feat(terraform): AWS SageMaker notebook instance KMS Key (#6374)

* Adding aws_sagemaker_notebook_instance to CKV_AWS_187 * Adding "AWS::SageMaker::NotebookInstance" to CKV_AWS_198 * cfn fix * UT fix * CR * cfn lint * cfn lint * cfn lint
bridgecrewio · May 31, 2024 · 7602086 · 7602086
1 parent 130ff95
commit 7602086
Show file tree

Hide file tree

Showing 6 changed files with 5,095 additions and 5,081 deletions.
diff --git a/docs/5.Policy Index/all.md b/docs/5.Policy Index/all.md
diff --git a/docs/5.Policy Index/arm.md b/docs/5.Policy Index/arm.md
@@ -122,9 +122,10 @@ nav_order: 1
 | 111 | CKV_AZURE_216 | resource  | Microsoft.Network/azureFirewalls                                             | Ensure DenyIntelMode is set to Deny for Azure Firewalls                                                      | arm   | [AzureFirewallDenyThreatIntelMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFirewallDenyThreatIntelMode.py)                                                     |
 | 112 | CKV_AZURE_218 | resource  | Microsoft.Network/applicationGateways                                        | Ensure Application Gateway defines secure protocols for in transit communication                             | arm   | [AppGWDefinesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGWDefinesSecureProtocols.py)                                                               |
 | 113 | CKV_AZURE_236 | resource  | Microsoft.CognitiveServices/accounts                                         | Ensure that Cognitive Services accounts enable local authentication                                          | arm   | [CognitiveServicesEnableLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesEnableLocalAuth.py)                                                     |
-| 114 | CKV2_AZURE_23 | resource  | Microsoft.AppPlatform/Spring                                                 | Ensure Azure spring cloud is configured with Virtual network (Vnet)                                          | arm   | [AzureSpringCloudConfigWithVnet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/AzureSpringCloudConfigWithVnet.yaml)                                                 |
-| 115 | CKV2_AZURE_27 | resource  | Microsoft.Sql/servers                                                        | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)                                              | arm   | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py)                                                                               |
-| 116 | CKV2_AZURE_48 | resource  | Microsoft.Databricks/workspaces                                              | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption                      | arm   | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) |
+| 114 | CKV_AZURE_238 | resource  | Microsoft.CognitiveServices/accounts                                         | Ensure that Cognitive Services account is not configured with managed identity                               | arm   | [CognitiveServicesConfigureIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesConfigureIdentity.py)                                                 |
+| 115 | CKV2_AZURE_23 | resource  | Microsoft.AppPlatform/Spring                                                 | Ensure Azure spring cloud is configured with Virtual network (Vnet)                                          | arm   | [AzureSpringCloudConfigWithVnet.yaml](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/graph_checks/AzureSpringCloudConfigWithVnet.yaml)                                                 |
+| 116 | CKV2_AZURE_27 | resource  | Microsoft.Sql/servers                                                        | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)                                              | arm   | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py)                                                                               |
+| 117 | CKV2_AZURE_48 | resource  | Microsoft.Databricks/workspaces                                              | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption                      | arm   | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) |
 
 
 ---

diff --git a/docs/5.Policy Index/bicep.md b/docs/5.Policy Index/bicep.md
@@ -125,8 +125,9 @@ nav_order: 1
 | 114 | CKV_AZURE_216 | resource  | Microsoft.Network/azureFirewalls                                             | Ensure DenyIntelMode is set to Deny for Azure Firewalls                                                      | Bicep | [AzureFirewallDenyThreatIntelMode.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AzureFirewallDenyThreatIntelMode.py)                                                     |
 | 115 | CKV_AZURE_218 | resource  | Microsoft.Network/applicationGateways                                        | Ensure Application Gateway defines secure protocols for in transit communication                             | Bicep | [AppGWDefinesSecureProtocols.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/AppGWDefinesSecureProtocols.py)                                                               |
 | 116 | CKV_AZURE_236 | resource  | Microsoft.CognitiveServices/accounts                                         | Ensure that Cognitive Services accounts enable local authentication                                          | Bicep | [CognitiveServicesEnableLocalAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesEnableLocalAuth.py)                                                     |
-| 117 | CKV2_AZURE_27 | resource  | Microsoft.Sql/servers                                                        | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)                                              | Bicep | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py)                                                                               |
-| 118 | CKV2_AZURE_48 | resource  | Microsoft.Databricks/workspaces                                              | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption                      | Bicep | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) |
+| 117 | CKV_AZURE_238 | resource  | Microsoft.CognitiveServices/accounts                                         | Ensure that Cognitive Services account is not configured with managed identity                               | Bicep | [CognitiveServicesConfigureIdentity.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/CognitiveServicesConfigureIdentity.py)                                                 |
+| 118 | CKV2_AZURE_27 | resource  | Microsoft.Sql/servers                                                        | Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)                                              | Bicep | [SQLServerUsesADAuth.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/SQLServerUsesADAuth.py)                                                                               |
+| 119 | CKV2_AZURE_48 | resource  | Microsoft.Databricks/workspaces                                              | Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption                      | Bicep | [DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py](https://github.com/bridgecrewio/checkov/blob/main/checkov/arm/checks/resource/DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py) |
 
 
 ---