[resotocore][feat] Add AWS CIS 2.0 (#1863)

resotocore/resotocore/db/arangodb_extensions.py

@@ -12,23 +12,39 @@
 
 
 class ArangoHTTPClient(HTTPClient):
-    def __init__(self, timeout: int, verify: Union[str, bool, None]):
+    def __init__(
+        self,
+        timeout: int,
+        verify: Union[str, bool, None],
+        retry_attempts: int = 3,
+        backoff_factor: float = 1.0,
+        pool_connections: int = 10,
+        pool_maxsize: int = 20,
+    ):
         log.info(f"Create ArangoHTTPClient with timeout={timeout} and verify={verify}")
-        self.timeout = timeout
-        self.verify = verify
+        self._timeout = timeout
+        self._verify = verify
+        self._retry_attempts = retry_attempts
+        self._backoff_factor = backoff_factor
+        self._pool_connections = pool_connections
+        self._pool_maxsize = pool_maxsize
 
     def create_session(self, host: str) -> Session:
         retry_strategy = Retry(
-            total=3,
-            backoff_factor=1,
+            total=self._retry_attempts,
+            backoff_factor=self._backoff_factor,
             status_forcelist=[429, 500, 502, 503, 504],
             allowed_methods=["HEAD", "GET", "OPTIONS"],
         )
-        http_adapter = HTTPAdapter(max_retries=retry_strategy)
+        http_adapter = HTTPAdapter(
+            pool_connections=self._pool_connections,
+            pool_maxsize=self._pool_maxsize,
+            max_retries=retry_strategy,
+        )
         session = Session()
         session.mount("https://", http_adapter)
         session.mount("http://", http_adapter)
-        session.verify = self.verify
+        session.verify = self._verify
         return session
 
     def send_request(
@@ -41,5 +57,5 @@ def send_request(
         data: Union[str, MultipartEncoder, None] = None,
         auth: Optional[Tuple[str, str]] = None,
     ) -> Response:
-        response = session.request(method, url, params, data, headers, auth=auth, timeout=self.timeout)
+        response = session.request(method, url, params, data, headers, auth=auth, timeout=self._timeout)
         return Response(method, response.url, response.headers, response.status_code, response.reason, response.text)

resotocore/resotocore/static/report/benchmark/aws/aws_cis_1_5.json

@@ -1,5 +1,5 @@
 {
-    "title": "AWS CIS 1.5.0",
+    "title": "AWS CIS 1.5",
     "framework": "CIS",
     "clouds": ["aws"],
     "version": "1.5",
@@ -507,6 +507,13 @@
                     "checks": [
                         "aws_ec2_routing_tables_with_least_privilege"
                     ]
+                },
+                {
+                    "title": "5.6 Ensure that EC2 Metadata Service only allows IMDSv2",
+                    "description": "When enabling the Metadata Service on AWS EC2 instances, users have the option of using either Instance Metadata Service Version 1 (IMDSv1; a request/response method) or Instance Metadata Service Version 2 (IMDSv2; a session-oriented method).",
+                    "checks": [
+                        "aws_ec2_instance_imdsv2_enabled"
+                    ]
                 }
             ]
         }