Merge pull request aws-samples#8 from aws-samples/clickable-links

Clickable links
joshkurz · Dec 15, 2022 · 5d0def8 · 5d0def8
2 parents 7c041d8 + 2e86919
commit 5d0def8
Show file tree

Hide file tree

Showing 15 changed files with 40 additions and 40 deletions.
diff --git a/hardeneks/cluster_wide/reliability/applications.py b/hardeneks/cluster_wide/reliability/applications.py
@@ -20,7 +20,7 @@ def check_metrics_server_is_running(resources: Resources):
         print(
             Panel(
                 "[red]Deploy metrics server.",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server]Click to see the guide[/link]",
             )
         )
         console.print()
@@ -41,7 +41,7 @@ def check_vertical_pod_autoscaler_exists(resources: Resources):
         print(
             Panel(
                 "[red]Deploy vertical pod autoscaler if needed.",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa]Click to see the guide[/link]",
             )
         )
         console.print()

diff --git a/hardeneks/cluster_wide/security/detective_controls.py b/hardeneks/cluster_wide/security/detective_controls.py
@@ -19,7 +19,7 @@ def check_logs_are_enabled(resources: Resources):
         print(
             Panel(
                 "[red]Enable control plane logs for auditing",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs]Click to see the guide[/link]",
             )
         )
         console.print()

diff --git a/hardeneks/cluster_wide/security/encryption_secrets.py b/hardeneks/cluster_wide/security/encryption_secrets.py
@@ -17,7 +17,7 @@ def use_encryption_with_ebs(resources: Resources):
         print_storage_class_table(
             offenders,
             "[red]EBS Storage Classes should have encryption parameter",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]",
         )
     return offenders
 
@@ -39,7 +39,7 @@ def use_encryption_with_efs(resources: Resources):
         print_persistent_volume_table(
             offenders,
             "[red]EFS Persistent volumes should have tls mount option",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]",
         )
     return offenders
 
@@ -57,6 +57,6 @@ def use_efs_access_points(resources: Resources):
         print_persistent_volume_table(
             offenders,
             "[red]EFS Persistent volumes should leverage access points",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets]Click to see the guide[/link]",
         )
     return offenders
diff --git a/hardeneks/cluster_wide/security/iam.py b/hardeneks/cluster_wide/security/iam.py
@@ -24,7 +24,7 @@ def restrict_wildcard_for_cluster_roles(resources: Resources):
         print_role_table(
             offenders,
             "[red]ClusterRoles should not have '*' in Verbs or Resources",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]",
             "ClusterRole",
         )
     return offenders
@@ -40,7 +40,7 @@ def check_endpoint_public_access(resources: Resources):
         print(
             Panel(
                 "[red]EKS Cluster Endpoint is not Private",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private]Click to see the guide[/link]",
             )
         )
         console.print()
@@ -58,7 +58,7 @@ def check_aws_node_daemonset_service_account(resources: Resources):
         print(
             Panel(
                 "[red]Update the aws-node daemonset to use IRSA",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa]Click to see the guide[/link]",
             )
         )
         console.print()
@@ -95,7 +95,7 @@ def check_access_to_instance_profile(resources: Resources):
         print_instance_metadata_table(
             offenders,
             "[red]Restrict access to the instance profile assigned to nodes",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2]Click to see the guide[/link]",
         )
     return offenders
 
@@ -116,7 +116,7 @@ def disable_anonymous_access_for_cluster_roles(resources: Resources):
         print_role_table(
             offenders,
             "[red]Don't bind clusterroles to anonymous/unauthenticated groups",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]",
             "ClusterRoleBinding",
         )
 

diff --git a/hardeneks/cluster_wide/security/image_security.py b/hardeneks/cluster_wide/security/image_security.py
@@ -18,7 +18,7 @@ def use_immutable_tags_with_ecr(resources: Resources):
             offenders,
             "imageTagMutability",
             "[red]Make image tags immutable.",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr]Click to see the guide[/link]",
         )
 
     return offenders
diff --git a/hardeneks/cluster_wide/security/infrastructure_security.py b/hardeneks/cluster_wide/security/infrastructure_security.py
@@ -34,7 +34,7 @@ def deploy_workers_onto_private_subnets(resources: Resources):
         print_instance_public_table(
             offenders,
             "[red]Place worker nodes on private subnets.",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets]Click to see the guide[/link]",
         )
     return offenders
 
