add id field for matching siac/terrascan policies

pkg/policies/opa/rego/aws/aws_ami/AWS.EC2.Encryption&KeyManagement.Medium.0688.json

@@ -8,5 +8,6 @@
     "description": "Enable AWS AMI Encryption",
     "reference_id": "AWS.EC2.Encryption\u0026KeyManagement.Medium.0688",
     "category": "Infrastructure Security",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0005"
 }

pkg/policies/opa/rego/aws/aws_ami_launch_permission/AWS.AMI.NS.Medium.1040.json

@@ -10,5 +10,6 @@
     "description": "Limit access to AWS AMIs",
     "reference_id": "AWS.AMI.NS.Medium.1040",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0006"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_method_settings/AWS.API Gateway.Logging.Medium.0569.json

@@ -8,5 +8,6 @@
     "description": "Enable Detailed CloudWatch Metrics for APIs",
     "reference_id": "AWS.API Gateway.Logging.Medium.0569",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0007"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Medium.0568.json

@@ -8,5 +8,6 @@
     "description": "Enable Content Encoding",
     "reference_id": "AWS.APIGateway.Medium.0568",
     "category": "Infrastructure Security",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0010"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Network Security.Medium.0570.json

@@ -8,5 +8,6 @@
     "description": "API Gateway Private Endpoints",
     "reference_id": "AWS.APIGateway.Network Security.Medium.0570",
     "category": "Infrastructure Security",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0011"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0567.json

@@ -8,5 +8,6 @@
     "description": "Enable AWS CloudWatch Logs for APIs",
     "reference_id": "AWS.API Gateway.Logging.Medium.0567",
     "category": "Logging and Monitoring",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0014"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0571.json

@@ -4,9 +4,10 @@
     "policy_type": "aws",
     "resource_type": "aws_api_gateway_stage",
     "template_args": null,
-    "severity": "MEDIUM",
+    "severity": "LOW",
     "description": "Ensure AWS API Gateway has active xray tracing enabled",
     "reference_id": "AWS.API Gateway.Logging.Medium.0571",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0015"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0572.json

@@ -10,5 +10,6 @@
     "description": "Ensure that AWS CloudWatch logs are enabled for all your APIs created with Amazon API Gateway service in order to track and analyze execution behavior at the API stage level.",
     "reference_id": "AWS.API Gateway.Logging.Medium.0572",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0012"
 }

pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Network Security.Medium.0565.json

@@ -8,5 +8,6 @@
     "description": "Enable SSL Client Certificate",
     "reference_id": "AWS.API Gateway.Network Security.Medium.0565",
     "category": "Infrastructure Security",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0013"
 }

pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0603.json

@@ -11,5 +11,6 @@
     "description": "Enable AWS CloudFormation Stack Notifications",
     "reference_id": "AWS.CloudFormation.Medium.0603",
     "category": "Security Best Practices",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0021"
 }

pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0605.json

@@ -8,5 +8,6 @@
     "description": "Enable AWS CloudFormation Stack Termination Protection",
     "reference_id": "AWS.CloudFormation.Medium.0605",
     "category": "Security Best Practices",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0022"
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AC-AW-IS-CD-M-0026.json

@@ -6,9 +6,10 @@
     "template_args": {
         "prefix": ""
     },
-    "severity": "Medium",
+    "severity": "LOW",
     "description": "Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.",
     "reference_id": "AC-AW-IS-CD-M-0026",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0026"
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AC-AW-IS-CD-M-1186.json

@@ -8,5 +8,6 @@
     "description": "Ensure that cloud-front has web application firewall enabled",
     "reference_id": "AC-AW-IS-CD-M-1186",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0032"
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json

@@ -10,5 +10,6 @@
     "description": "Use encrypted connection between CloudFront and origin server",
     "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0407",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0024"
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json

@@ -10,5 +10,6 @@
     "description": "Secure ciphers are not used in CloudFront distribution",
     "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0408",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0023"
 }

pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json

@@ -10,5 +10,6 @@
     "description": "Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).",
     "reference_id": "AWS.CloudFront.Logging.Medium.0567",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0025"
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json

@@ -10,5 +10,6 @@
     "description": "Ensure CloudTrail logs are encrypted using KMS",
     "reference_id": "AWS.CloudTrail.Logging.High.0399",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0033"
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.009.json

@@ -1,6 +1,8 @@
 {
     "name": "ecrmaketagsimmutable",
     "file": "ecr_make_tags_immutable.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json

@@ -10,5 +10,6 @@
     "description": "Ensure appropriate subscribers to each SNS topic",
     "reference_id": "AWS.CloudTrail.Logging.Low.0559",
     "category": "Logging and Monitoring",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0035"
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.004.json

@@ -1,6 +1,8 @@
 {
     "name": "cloudTrailMultiRegionEnabled",
     "file": "cloudTrailMultiRegion.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.007.json

@@ -1,6 +1,8 @@
 {
     "name": "dynamoderecovery_enabled",
     "file": "dynamodb_without_recovery_enabled.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.008.json

@@ -1,6 +1,8 @@
 {
     "name": "ec2ebsnotoptimized",
     "file": "ec2_ebs_not_optimized.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json

@@ -1,12 +1,15 @@
 {
     "name": "cloudTrailMultiRegionNotCreated",
     "file": "cloudTrailMultiRegionNotCreated.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },
     "severity": "MEDIUM",
     "description": "Cloud Trail Multi Region not enabled",
     "reference_id": "AWS.CloudTrail.Logging.Medium.0460",
-    "category": "Logging",
-    "version": 2
+    "category": "Logging and Monitoring",
+    "version": 2,
+    "id": "AC_AWS_0034"
 }

pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.Config.Logging.Medium.0590.json

