runbooks 0.2.5__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks/cfat/assessment/validators.py

@@ -0,0 +1,290 @@
+"""
+Compliance Rule Validators for Cloud Foundations Assessment.
+
+This module provides validation logic for different compliance frameworks
+and security standards including:
+
+- Security validation rules
+- Compliance framework validation (SOC2, PCI-DSS, HIPAA)
+- Operational best practices validation
+- Custom validation rule support
+
+Each validator implements specific validation logic and generates
+assessment results with appropriate severity levels and remediation
+guidance.
+"""
+
+from abc import ABC, abstractmethod
+from datetime import datetime
+from typing import Any, Dict, List, Optional
+
+from loguru import logger
+
+from runbooks.cfat.models import (
+    AssessmentResult,
+    CheckStatus,
+    Severity,
+)
+
+
+class BaseValidator(ABC):
+    """Base class for compliance validators."""
+
+    def __init__(self, name: str, category: str, severity: Severity = Severity.WARNING):
+        """
+        Initialize validator.
+
+        Args:
+            name: Validator name
+            category: Assessment category
+            severity: Default severity level
+        """
+        self.name = name
+        self.category = category
+        self.severity = severity
+
+    @abstractmethod
+    def validate(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """
+        Validate resource data against compliance rules.
+
+        Args:
+            resource_data: AWS resource data to validate
+
+        Returns:
+            Assessment result with validation outcome
+        """
+        pass
+
+    def _create_result(
+        self,
+        status: CheckStatus,
+        message: str,
+        finding_id: Optional[str] = None,
+        resource_arn: Optional[str] = None,
+        recommendations: Optional[List[str]] = None,
+        execution_time: float = 0.0,
+    ) -> AssessmentResult:
+        """
+        Create standardized assessment result.
+
+        Args:
+            status: Check status
+            message: Human-readable message
+            finding_id: Unique finding identifier
+            resource_arn: AWS resource ARN
+            recommendations: Remediation recommendations
+            execution_time: Validation execution time
+
+        Returns:
+            Formatted assessment result
+        """
+        return AssessmentResult(
+            finding_id=finding_id or f"{self.category.upper()}-{self.name.upper()}",
+            check_name=self.name,
+            check_category=self.category,
+            status=status,
+            severity=self.severity,
+            message=message,
+            resource_arn=resource_arn,
+            recommendations=recommendations or [],
+            execution_time=execution_time,
+            timestamp=datetime.utcnow(),
+        )
+
+
+class SecurityValidator(BaseValidator):
+    """Security-focused validation rules."""
+
+    def __init__(self):
+        """Initialize security validator."""
+        super().__init__("security_validator", "security", Severity.CRITICAL)
+
+    def validate(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """
+        Validate security configuration.
+
+        Args:
+            resource_data: Resource data to validate
+
+        Returns:
+            Security validation result
+        """
+        logger.debug(f"Running security validation: {self.name}")
+
+        # Example security validation logic
+        # TODO: Implement actual security validation rules
+
+        if self._check_root_mfa(resource_data):
+            return self._create_result(
+                status=CheckStatus.PASS,
+                message="Root account MFA is properly configured",
+                recommendations=["Continue monitoring root account access"],
+            )
+        else:
+            return self._create_result(
+                status=CheckStatus.FAIL,
+                message="Root account MFA is not enabled",
+                recommendations=[
+                    "Enable MFA for the root account immediately",
+                    "Use hardware MFA device for enhanced security",
+                    "Restrict root account usage to emergency situations only",
+                ],
+            )
+
+    def _check_root_mfa(self, resource_data: Dict[str, Any]) -> bool:
+        """Check if root account MFA is enabled."""
+        # Placeholder implementation
+        iam_data = resource_data.get("iam", {})
+        return iam_data.get("root_account_mfa", False)
+
+
+class ComplianceValidator(BaseValidator):
+    """Compliance framework validation rules."""
+
+    def __init__(self, framework: str = "SOC2"):
+        """
+        Initialize compliance validator.
+
+        Args:
+            framework: Target compliance framework
+        """
+        super().__init__(f"compliance_{framework.lower()}", "compliance", Severity.WARNING)
+        self.framework = framework
