vmware-samples · mzkhan · Oct 22, 2020 · Aug 26, 2020 · Sep 1, 2020 · Sep 11, 2020
diff --git a/README.md b/README.md
@@ -43,13 +43,8 @@ The worker executes jobs in a fashion similar to running `python ./s3-remove-pub
 The finding payload is in the form:
 ```$json
 {
-  "cloudAccount": {
-    "provider": <string>,
-    "roleArn": <string,omitempty>,
-    "subscriptionId": <string,omitempty>,
-    "applicationId": <string,omitempty>
-  },
   "notificationInfo": {
+    "CloudAccountID" : <string>,
     "RuleID": <string>,
     "RuleName": <string>,
     "RuleDisplayName": <string>,

diff --git a/remediation_worker/jobs/ec2_close_port_22/README.md b/remediation_worker/jobs/ec2_close_port_22/README.md
@@ -2,6 +2,14 @@
 
 This job blocks public access to port 22 for both IPv4 and IPv6 for all security groups associated with an EC2 instance.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c26417a550e1fb6560c3f
+
+##### Rule Name:
+An EC2 instance's SSH port (22) is accessible from the public Internet for any source address
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/ec2_close_port_3389/README.md b/remediation_worker/jobs/ec2_close_port_3389/README.md
@@ -2,6 +2,14 @@
 
 This job blocks public access to port 3389 for both IPv4 and IPv6 for all security groups associated with an EC2 instance.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c26437a550e1fb6560c42
+
+##### Rule Name:
+An EC2 instance's Remote Desktop port (3389) is accessible from the public Internet for any source address
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/rds_backup_retention_30_days/README.md b/remediation_worker/jobs/rds_backup_retention_30_days/README.md
@@ -4,6 +4,14 @@ This job makes the RDS backup retention period 30 days.
 It first tries to modify the retention period of the DB instance.
 If that fails, it will try to set the retention period of the DB cluster that the instance belongs to.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c264a7a550e1fb6560c4d
+
+##### Rule Name:
+The RDS backup retention period is less than 30 days
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/s3_enable_access_logging/README.md b/remediation_worker/jobs/s3_enable_access_logging/README.md
@@ -2,6 +2,14 @@
 
 This job enables access logging for an S3 bucket.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c265e7a550e1fb6560c67
+
+##### Rule Name:
+S3 access logging is not enabled
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/s3_enable_default_encryption/README.md b/remediation_worker/jobs/s3_enable_default_encryption/README.md
@@ -2,6 +2,14 @@
 
 This job enables default encryption for an S3 bucket using AES256.
 
+### Applicable Rule
+
+##### Rule ID:
+1d187035-9fff-48b2-a7c3-ffc56a4da5e6
+
+##### Rule Name:
+An S3 bucket default encryption is not enabled
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/s3_remove_public_access/README.md b/remediation_worker/jobs/s3_remove_public_access/README.md
@@ -2,6 +2,24 @@
 
 This job blocks public access to an S3 bucket.
 
+### Applicable Rule
+
+##### Rule ID:
+* 5c8c26507a550e1fb6560c57
+* 5c8c26517a550e1fb6560c59
+* 5c8c26537a550e1fb6560c5a
+* 5c8c26537a550e1fb6560c5b
+* 5c8c26547a550e1fb6560c5c
+* 5c8c26637a550e1fb6560c6b
+
+##### Rule Name:
+* An S3 bucket is configured so that all users have unrestricted permissions
+* Read access to an S3 bucket is unrestricted
+* An S3 bucket is configured to allow all users to read permissions
+* Write access to an S3 bucket is unrestricted
+* An S3 bucket is configured to allow unrestricted access control changes
+* The S3 bucket policy allows unrestricted get access
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/s3_remove_public_admin_acl/README.md b/remediation_worker/jobs/s3_remove_public_admin_acl/README.md
@@ -2,6 +2,14 @@
 
 This job will remove the public "write bucket permissions" permission. All other ACL permissions will be left alone. This means that if "AllUsers" have access to FULL_CONTROL, the permissions will be changed to allow "READ", "WRITE", and "READ_ACP" rather than "FULL_CONTROL" which includes "WRITE_ACP".
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c26617a550e1fb6560c69
+
+##### Rule Name:
+The S3 bucket policy allows unrestricted access
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/security_group_close_port_22/README.md b/remediation_worker/jobs/security_group_close_port_22/README.md
@@ -2,6 +2,14 @@
 
 This job blocks public access to port 22 for both IPv4 and IPv6.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c25ec7a550e1fb6560bbe
+
+##### Rule Name:
+A security group's SSH port (22) is accessible through any source address
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/security_group_close_port_3389/README.md b/remediation_worker/jobs/security_group_close_port_3389/README.md
@@ -2,6 +2,14 @@
 
 This job blocks public access to port 3389 for both IPv4 and IPv6.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c25ef7a550e1fb6560bc4
+
+##### Rule Name:
+A security group's Remote Desktop port (3389) is accessible through any source address
+
 ## Getting Started
 
 ### Prerequisites

diff --git a/remediation_worker/jobs/security_group_close_port_5432/README.md b/remediation_worker/jobs/security_group_close_port_5432/README.md
@@ -2,6 +2,14 @@
 
 This job blocks public access to port 5432 for both IPv4 and IPv6.
 
+### Applicable Rule
+
+##### Rule ID:
+5c8c25f07a550e1fb6560bc6
+
+##### Rule Name:
+A security group's PostgreSQL Server port (5432) is accessible through any source address
+
 ## Getting Started
 
 ### Prerequisites