LICENSE
README.md
pyproject.toml
terrifying/__init__.py
terrifying/__main__.py
terrifying/cli.py
terrifying/pytest_plugin.py
terrifying/skill.py
terrifying/tui.py
terrifying.egg-info/PKG-INFO
terrifying.egg-info/SOURCES.txt
terrifying.egg-info/dependency_links.txt
terrifying.egg-info/entry_points.txt
terrifying.egg-info/requires.txt
terrifying.egg-info/top_level.txt
terrifying/core/__init__.py
terrifying/core/config.py
terrifying/core/context.py
terrifying/core/discovery.py
terrifying/core/parser.py
terrifying/core/rule.py
terrifying/core/runner.py
terrifying/policies/__init__.py
terrifying/policies/add.py
terrifying/policies/c7n.py
terrifying/policies/opa.py
terrifying/policies/library/__init__.py
terrifying/policies/library/manifest.yaml
terrifying/policies/library/apigateway/api-gw-associated-with-waf.rego
terrifying/policies/library/apigateway/api-gw-associated-with-waf.yml
terrifying/policies/library/apigateway/api-gw-cache-encrypted.rego
terrifying/policies/library/apigateway/api-gw-cache-encrypted.yml
terrifying/policies/library/apigateway/api-gw-execution-logging-enabled.rego
terrifying/policies/library/apigateway/api-gw-execution-logging-enabled.yml
terrifying/policies/library/apigateway/api-gw-ssl-enabled.rego
terrifying/policies/library/apigateway/api-gw-ssl-enabled.yml
terrifying/policies/library/apigateway/api-gw-xray-enabled.rego
terrifying/policies/library/apigateway/api-gw-xray-enabled.yml
terrifying/policies/library/apigateway/apigateway-domain-name-tls-check.rego
terrifying/policies/library/apigateway/apigateway-domain-name-tls-check.yml
terrifying/policies/library/autoscaling/autoscaling-group-elb-healthcheck-required.rego
terrifying/policies/library/autoscaling/autoscaling-group-elb-healthcheck-required.yml
terrifying/policies/library/autoscaling/autoscaling-launch-config-public-ip-disabled.rego
terrifying/policies/library/autoscaling/autoscaling-launch-config-public-ip-disabled.yml
terrifying/policies/library/autoscaling/autoscaling-launchconfig-requires-imdsv2.rego
terrifying/policies/library/autoscaling/autoscaling-launchconfig-requires-imdsv2.yml
terrifying/policies/library/autoscaling/autoscaling-multiple-az.rego
terrifying/policies/library/autoscaling/autoscaling-multiple-az.yml
terrifying/policies/library/cloudfront/cloudfront-accesslogs-enabled.rego
terrifying/policies/library/cloudfront/cloudfront-accesslogs-enabled.yml
terrifying/policies/library/cloudfront/cloudfront-associated-with-waf.rego
terrifying/policies/library/cloudfront/cloudfront-associated-with-waf.yml
terrifying/policies/library/cloudfront/cloudfront-custom-ssl-certificate.rego
terrifying/policies/library/cloudfront/cloudfront-custom-ssl-certificate.yml
terrifying/policies/library/cloudfront/cloudfront-default-root-object-configured.rego
terrifying/policies/library/cloudfront/cloudfront-default-root-object-configured.yml
terrifying/policies/library/cloudfront/cloudfront-no-deprecated-ssl-protocols.rego
terrifying/policies/library/cloudfront/cloudfront-no-deprecated-ssl-protocols.yml
terrifying/policies/library/cloudfront/cloudfront-origin-failover-enabled.rego
terrifying/policies/library/cloudfront/cloudfront-origin-failover-enabled.yml
terrifying/policies/library/cloudfront/cloudfront-s3-origin-access-control-enabled.rego
terrifying/policies/library/cloudfront/cloudfront-s3-origin-access-control-enabled.yml
terrifying/policies/library/cloudfront/cloudfront-ssl-policy-check.rego
terrifying/policies/library/cloudfront/cloudfront-ssl-policy-check.yml
terrifying/policies/library/cloudfront/cloudfront-traffic-to-origin-encrypted.rego