+
+    def validate(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """
+        Validate compliance requirements.
+
+        Args:
+            resource_data: Resource data to validate
+
+        Returns:
+            Compliance validation result
+        """
+        logger.debug(f"Running {self.framework} compliance validation")
+
+        # Framework-specific validation logic
+        if self.framework.upper() == "SOC2":
+            return self._validate_soc2(resource_data)
+        elif self.framework.upper() == "PCI-DSS":
+            return self._validate_pci_dss(resource_data)
+        elif self.framework.upper() == "HIPAA":
+            return self._validate_hipaa(resource_data)
+        else:
+            return self._create_result(
+                status=CheckStatus.SKIP, message=f"Unknown compliance framework: {self.framework}"
+            )
+
+    def _validate_soc2(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """Validate SOC2 compliance requirements."""
+        # Placeholder SOC2 validation
+        cloudtrail_data = resource_data.get("cloudtrail", {})
+        trails = cloudtrail_data.get("trails", [])
+
+        if trails:
+            return self._create_result(
+                status=CheckStatus.PASS,
+                message="SOC2: CloudTrail logging is enabled for audit trail",
+                recommendations=["Ensure CloudTrail logs are protected and monitored"],
+            )
+        else:
+            return self._create_result(
+                status=CheckStatus.FAIL,
+                message="SOC2: CloudTrail logging is not enabled",
+                recommendations=[
+                    "Enable CloudTrail in all regions",
+                    "Configure log file validation",
+                    "Set up CloudTrail log monitoring and alerting",
+                ],
+            )
+
+    def _validate_pci_dss(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """Validate PCI-DSS compliance requirements."""
+        # Placeholder PCI-DSS validation
+        return self._create_result(status=CheckStatus.SKIP, message="PCI-DSS validation not yet implemented")
+
+    def _validate_hipaa(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """Validate HIPAA compliance requirements."""
+        # Placeholder HIPAA validation
+        return self._create_result(status=CheckStatus.SKIP, message="HIPAA validation not yet implemented")
+
+
+class OperationalValidator(BaseValidator):
+    """Operational best practices validation."""
+
+    def __init__(self):
+        """Initialize operational validator."""
+        super().__init__("operational_validator", "operational", Severity.INFO)
+
+    def validate(self, resource_data: Dict[str, Any]) -> AssessmentResult:
+        """
+        Validate operational best practices.
+
+        Args:
+            resource_data: Resource data to validate
+
+        Returns:
+            Operational validation result
+        """
+        logger.debug("Running operational best practices validation")
+
+        # Example operational validation
+        # TODO: Implement actual operational validation rules
+
+        config_data = resource_data.get("config", {})
+        recorders = config_data.get("configuration_recorders", [])
+
+        if recorders:
+            return self._create_result(
+                status=CheckStatus.PASS,
+                message="AWS Config is enabled for configuration tracking",
+                recommendations=["Ensure Config rules are defined for compliance monitoring"],
+            )
+        else:
+            return self._create_result(
+                status=CheckStatus.FAIL,
+                message="AWS Config is not enabled",
+                severity=Severity.WARNING,
+                recommendations=[
+                    "Enable AWS Config to track configuration changes",
+                    "Configure Config rules for automated compliance checking",
+                    "Set up Config remediation for automatic fixes",
+                ],
+            )
+
+
+# Validation rule registry
+VALIDATION_RULES = {
+    "security": SecurityValidator,
+    "compliance_soc2": lambda: ComplianceValidator("SOC2"),
+    "compliance_pci_dss": lambda: ComplianceValidator("PCI-DSS"),
+    "compliance_hipaa": lambda: ComplianceValidator("HIPAA"),
+    "operational": OperationalValidator,
+}
+
+
+def get_validator(rule_name: str) -> Optional[BaseValidator]:
+    """
+    Get validator instance by rule name.
+
+    Args:
+        rule_name: Name of the validation rule
+
+    Returns:
+        Validator instance or None if not found
+    """
+    validator_class = VALIDATION_RULES.get(rule_name)
+    if validator_class:
+        return validator_class()
+    return None
+
+
+def list_available_validators() -> List[str]:
+    """
+    Get list of available validation rules.
+
+    Returns:
+        List of available validator names
+    """
+    return list(VALIDATION_RULES.keys())