@@ -1,6 +1,8 @@
 {
     "name": "configEnabledForAllRegions",
     "file": "configEnabled.rego",
+    "policy_type": "",
+    "resource_type": "",
     "template_args": {
         "prefix": ""
     },

pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.Logging.Medium.0631.json

@@ -8,5 +8,6 @@
     "description": "App-Tier CloudWatch Log Group Retention Period",
     "reference_id": "AWS.CloudWatch.Logging.Medium.0631",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0041"
 }

pkg/policies/opa/rego/aws/aws_config/AWS.Config.Encryption&KeyManagement.Medium.0660.json

@@ -8,5 +8,6 @@
     "description": "Ensure AWS Config Rule is enabled for Encrypted Volumes",
     "reference_id": "AWS.Config.Encryption\u0026KeyManagement.Medium.0660",
     "category": "Data Protection",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0048"
 }

pkg/policies/opa/rego/aws/aws_config_configuration_aggregator/AWS.Config.Logging.HIGH.0590.json

@@ -10,5 +10,6 @@
     "description": "Ensure AWS Config is enabled in all regions",
     "reference_id": "AWS.Config.Logging.HIGH.0590",
     "category": "Logging and Monitoring",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0049"
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1041.json

@@ -10,5 +10,6 @@
     "description": "RDS Instance Auto Minor Version Upgrade flag disabled",
     "reference_id": "AWS.RDS.DS.High.1041",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0056"
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1042.json

@@ -10,5 +10,6 @@
     "description": "Ensure Certificate used in RDS instance is updated",
     "reference_id": "AWS.RDS.DS.High.1042",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0057"
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json

@@ -8,5 +8,6 @@
     "description": "Ensure that your RDS database instances encrypt the underlying storage. Encrypted RDS instances use the industry standard AES-256 encryption algorithm to encrypt data on the server that hosts RDS DB instances. After data is encrypted, RDS handles authentication of access and descryption of data transparently with minimal impact on performance.",
     "reference_id": "AWS.RDS.DataSecurity.High.0414",
     "category": "Data Protection",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0058"
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0577.json

@@ -6,9 +6,10 @@
     "template_args": {
         "prefix": ""
     },
-    "severity": "HIGH",
+    "severity": "MEDIUM",
     "description": "Ensure that your RDS database has IAM Authentication enabled.",
     "reference_id": "AWS.RDS.DataSecurity.High.0577",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0053"
 }

pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.NS.High.0101.json

@@ -10,5 +10,6 @@
     "description": "RDS Instance publicly_accessible flag is true",
     "reference_id": "AWS.RDS.NS.High.0101",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0054"
 }

pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0101.json

@@ -10,5 +10,6 @@
     "description": "RDS should not be defined with public interface. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.",
     "reference_id": "AWS.RDS.NetworkSecurity.High.0101",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0066"
 }

pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0102.json

@@ -10,5 +10,6 @@
     "description": "RDS should not be open to a public scope. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.",
     "reference_id": "AWS.RDS.NetworkSecurity.High.0102",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0067"
 }

pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0103.json

@@ -10,5 +10,6 @@
     "description": "RDS should not be open to a large scope. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.",
     "reference_id": "AWS.RDS.NetworkSecurity.High.0103",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0065"
 }

pkg/policies/opa/rego/aws/aws_ebs_encryption_by_default/AWS.EBS.DataSecurity.High.0580.json

@@ -10,5 +10,6 @@
     "description": "Ensure that the AWS EBS that hold sensitive and critical data is encrypted by default to fulfill compliance requirements for data-at-rest encryption.",
     "reference_id": "AWS.EBS.DataSecurity.High.0580",
     "category": "Data Protection",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0079"
 }

pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.ECR.DataSecurity.High.0578.json

@@ -10,5 +10,6 @@
     "description": "Unscanned images may contain vulnerabilities",
     "reference_id": "AWS.ECR.DataSecurity.High.0578",
     "category": "Configuration and Vulnerability Analysis",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0083"
 }

pkg/policies/opa/rego/aws/aws_ecr_repository_policy/AWS.ECR.DataSecurity.High.0579.json

@@ -10,5 +10,6 @@
     "description": "Identify any exposed Amazon ECR image repositories available within your AWS account and update their permissions in order to protect against unauthorized access. Amazon Elastic Container Registry (ECR) is a managed Docker registry service that makes it easy for DevOps teams to store, manage and deploy Docker container images. An ECR repository is a collection of Docker images available on AWS cloud.",
     "reference_id": "AWS.ECR.DataSecurity.High.0579",
     "category": "Identity and Access Management",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0084"
 }

pkg/policies/opa/rego/aws/aws_ecs_service/AWS.ECS.High.0436.json

@@ -8,5 +8,6 @@
     "description": "Ensure there are no ECS services Admin roles",
     "reference_id": "AWS.ECS.High.0436",
     "category": "Identity and Access Management",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0087"
 }

pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.EcsCluster.NetworkSecurity.High.0104.json

@@ -10,5 +10,6 @@
     "description": "Like any other EC2 instance it is recommended to place ECS instance within a VPC. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations",
     "reference_id": "AWS.EcsCluster.NetworkSecurity.High.0104",
     "category": "Infrastructure Security",
-    "version": 2
+    "version": 2,
+    "id": "AC_AWS_0088"
 }

pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.LaunchConfiguration.DataSecurity.High.0101.json

@@ -12,5 +12,6 @@
     "description": "Sensitive Information Disclosure",
     "reference_id": "AWS.LaunchConfiguration.DataSecurity.High.0101",
     "category": "Data Protection",
-    "version": 1
+    "version": 1,
+    "id": "AC_AWS_0095"
 }