terrifying/policies/library/cloudfront/cloudfront-traffic-to-origin-encrypted.yml
terrifying/policies/library/cloudfront/cloudfront-viewer-policy-https.rego
terrifying/policies/library/cloudfront/cloudfront-viewer-policy-https.yml
terrifying/policies/library/cloudtrail/cloud-trail-cloud-watch-logs-enabled.rego
terrifying/policies/library/cloudtrail/cloud-trail-cloud-watch-logs-enabled.yml
terrifying/policies/library/cloudtrail/cloud-trail-encryption-enabled.rego
terrifying/policies/library/cloudtrail/cloud-trail-encryption-enabled.yml
terrifying/policies/library/cloudtrail/cloud-trail-log-file-validation-enabled.rego
terrifying/policies/library/cloudtrail/cloud-trail-log-file-validation-enabled.yml
terrifying/policies/library/cloudwatch/cloudwatch-alarm-action-check.rego
terrifying/policies/library/cloudwatch/cloudwatch-alarm-action-check.yml
terrifying/policies/library/cloudwatch/cw-loggroup-retention-period-check.rego
terrifying/policies/library/cloudwatch/cw-loggroup-retention-period-check.yml
terrifying/policies/library/codebuild/codebuild-project-envvar-awscred-check.rego
terrifying/policies/library/codebuild/codebuild-project-envvar-awscred-check.yml
terrifying/policies/library/codebuild/codebuild-project-logging-enabled.rego
terrifying/policies/library/codebuild/codebuild-project-logging-enabled.yml
terrifying/policies/library/codebuild/codebuild-project-s3-logs-encrypted.rego
terrifying/policies/library/codebuild/codebuild-project-s3-logs-encrypted.yml
terrifying/policies/library/codebuild/codebuild-project-source-repo-url-check.rego
terrifying/policies/library/codebuild/codebuild-project-source-repo-url-check.yml
terrifying/policies/library/cognito/cognito-user-pool-deletion-protection.rego
terrifying/policies/library/cognito/cognito-user-pool-deletion-protection.yml
terrifying/policies/library/cognito/cognito-user-pool-mfa-enabled.rego
terrifying/policies/library/cognito/cognito-user-pool-mfa-enabled.yml
terrifying/policies/library/cognito/cognito-user-pool-password-policy.rego
terrifying/policies/library/cognito/cognito-user-pool-password-policy.yml
terrifying/policies/library/dms/dms-replication-not-public.rego
terrifying/policies/library/dms/dms-replication-not-public.yml
terrifying/policies/library/documentdb/documentdb-cluster-audit-logging.rego
terrifying/policies/library/documentdb/documentdb-cluster-audit-logging.yml
terrifying/policies/library/documentdb/documentdb-cluster-backup-retention.rego
terrifying/policies/library/documentdb/documentdb-cluster-backup-retention.yml
terrifying/policies/library/documentdb/documentdb-cluster-deletion-protection.rego
terrifying/policies/library/documentdb/documentdb-cluster-deletion-protection.yml
terrifying/policies/library/documentdb/documentdb-cluster-encrypted.rego
terrifying/policies/library/documentdb/documentdb-cluster-encrypted.yml
terrifying/policies/library/dynamodb/dynamodb-autoscaling-enabled.rego
terrifying/policies/library/dynamodb/dynamodb-autoscaling-enabled.yml
terrifying/policies/library/dynamodb/dynamodb-pitr-enabled.rego
terrifying/policies/library/dynamodb/dynamodb-pitr-enabled.yml
terrifying/policies/library/dynamodb/dynamodb-table-deletion-protection-enabled.rego
terrifying/policies/library/dynamodb/dynamodb-table-deletion-protection-enabled.yml
terrifying/policies/library/ec2/ebs-optimized-instance.rego
terrifying/policies/library/ec2/ebs-optimized-instance.yml
terrifying/policies/library/ec2/ec2-ebs-encryption-by-default.rego
terrifying/policies/library/ec2/ec2-imdsv2-check.rego
