On November 7, 2022, Aqua will release and activate the following new plugins. They can be tested ahead of time using the "Live Run" tool and optionally suppressed if required. If you have selected the "Suppress All New Plugins" option from the "Account Settings" page, then no action is required, and they will be pre-suppressed in your account prior to release.

Hot Fixes/Enhancements:

AWS

DocumentDB Cluster Encrypted

Fixed Bug where it was showing false positive alerts reporting on RDS resources. 

DocumentDB Cluster Backup Retention

Fixed Bug where it was showing false positive alerts reporting on RDS resources. 

EKS Kubernetes Version

Modified plugin implementation to reflect deprecated versions.

EKS Latest Platform Version

Modified plugin implementation to reflect the latest EKS Kubernetes versions.

Lambda Old Runtimes

Modified plugin implementation to reflect deprecated versions.

IAM Master Manager Role

Added settings to allow whitelisting roles with defined tag and its value.

IAM Role Last Used

Added settings to allow whitelisting roles with defined tag and its value.

IAM Role Policies

Added settings to allow whitelisting roles with defined tag and its value.

Role Policy Unused Services

Added settings to allow whitelisting roles with defined tag and its value.

SSH Keys Rotated

Fixed Bug where it was showing false positive alerts reporting users that do not utilise SSH keys.

Azure

Key Vault In Use

Made a small modification in plugin logic to only produce UNKNOWN result when both 'getKeys' and 'getSecrets' API calls are failing.


Regions:

AWS

Added support for following new region

meCentral1
Google

Added support for following regions

us-east5, us-south1, europe-west8, europe-southwest1, europe-west9, me-west1


New Plugins:

AWS

Network ACL has Tags

Ensure that Amazon Network ACLs have tags associated.

ELBv2 Has Tags

Ensure that ELBv2 load balancers have tags associated.

ELB Has Tags

Ensure that ELBs have tags associated.

EBS Volume has Tags

Ensure that EBS Volumes have tags associated.

CloudTrail Has Tags

Ensure that AWS CloudTrail trails have tags associated.

Cognito User Pool WAF Enabled

Ensure that all Cognito User Pool has WAF enabled.

Cognito User Pool MFA Enabled

Ensure that all Cognito User Pool has MFA enabled.

EBS Snapshot Has Tags

Ensure that EBS snapshots have tags associated.

DynamoDB Table Has Tags

Ensure that DynamoDB tables have tags associated.

ACM Certificate Has Tags

Ensure that ACM Certificates have tags associated.

AMI Has Tags

Ensure that AMIs have tags associated.

Google

BigTable Instance Labels Added

Ensure that all BigTable instances have labels added.

Hadoop Secure Mode Enabled

Ensure that all Dataproc clusters have hadoop secure mode enabled.

Dataproc Cluster Encryption

Ensure that all Dataproc clusters have encryption enabled using desired protection level.

Dataproc Cluster Labels Added

Ensure that all Dataproc clusters have labels added.