Merge pull request #129 from cloudgraphdev/fix/CG-1330-aws-cis-140-38

fix(CG-1330): AWS CIS 1.4.0 rule 3.8 fix

Author: tyler-dunkel

src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.8.ts

@@ -12,7 +12,7 @@ export default {
   audit: `Via the Management Console:
 
   1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam.
-  2. In the left navigation pane, choose E*ncryption Keys*.
+  2. In the left navigation pane, choose *Encryption Keys*.
   3. Select a customer created master key (CMK)
   4. Under the *Key Policy* section, move down to *Key Rotation*.
   5. Ensure the *Rotate this key every year* checkbox is checked.
@@ -52,7 +52,7 @@ export default {
       id
       arn
       accountId
-       __typename
+      __typename
       keyManager
       keyRotationEnabled
     }
@@ -62,16 +62,8 @@ export default {
   conditions: {
     or: [
       {
-        and: [
-          {
-            path: '@.keyManager',
-            equal: 'AWS',
-          },
-          {
-            path: '@.keyRotationEnabled',
-            equal: true,
-          },
-        ],
+        path: '@.keyManager',
+        equal: 'AWS',
       },
       {
         and: [

src/aws/cis-1.4.0/tests/aws-cis-1.4.0-3.x.test.ts

@@ -551,9 +551,9 @@ describe('CIS Amazon Web Services Foundations: 1.4.0', () => {
       await testRule(data, Result.FAIL)
     })
 
-    test('Security Issue when rotation is disabled with AWS as a manager', async () => {
+    test('No Security Issue when rotation is disabled with AWS as a manager', async () => {
       const data: CIS3xQueryResponse = getTestRuleFixture('AWS', false)
-      await testRule(data, Result.FAIL)
+      await testRule(data, Result.PASS)
     })
   })