terrifying/policies/library/ec2/ec2-imdsv2-check.yml
terrifying/policies/library/ec2/ec2-instance-no-public-ip.rego
terrifying/policies/library/ec2/ec2-instance-no-public-ip.yml
terrifying/policies/library/ec2/ec2-launch-template-imdsv2-check.rego
terrifying/policies/library/ec2/ec2-launch-template-imdsv2-check.yml
terrifying/policies/library/ec2/ec2-launch-template-public-ip-disabled.rego
terrifying/policies/library/ec2/ec2-launch-template-public-ip-disabled.yml
terrifying/policies/library/ec2/ec2-transit-gateway-auto-vpc-attach-disabled.rego
terrifying/policies/library/ec2/ec2-transit-gateway-auto-vpc-attach-disabled.yml
terrifying/policies/library/ec2/encrypted-volumes.rego
terrifying/policies/library/ec2/encrypted-volumes.yml
terrifying/policies/library/ec2/internet-gateway-authorized-vpc-only.rego
terrifying/policies/library/ec2/nacl-no-unrestricted-ssh-rdp.rego
terrifying/policies/library/ec2/nacl-no-unrestricted-ssh-rdp.yml
terrifying/policies/library/ec2/no-unrestricted-route-to-igw.rego
terrifying/policies/library/ec2/no-unrestricted-route-to-igw.yml
terrifying/policies/library/ec2/restricted-common-ports.rego
terrifying/policies/library/ec2/restricted-common-ports.yml
terrifying/policies/library/ec2/restricted-ssh.rego
terrifying/policies/library/ec2/restricted-ssh.yml
terrifying/policies/library/ec2/subnet-auto-assign-public-ip-disabled.rego
terrifying/policies/library/ec2/subnet-auto-assign-public-ip-disabled.yml
terrifying/policies/library/ec2/vpc-default-security-group-closed.rego
terrifying/policies/library/ec2/vpc-default-security-group-closed.yml
terrifying/policies/library/ec2/vpc-flow-logs-enabled.rego
terrifying/policies/library/ec2/vpc-flow-logs-enabled.yml
terrifying/policies/library/ec2/vpc-sg-open-only-to-authorized-ports.rego
terrifying/policies/library/ec2/vpc-sg-open-only-to-authorized-ports.yml
terrifying/policies/library/ecr/ecr-private-image-scanning-enabled.rego
terrifying/policies/library/ecr/ecr-private-image-scanning-enabled.yml
terrifying/policies/library/ecr/ecr-private-lifecycle-policy-configured.rego
terrifying/policies/library/ecr/ecr-private-lifecycle-policy-configured.yml
terrifying/policies/library/ecr/ecr-private-repo-kms-encrypted.rego
terrifying/policies/library/ecr/ecr-private-repo-kms-encrypted.yml
terrifying/policies/library/ecr/ecr-private-tag-immutability-enabled.rego
terrifying/policies/library/ecr/ecr-private-tag-immutability-enabled.yml
terrifying/policies/library/ecs/ecs-container-insights-enabled.rego
terrifying/policies/library/ecs/ecs-container-insights-enabled.yml
terrifying/policies/library/ecs/ecs-containers-nonprivileged.rego
terrifying/policies/library/ecs/ecs-containers-nonprivileged.yml
terrifying/policies/library/ecs/ecs-containers-readonly-access.rego
terrifying/policies/library/ecs/ecs-containers-readonly-access.yml
terrifying/policies/library/ecs/ecs-fargate-latest-platform-version.rego
terrifying/policies/library/ecs/ecs-fargate-latest-platform-version.yml
terrifying/policies/library/ecs/ecs-no-environment-secrets.rego
terrifying/policies/library/ecs/ecs-no-environment-secrets.yml
terrifying/policies/library/ecs/ecs-service-assign-public-ip-disabled.rego
terrifying/policies/library/ecs/ecs-service-assign-public-ip-disabled.yml
terrifying/policies/library/ecs/ecs-task-definition-host-network-mode.rego
terrifying/policies/library/ecs/ecs-task-definition-host-network-mode.yml
terrifying/policies/library/ecs/ecs-task-definition-linux-user-non-root.rego
terrifying/policies/library/ecs/ecs-task-definition-linux-user-non-root.yml