runbooks/cfat/cli.py

@@ -0,0 +1,103 @@
+"""
+Direct CLI interface for Cloud Foundations Assessment Tool (CFAT).
+
+This module provides a standalone CLI entry point for CFAT that can be
+accessed directly via 'cfat' or 'runbooks-cfat' commands.
+
+This provides a focused interface for users who primarily use CFAT
+and want direct access without the broader runbooks CLI structure.
+"""
+
+import sys
+
+import click
+from loguru import logger
+
+from runbooks.cfat import __version__ as cfat_version
+from runbooks.main import assess as main_assess
+
+
+@click.group(invoke_without_command=True)
+@click.version_option(version=cfat_version)
+@click.option("--debug", is_flag=True, help="Enable debug logging")
+@click.option("--profile", default="default", help="AWS profile to use")
+@click.option("--region", help="AWS region (overrides profile region)")
+@click.pass_context
+def main(ctx, debug, profile, region):
+    """
+    Cloud Foundations Assessment Tool (CFAT) - Direct CLI Access.
+
+    Enterprise-grade AWS Cloud Foundations assessment with comprehensive
+    reporting, parallel execution, and compliance framework alignment.
+
+    This tool evaluates AWS accounts against Cloud Foundations best practices
+    and generates actionable findings with remediation guidance.
+
+    Examples:
+        cfat assess --output html --severity CRITICAL
+        cfat assess --compliance-framework SOC2 --export-jira findings.csv
+        cfat assess --serve-web --web-port 8080
+
+    For full documentation: https://cloudops.oceansoft.io/runbooks/cfat/
+    """
+    # Initialize context for subcommands
+    ctx.ensure_object(dict)
+    ctx.obj["debug"] = debug
+    ctx.obj["profile"] = profile
+    ctx.obj["region"] = region
+
+    # Setup logging
+    if debug:
+        logger.remove()
+        logger.add(sys.stderr, level="DEBUG")
+
+    # Show help if no command provided
+    if ctx.invoked_subcommand is None:
+        click.echo(ctx.get_help())
+
+
+# Import and register the assess command from main CLI
+# This reuses the enhanced assess command with all its features
+main.add_command(main_assess, name="assess")
+
+
+@main.command()
+@click.pass_context
+def version(ctx):
+    """Show CFAT version information."""
+    click.echo(f"Cloud Foundations Assessment Tool (CFAT) version {cfat_version}")
+    click.echo("Part of CloudOps Runbooks - Enterprise CloudOps Automation")
+    click.echo("Documentation: https://cloudops.oceansoft.io/runbooks/cfat/")
+
+
+@main.command()
+@click.pass_context
+def status(ctx):
+    """Show CFAT status and configuration."""
+    click.echo("🔍 Cloud Foundations Assessment Tool Status")
+    click.echo(f"Version: {cfat_version}")
+    click.echo(f"Profile: {ctx.obj['profile']}")
+    click.echo(f"Region: {ctx.obj['region'] or 'Default from profile'}")
+    click.echo(f"Debug: {ctx.obj['debug']}")
+
+    # Show available assessment categories
+    click.echo("\n📋 Available Assessment Categories:")
+    categories = ["iam", "vpc", "ec2", "cloudtrail", "config", "organizations", "cloudformation"]
+    for category in categories:
+        click.echo(f"  • {category}")
+
+    # Show available output formats
+    click.echo("\n📄 Available Output Formats:")
+    formats = ["console", "html", "csv", "json", "markdown", "all"]
+    for fmt in formats:
+        click.echo(f"  • {fmt}")
+
+    # Show available exporters
+    click.echo("\n🔗 Available Export Integrations:")
+    exporters = ["jira", "asana", "servicenow"]
+    for exporter in exporters:
+        click.echo(f"  • {exporter}")
+
+
+if __name__ == "__main__":
+    main()

runbooks/cfat/docs/asana-import.csv

@@ -0,0 +1,24 @@
+"Task", "Description", "Status"  
+"cfat - Delete VPC in ap-south-1", "Delete any unnecessary VPC in ap-south-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in eu-north-1", "Delete any unnecessary VPC in eu-north-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in eu-west-3", "Delete any unnecessary VPC in eu-west-3 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in eu-west-2", "Delete any unnecessary VPC in eu-west-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in eu-west-1", "Delete any unnecessary VPC in eu-west-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ap-northeast-3", "Delete any unnecessary VPC in ap-northeast-3 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ap-northeast-2", "Delete any unnecessary VPC in ap-northeast-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ap-northeast-1", "Delete any unnecessary VPC in ap-northeast-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ca-central-1", "Delete any unnecessary VPC in ca-central-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in sa-east-1", "Delete any unnecessary VPC in sa-east-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ap-southeast-1", "Delete any unnecessary VPC in ap-southeast-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in ap-southeast-2", "Delete any unnecessary VPC in ap-southeast-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in eu-central-1", "Delete any unnecessary VPC in eu-central-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in us-east-1", "Delete any unnecessary VPC in us-east-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in us-east-2", "Delete any unnecessary VPC in us-east-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in us-west-1", "Delete any unnecessary VPC in us-west-1 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Delete VPC in us-west-2", "Delete any unnecessary VPC in us-west-2 to include the default VPC. - Remediation Link: https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md", "Not Started" 
+"cfat - Setup legacy CUR", "Setup legacy CUR in AWS Organization - Remediation Link: https://docs.aws.amazon.com/cur/latest/userguide/dataexports-create-legacy.html", "Not Started" 
+"cfat - Review account email addresses", "Review Account Email Addresses in AWS Organization - Remediation Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-best-practices.html#ru-bp-group", "Not Started" 
+"cfat - Delegate administration of AWS Config", "Delegate administration to AWS Config - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html", "Not Started" 
+"cfat - Delegate administration of AWS Account management", "Delegate administration to AWS Account contact management - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-account.html#integrate-enable-da-account", "Not Started" 
+"cfat - Enable AWS Backup", "Enable AWS Backup in AWS Organization - Remediation Link: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-backup.html#integrate-enable-ta-backup", "Not Started" 
+"cfat - Delegate administration of AWS Backup", "Delegate administration to AWS Backup - Remediation Link: https://docs.aws.amazon.com/aws-backup/latest/devguide/manage-cross-account.html#backup-delegatedadmin", "Not Started" 

