git a/aws/cloudformation/iac-scanning-poc/main.yaml b/aws/cloudformation/iac-scanning-poc/main.yaml
@@ -164,7 +164,6 @@ Resources:
       GroupName: !Ref EnvironmentName
       GroupDescription: The security group for our test
       VpcId: !Ref VPC
-# Uncomment this to allow all traffic to the EC2 instance and create the misconfiguration
       SecurityGroupIngress:
         - IpProtocol: tcp
           FromPort: 0
@@ -255,7 +254,10 @@ Resources:
         - DeviceName: /dev/xvda
           Ebs:
             VolumeSize: 20
-            # Encrypted: true # Uncomment this to "fix" the issue of a non-encrypted drive
+            Encrypted: false
+        - DeviceName: /dev/xvdb
+          Ebs:
+            VolumeSize: 20
 #######################################
 ## This section is for the S3 Bucket ##
 #######################################
@@ -268,11 +270,6 @@ Resources:
         BlockPublicPolicy: false
         IgnorePublicAcls: false
         RestrictPublicBuckets: false
-# Uncomment this section to make an encrypted bucket
-      # BucketEncryption:
-      #   ServerSideEncryptionConfiguration:
-      #     - ServerSideEncryptionByDefault:
-      #         SSEAlgorithm: AES256
 ############################################
 ## This section is for the DynamoDB table ##
 ############################################

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,4 @@ Here a flow log set to the wrong bucket. It should be fixed.`
`6`	`6`
`7`	`7`	`The expectation assumes the following:`
`8`	`8`
`9`		-- VPC Flow Log LogDestination: `!Sub "arn:aws:s3:::gomboc-security-flowlogs-480437182633/${VPC}/"`
	`9`	+1. The VPC Flow Log LogDestination: `!Sub "arn:aws:s3:::gomboc-security-flowlogs-480437182633/${VPC}/"`