terrifying/policies/library/ecs/ecs-task-definition-log-configuration.rego
terrifying/policies/library/ecs/ecs-task-definition-log-configuration.yml
terrifying/policies/library/ecs/ecs-task-definition-pid-mode-check.rego
terrifying/policies/library/ecs/ecs-task-definition-pid-mode-check.yml
terrifying/policies/library/ecs/ecs-taskset-assign-public-ip-disabled.rego
terrifying/policies/library/ecs/ecs-taskset-assign-public-ip-disabled.yml
terrifying/policies/library/efs/efs-encrypted-check.rego
terrifying/policies/library/efs/efs-encrypted-check.yml
terrifying/policies/library/eks/eks-cluster-log-enabled.rego
terrifying/policies/library/eks/eks-cluster-log-enabled.yml
terrifying/policies/library/eks/eks-cluster-secrets-encrypted.rego
terrifying/policies/library/eks/eks-cluster-secrets-encrypted.yml
terrifying/policies/library/eks/eks-cluster-supported-version.rego
terrifying/policies/library/eks/eks-cluster-supported-version.yml
terrifying/policies/library/eks/eks-endpoint-no-public-access.rego
terrifying/policies/library/eks/eks-endpoint-no-public-access.yml
terrifying/policies/library/elasticache/elasticache-redis-auth-enabled.rego
terrifying/policies/library/elasticache/elasticache-redis-auth-enabled.yml
terrifying/policies/library/elasticache/elasticache-redis-cluster-automatic-backup-check.rego
terrifying/policies/library/elasticache/elasticache-redis-cluster-automatic-backup-check.yml
terrifying/policies/library/elasticache/elasticache-repl-grp-auto-failover-enabled.rego
terrifying/policies/library/elasticache/elasticache-repl-grp-auto-failover-enabled.yml
terrifying/policies/library/elasticache/elasticache-repl-grp-encrypted-at-rest.rego
terrifying/policies/library/elasticache/elasticache-repl-grp-encrypted-at-rest.yml
terrifying/policies/library/elasticache/elasticache-repl-grp-encrypted-in-transit.rego
terrifying/policies/library/elasticache/elasticache-repl-grp-encrypted-in-transit.yml
terrifying/policies/library/elasticache/elasticache-subnet-group-check.rego
terrifying/policies/library/elasticache/elasticache-subnet-group-check.yml
terrifying/policies/library/elasticbeanstalk/beanstalk-enhanced-health-reporting-enabled.rego
terrifying/policies/library/elasticbeanstalk/beanstalk-enhanced-health-reporting-enabled.yml
terrifying/policies/library/elasticbeanstalk/elastic-beanstalk-managed-updates-enabled.rego
terrifying/policies/library/elasticbeanstalk/elastic-beanstalk-managed-updates-enabled.yml
terrifying/policies/library/elasticsearch/elasticsearch-encrypted-at-rest.rego
terrifying/policies/library/elasticsearch/elasticsearch-encrypted-at-rest.yml
terrifying/policies/library/elasticsearch/elasticsearch-in-vpc-only.rego
terrifying/policies/library/elasticsearch/elasticsearch-in-vpc-only.yml
terrifying/policies/library/elasticsearch/elasticsearch-logs-to-cloudwatch.rego
terrifying/policies/library/elasticsearch/elasticsearch-logs-to-cloudwatch.yml
terrifying/policies/library/elasticsearch/elasticsearch-node-to-node-encryption-check.rego
terrifying/policies/library/elasticsearch/elasticsearch-node-to-node-encryption-check.yml
terrifying/policies/library/elasticsearch/opensearch-access-control-enabled.rego
terrifying/policies/library/elasticsearch/opensearch-access-control-enabled.yml
terrifying/policies/library/elasticsearch/opensearch-audit-logging-enabled.rego
terrifying/policies/library/elasticsearch/opensearch-audit-logging-enabled.yml
terrifying/policies/library/elasticsearch/opensearch-encrypted-at-rest.rego
terrifying/policies/library/elasticsearch/opensearch-encrypted-at-rest.yml
terrifying/policies/library/elasticsearch/opensearch-https-required.rego