runbooks/cfat/docs/cfat-checks.csv

@@ -0,0 +1,31 @@
+check,description,status,required,weight,loe,remediationLink
+"AWS Organization created","AWS Organization is enabled.","complete",true,6,1,"https://aws.amazon.com/organizations/getting-started/"
+"Management Account created","AWS Management account exists.","complete",true,6,1,"https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html"
+"Management Account IAM users removed","IAM Users should not exist in Management Account.","complete",false,4,1,"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting"
+"Management Account EC2 instances removed","EC2 Instances should not exist in Management Account.","incomplete",false,4,1,"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html"
+"Management Account VPCs removed","Management Account should not have any VPCs.","incomplete",false,4,1,"https://github.com/cloud-foundations-on-aws/cloud-foundations-templates/blob/main/network/network-default-vpc-deletion/README.md"
+"CloudTrail Trail created","CloudTrail should be enabled within the account.","complete",true,6,3,"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html"
+"CloudTrail Organization Service enabled","CloudTrail should be enabled on the Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudtrail.html"
+"CloudTrail Org Trail deployed","At least one CloudTrail Organization Trail should be enabled.","complete",true,6,1,"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html"
+"Config Recorder in Management Account configured","Config Recorder in the Management Account should be enabled.","incomplete",true,6,2,"https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/"
+"Config Delivery Channel in Management Account configured","Config Delivery Channel in Management Account should be enabled.","incomplete",true,6,2,"https://aws.amazon.com/blogs/mt/managing-aws-organizations-accounts-using-aws-config-and-aws-cloudformation-stacksets/"
+"CloudFormation StackSets activated","CloudFormation StackSets should be activated in the CloudFormation console.","incomplete",false,5,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html#integrate-enable-ta-cloudformation"
+"GuardDuty Organization service enabled","GuardDuty Organization services should be enabled.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-guardduty.html#integrate-enable-ta-guardduty"
+"RAM Organization service enabled","Resource Access Manager (RAM) trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ram.html#integrate-enable-ta-ram"
+"Security Hub Organization service enabled","Security Hub trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-securityhub.html#integrate-enable-ta-securityhub"
+"IAM Access Analyzer Organization service enabled","IAM Access Analyzer trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling"
+"Config Organization service enabled","AWS Config trusted access should be enabled in the AWS Organization.","complete",false,4,1,"https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-enable-ta-config"
+"CloudFormation Organization service enabled","CloudFormation trusted access should be enabled in the AWS Organization.","complete",false,5,1,"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.html"
+"Top-level Infrastructure OU deployed","Top-level Infrastructure OU should exist.","complete",false,5,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"Top-level Security OU deployed","Top-level Security OU should exist.","complete",true,6,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"Top-level Workloads OU deployed","Top-level Workloads OU should exist.","complete",false,5,2,"https://catalog.workshops.aws/control-tower/en-US/introduction/manage-ou"
+"IAM IdC Organization service enabled","IAM Identity Center trusted access should be enabled in the AWS Organization","complete",true,6,1,"https://docs.aws.amazon.com/singlesignon/latest/userguide/get-set-up-for-idc.html"
+"IAM IdC configured","IAM Identity Center should be configured.","complete",true,6,3,"https://docs.aws.amazon.com/singlesignon/latest/userguide/tutorials.html"
+"Service Control Policies enabled","Service Control Policy should be enabled within the AWS Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Organization Tag Policy enabled","Tag Policy should be enabled within the AWS Organization.","complete",true,6,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Organization Backup Policy enabled","Backup Policy should be enabled within the AWS Organization.","complete",false,5,1,"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_enable-disable.html"
+"Control Tower deployed","Control Tower should be deployed.","complete",true,6,6,"https://catalog.workshops.aws/control-tower/en-US/prerequisites/deploying"
+"Control Tower latest version","Control Tower should be the latest version.","complete",false,5,2,"https://docs.aws.amazon.com/controltower/latest/userguide/update-controltower.html"
+"Control Tower not drifted","Control Tower should not be drifted.","complete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/resolve-drift.html"
+"Log Archive account deployed","Log Archive account should exist.","complete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"
+"Audit account deployed","Audit/Security Tooling account should exist.","complete",true,6,2,"https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-from-console.html"