On September 9th, 2021, Aqua will release and activate the following new plugins. They can be tested ahead of time using the "Live Run" tool and optionally suppressed if required. If you have selected the "Suppress All New Plugins" option from the "Account Settings" page, then no action is required and they will be pre-suppressed in your account prior to release.
All S3 Plugins
Modified all S3 plugins to display actual region name instead of displaying ‘global’ region for S3 buckets
SNS Topic Policies
Added a new setting ‘sns_topic_policy_condition_keys’ which allows you to pass desired IAM condition keys such as aws:PrincipalArn, aws:PrincipalAccount that should be allowed for an IAM policy statement.
KMS Key Rotation
Modified plugin logic to check AWS owner to AWS-managed keys instead of their description in order to skip them
All EC2 Open Port plugins
Add a new setting ‘ec2_skip_unused_groups’ which allows you to skip checking open ports for EC2 security groups which are not in use.
Trusted Cross Account Roles
Added a new setting ‘whitelisted_aws_account_principals_regex’ which allows you to provide a regular expression to whitelist AWS cross-account principals. If this is provided, the plugin will compare cross account principals against this regex.
VPC Endpoint Exposed
Modified plugin logic to PASS VPC endpoints which are behind a private subnet.