terrifying/policies/library/elasticsearch/opensearch-https-required.yml
terrifying/policies/library/elasticsearch/opensearch-in-vpc-only.rego
terrifying/policies/library/elasticsearch/opensearch-in-vpc-only.yml
terrifying/policies/library/elasticsearch/opensearch-logs-to-cloudwatch.rego
terrifying/policies/library/elasticsearch/opensearch-logs-to-cloudwatch.yml
terrifying/policies/library/elasticsearch/opensearch-node-to-node-encryption-check.rego
terrifying/policies/library/elasticsearch/opensearch-node-to-node-encryption-check.yml
terrifying/policies/library/elb/alb-desync-mode-check.rego
terrifying/policies/library/elb/alb-desync-mode-check.yml
terrifying/policies/library/elb/alb-http-drop-invalid-header-enabled.rego
terrifying/policies/library/elb/alb-http-drop-invalid-header-enabled.yml
terrifying/policies/library/elb/alb-http-to-https-redirection-check.rego
terrifying/policies/library/elb/alb-http-to-https-redirection-check.yml
terrifying/policies/library/elb/alb-waf-enabled.rego
terrifying/policies/library/elb/alb-waf-enabled.yml
terrifying/policies/library/elb/elb-acm-certificate-required.rego
terrifying/policies/library/elb/elb-acm-certificate-required.yml
terrifying/policies/library/elb/elb-cross-zone-load-balancing-enabled.rego
terrifying/policies/library/elb/elb-cross-zone-load-balancing-enabled.yml
terrifying/policies/library/elb/elb-deletion-protection-enabled.rego
terrifying/policies/library/elb/elb-deletion-protection-enabled.yml
terrifying/policies/library/elb/elb-logging-enabled.rego
terrifying/policies/library/elb/elb-logging-enabled.yml
terrifying/policies/library/elb/elb-tls-https-listeners-only.rego
terrifying/policies/library/elb/elb-tls-https-listeners-only.yml
terrifying/policies/library/elb/elbv2-acm-certificate-required.rego
terrifying/policies/library/elb/elbv2-acm-certificate-required.yml
terrifying/policies/library/elb/elbv2-multiple-az.rego
terrifying/policies/library/elb/elbv2-multiple-az.yml
terrifying/policies/library/elb/elbv2-predefined-security-policy-ssl-check.rego
terrifying/policies/library/elb/elbv2-predefined-security-policy-ssl-check.yml
terrifying/policies/library/emr/emr-master-no-public-ip.rego
terrifying/policies/library/emr/emr-master-no-public-ip.yml
terrifying/policies/library/iam/iam-no-inline-policy-check.rego
terrifying/policies/library/iam/iam-no-inline-policy-check.yml
terrifying/policies/library/iam/iam-password-policy.rego
terrifying/policies/library/iam/iam-password-policy.yml
terrifying/policies/library/iam/iam-policy-no-statements-with-admin-access.rego
terrifying/policies/library/iam/iam-policy-no-statements-with-admin-access.yml
terrifying/policies/library/iam/iam-user-group-membership-check.rego
terrifying/policies/library/iam/iam-user-group-membership-check.yml
terrifying/policies/library/iam/iam-user-no-policies-check.rego
terrifying/policies/library/iam/iam-user-no-policies-check.yml
terrifying/policies/library/kinesis/kinesis-stream-encrypted.rego
terrifying/policies/library/kinesis/kinesis-stream-encrypted.yml
terrifying/policies/library/kinesis/kinesis-stream-retention-period-check.rego
terrifying/policies/library/kinesis/kinesis-stream-retention-period-check.yml
terrifying/policies/library/kms/cmk-backing-key-rotation-enabled.rego
terrifying/policies/library/kms/cmk-backing-key-rotation-enabled.yml
terrifying/policies/library/kms/iam-customer-policy-blocked-kms-actions.rego
terrifying/policies/library/kms/iam-customer-policy-blocked-kms-actions.yml
terrifying/policies/library/kms/iam-inline-policy-blocked-kms-actions.rego
terrifying/policies/library/kms/iam-inline-policy-blocked-kms-actions.yml
terrifying/policies/library/kms/kms-key-policy-no-public-access.rego
terrifying/policies/library/kms/kms-key-policy-no-public-access.yml
terrifying/policies/library/lambda/lambda-concurrency-check.rego
terrifying/policies/library/lambda/lambda-concurrency-check.yml
terrifying/policies/library/lambda/lambda-dlq-check.rego
terrifying/policies/library/lambda/lambda-dlq-check.yml
terrifying/policies/library/lambda/lambda-function-public-access-prohibited.rego
terrifying/policies/library/lambda/lambda-function-public-access-prohibited.yml
terrifying/policies/library/lambda/lambda-function-settings-check.rego
terrifying/policies/library/lambda/lambda-function-settings-check.yml
terrifying/policies/library/lambda/lambda-function-xray-enabled.rego
terrifying/policies/library/lambda/lambda-function-xray-enabled.yml
terrifying/policies/library/lambda/lambda-inside-vpc.rego
terrifying/policies/library/lambda/lambda-inside-vpc.yml
terrifying/policies/library/lambda/lambda-vpc-multi-az-check.rego
terrifying/policies/library/lambda/lambda-vpc-multi-az-check.yml
terrifying/policies/library/msk/msk-cluster-public-access-disabled.rego
terrifying/policies/library/msk/msk-cluster-public-access-disabled.yml
terrifying/policies/library/msk/msk-cluster-unauthenticated-access-disabled.rego
terrifying/policies/library/msk/msk-cluster-unauthenticated-access-disabled.yml
terrifying/policies/library/msk/msk-enhanced-monitoring-check.rego
terrifying/policies/library/msk/msk-enhanced-monitoring-check.yml
terrifying/policies/library/msk/msk-in-cluster-node-require-tls.rego
terrifying/policies/library/msk/msk-in-cluster-node-require-tls.yml
terrifying/policies/library/neptune/neptune-cluster-audit-log-enabled.rego
terrifying/policies/library/neptune/neptune-cluster-audit-log-enabled.yml
terrifying/policies/library/neptune/neptune-cluster-backup-retention-check.rego
terrifying/policies/library/neptune/neptune-cluster-backup-retention-check.yml
terrifying/policies/library/neptune/neptune-cluster-deletion-protection.rego
terrifying/policies/library/neptune/neptune-cluster-deletion-protection.yml
terrifying/policies/library/neptune/neptune-cluster-encrypted.rego
terrifying/policies/library/neptune/neptune-cluster-encrypted.yml
terrifying/policies/library/neptune/neptune-cluster-iam-auth-enabled.rego
terrifying/policies/library/neptune/neptune-cluster-iam-auth-enabled.yml
terrifying/policies/library/networkfirewall/netfw-logging-enabled.rego
terrifying/policies/library/networkfirewall/netfw-logging-enabled.yml
terrifying/policies/library/rds/db-instance-backup-enabled.rego
terrifying/policies/library/rds/db-instance-backup-enabled.yml
terrifying/policies/library/rds/rds-aurora-mysql-audit-logging-enabled.rego
terrifying/policies/library/rds/rds-aurora-mysql-audit-logging-enabled.yml
terrifying/policies/library/rds/rds-automatic-minor-version-upgrade-enabled.rego
terrifying/policies/library/rds/rds-automatic-minor-version-upgrade-enabled.yml
terrifying/policies/library/rds/rds-cluster-auto-minor-version-upgrade-enable.rego
terrifying/policies/library/rds/rds-cluster-auto-minor-version-upgrade-enable.yml
terrifying/policies/library/rds/rds-cluster-default-admin-check.rego
terrifying/policies/library/rds/rds-cluster-default-admin-check.yml
terrifying/policies/library/rds/rds-cluster-deletion-protection-enabled.rego
terrifying/policies/library/rds/rds-cluster-deletion-protection-enabled.yml
terrifying/policies/library/rds/rds-cluster-encrypted-at-rest.rego
terrifying/policies/library/rds/rds-cluster-encrypted-at-rest.yml
terrifying/policies/library/rds/rds-cluster-iam-authentication-enabled.rego
terrifying/policies/library/rds/rds-cluster-iam-authentication-enabled.yml
terrifying/policies/library/rds/rds-cluster-multi-az-enabled.rego
terrifying/policies/library/rds/rds-cluster-multi-az-enabled.yml
terrifying/policies/library/rds/rds-db-security-group-not-allowed.rego
terrifying/policies/library/rds/rds-db-security-group-not-allowed.yml
terrifying/policies/library/rds/rds-enhanced-monitoring-enabled.rego
terrifying/policies/library/rds/rds-enhanced-monitoring-enabled.yml
terrifying/policies/library/rds/rds-instance-default-admin-check.rego
terrifying/policies/library/rds/rds-instance-default-admin-check.yml
terrifying/policies/library/rds/rds-instance-deletion-protection-enabled.rego
terrifying/policies/library/rds/rds-instance-deletion-protection-enabled.yml
terrifying/policies/library/rds/rds-instance-iam-authentication-enabled.rego
terrifying/policies/library/rds/rds-instance-iam-authentication-enabled.yml
terrifying/policies/library/rds/rds-instance-public-access-check.rego
terrifying/policies/library/rds/rds-instance-public-access-check.yml
terrifying/policies/library/rds/rds-logging-enabled.rego
terrifying/policies/library/rds/rds-logging-enabled.yml
terrifying/policies/library/rds/rds-multi-az-support.rego
terrifying/policies/library/rds/rds-multi-az-support.yml
terrifying/policies/library/rds/rds-proxy-tls-encryption.rego
terrifying/policies/library/rds/rds-proxy-tls-encryption.yml
terrifying/policies/library/rds/rds-snapshot-encrypted.rego
terrifying/policies/library/rds/rds-snapshot-encrypted.yml
terrifying/policies/library/rds/rds-snapshots-public-prohibited.rego
terrifying/policies/library/rds/rds-snapshots-public-prohibited.yml
terrifying/policies/library/rds/rds-storage-encrypted.rego
terrifying/policies/library/rds/rds-storage-encrypted.yml
terrifying/policies/library/redshift/redshift-backup-enabled.rego
terrifying/policies/library/redshift/redshift-backup-enabled.yml
terrifying/policies/library/redshift/redshift-cluster-audit-logging-enabled.rego
terrifying/policies/library/redshift/redshift-cluster-audit-logging-enabled.yml
terrifying/policies/library/redshift/redshift-cluster-kms-enabled.rego
terrifying/policies/library/redshift/redshift-cluster-kms-enabled.yml
terrifying/policies/library/redshift/redshift-cluster-public-access-check.rego
terrifying/policies/library/redshift/redshift-cluster-public-access-check.yml
terrifying/policies/library/redshift/redshift-default-admin-check.rego
terrifying/policies/library/redshift/redshift-default-admin-check.yml
terrifying/policies/library/redshift/redshift-enhanced-vpc-routing-enabled.rego
terrifying/policies/library/redshift/redshift-enhanced-vpc-routing-enabled.yml
terrifying/policies/library/s3/s3-access-point-public-access-blocks.rego
terrifying/policies/library/s3/s3-bucket-acl-prohibited.rego
terrifying/policies/library/s3/s3-bucket-acl-prohibited.yml
terrifying/policies/library/s3/s3-bucket-blacklisted-actions-prohibited.rego
terrifying/policies/library/s3/s3-bucket-blacklisted-actions-prohibited.yml
terrifying/policies/library/s3/s3-bucket-cross-region-replication-enabled.rego
terrifying/policies/library/s3/s3-bucket-cross-region-replication-enabled.yml
terrifying/policies/library/s3/s3-bucket-default-lock-enabled.rego
terrifying/policies/library/s3/s3-bucket-default-lock-enabled.yml
terrifying/policies/library/s3/s3-bucket-level-public-access-prohibited.rego
terrifying/policies/library/s3/s3-bucket-level-public-access-prohibited.yml
terrifying/policies/library/s3/s3-bucket-logging-enabled.rego
terrifying/policies/library/s3/s3-bucket-logging-enabled.yml
terrifying/policies/library/s3/s3-bucket-mfa-delete-enabled.rego
terrifying/policies/library/s3/s3-bucket-mfa-delete-enabled.yml
terrifying/policies/library/s3/s3-bucket-public-read-prohibited.rego
terrifying/policies/library/s3/s3-bucket-public-read-prohibited.yml
terrifying/policies/library/s3/s3-bucket-public-write-prohibited.rego
terrifying/policies/library/s3/s3-bucket-public-write-prohibited.yml
terrifying/policies/library/s3/s3-bucket-server-side-encryption-enabled.rego
terrifying/policies/library/s3/s3-bucket-server-side-encryption-enabled.yml
terrifying/policies/library/s3/s3-bucket-ssl-requests-only.rego
terrifying/policies/library/s3/s3-bucket-ssl-requests-only.yml
terrifying/policies/library/s3/s3-bucket-versioning-enabled.rego
terrifying/policies/library/s3/s3-bucket-versioning-enabled.yml
terrifying/policies/library/s3/s3-default-encryption-kms.rego
terrifying/policies/library/s3/s3-default-encryption-kms.yml
terrifying/policies/library/s3/s3-event-notifications-enabled.rego
terrifying/policies/library/s3/s3-event-notifications-enabled.yml
terrifying/policies/library/s3/s3-lifecycle-policy-check.rego
terrifying/policies/library/s3/s3-lifecycle-policy-check.yml
terrifying/policies/library/sagemaker/sagemaker-notebook-instance-inside-vpc.rego
terrifying/policies/library/sagemaker/sagemaker-notebook-instance-inside-vpc.yml
terrifying/policies/library/sagemaker/sagemaker-notebook-instance-root-access-check.rego
terrifying/policies/library/sagemaker/sagemaker-notebook-instance-root-access-check.yml
terrifying/policies/library/sagemaker/sagemaker-notebook-no-direct-internet-access.rego
terrifying/policies/library/sagemaker/sagemaker-notebook-no-direct-internet-access.yml
terrifying/policies/library/secretsmanager/secretsmanager-rotation-enabled-check.rego
terrifying/policies/library/secretsmanager/secretsmanager-rotation-enabled-check.yml
terrifying/policies/library/secretsmanager/secretsmanager-using-cmk.rego
terrifying/policies/library/secretsmanager/secretsmanager-using-cmk.yml
terrifying/policies/library/sns/sns-encrypted-kms.rego
terrifying/policies/library/sns/sns-encrypted-kms.yml
terrifying/policies/library/sns/sns-topic-public-access-prohibited.rego
terrifying/policies/library/sns/sns-topic-public-access-prohibited.yml
terrifying/policies/library/sqs/sqs-queue-encrypted.rego
terrifying/policies/library/sqs/sqs-queue-encrypted.yml
terrifying/policies/library/sqs/sqs-queue-public-access-prohibited.rego
terrifying/policies/library/sqs/sqs-queue-public-access-prohibited.yml
terrifying/policies/library/ssm/ssm-document-not-public.rego
terrifying/policies/library/ssm/ssm-document-not-public.yml
terrifying/policies/library/waf/wafv2-logging-enabled.rego
terrifying/policies/library/waf/wafv2-logging-enabled.yml
terrifying/policies/library/waf/wafv2-webacl-not-empty.rego
terrifying/policies/library/waf/wafv2-webacl-not-empty.yml
terrifying/rules/__init__.py
terrifying/rules/best_practices/__init__.py
terrifying/rules/best_practices/no_hardcoded_values.py
terrifying/rules/best_practices/outputs_have_descriptions.py
terrifying/rules/best_practices/required_tags.py
terrifying/rules/best_practices/variables_have_descriptions.py
terrifying/rules/structural/__init__.py
terrifying/rules/structural/max_lines_per_file.py
terrifying/rules/structural/max_resources_per_file.py
terrifying/rules/structural/resource_file_naming.py