@@ -59,7 +59,7 @@ def make_sure_inspector_is_enabled(resources: Resources):
         print(
             Panel(
                 "[red]Enable Amazon Inspector for ec2 and ecr",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices]Click to see the guide[/link]",
             )
         )
         console.print()

diff --git a/hardeneks/cluster_wide/security/multi_tenancy.py b/hardeneks/cluster_wide/security/multi_tenancy.py
@@ -20,7 +20,7 @@ def ensure_namespace_quotas_exist(resources: Resources):
         print_namespace_table(
             offenders,
             "[red]Namespaces should have quotas assigned",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces]Click to see the guide[/link]",
         )
 
     return offenders
diff --git a/hardeneks/cluster_wide/security/network_security.py b/hardeneks/cluster_wide/security/network_security.py
@@ -27,7 +27,7 @@ def check_vpc_flow_logs(resources: Resources):
         print(
             Panel(
                 "[red]Enable flow logs for your VPC.",
-                subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata",
+                subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata]Click to see the guide[/link]",
             )
         )
         console.print()
@@ -43,7 +43,7 @@ def check_awspca_exists(resources: Resources):
     print(
         Panel(
             "[red]Install aws privateca issuer for your certificates.",
-            subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager",
+            subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager]Click to see the guide[/link]",
         )
     )
     console.print()
@@ -60,7 +60,7 @@ def check_default_deny_policy_exists(resources: Resources):
         print_namespace_table(
             offenders,
             "[red]Namespaces that does not have default network deny policies",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy]Click to see the guide[/link]",
         )
 
     return offenders
diff --git a/hardeneks/cluster_wide/security/pod_security.py b/hardeneks/cluster_wide/security/pod_security.py
@@ -22,7 +22,7 @@ def ensure_namespace_psa_exist(resources: Resources):
         print_namespace_table(
             offenders,
             "[red]Namespaces should have psa modes.",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa]Click to see the guide[/link]",
         )
 
     return offenders
diff --git a/hardeneks/namespace_based/reliability/applications.py b/hardeneks/namespace_based/reliability/applications.py
@@ -19,7 +19,7 @@ def avoid_running_singleton_pods(namespaced_resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Avoid running pods without deployments.",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods]Click to see the guide[/link]",
         )
     return offenders
 
@@ -35,7 +35,7 @@ def run_multiple_replicas(namespaced_resources: NamespacedResources):
         print_deployment_table(
             offenders,
             "[red]Avoid running single replica deployments",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas]Click to see the guide[/link]",
         )
     return offenders
 
@@ -58,7 +58,7 @@ def schedule_replicas_across_nodes(namespaced_resources: NamespacedResources):
         print_service_table(
             offenders,
             "[red]Spread replicas across AZs and Nodes",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes]Click to see the guide[/link]",
         )
     return offenders
 
@@ -78,7 +78,7 @@ def check_horizontal_pod_autoscaling_exists(
         print_service_table(
             offenders,
             "[red]Deploy horizontal pod autoscaler for deployments",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa]Click to see the guide[/link]",
         )
     return offenders
 
@@ -95,7 +95,7 @@ def check_readiness_probes(namespaced_resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Define readiness probes for pods.",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability]Click to see the guide[/link]",
         )
     return offenders
 
@@ -112,6 +112,6 @@ def check_liveness_probes(namespaced_resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Define liveness probes for pods.",
-            "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods",
+            "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods]Click to see the guide[/link]",
         )
     return offenders
diff --git a/hardeneks/namespace_based/security/encryption_secrets.py b/hardeneks/namespace_based/security/encryption_secrets.py
@@ -22,7 +22,7 @@ def disallow_secrets_from_env_vars(resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Disallow secrets from env vars",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables]Click to see the guide[/link]",
         )
 
     return offenders
diff --git a/hardeneks/namespace_based/security/iam.py b/hardeneks/namespace_based/security/iam.py
@@ -27,7 +27,7 @@ def restrict_wildcard_for_roles(resources: NamespacedResources):
         print_role_table(
             offenders,
             "[red]Roles should not have '*' in Verbs or Resources",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]",
             "Role",
         )
     return offenders
@@ -44,7 +44,7 @@ def disable_service_account_token_mounts(resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Auto-mounting of Service Account tokens is not allowed",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens]Click to see the guide[/link]",
         )
     return offenders
 
@@ -64,7 +64,7 @@ def disable_run_as_root_user(resources: NamespacedResources):
         print_pod_table(
             offenders,
             "[red]Running as root is not allowed",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user]Click to see the guide[/link]",
         )
 
     return offenders
@@ -86,7 +86,7 @@ def disable_anonymous_access_for_roles(resources: NamespacedResources):
         print_role_table(
             offenders,
             "[red]Don't bind roles to anonymous or unauthenticated groups",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]",
             "RoleBinding",
         )
     return offenders
@@ -116,7 +116,7 @@ def use_dedicated_service_accounts_for_each_deployment(
         print_workload_table(
             offenders,
             "[red]Don't share service accounts between Deployments",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
             "Deployment",
         )
 
@@ -147,7 +147,7 @@ def use_dedicated_service_accounts_for_each_stateful_set(
         print_workload_table(
             offenders,
             "[red]Don't share service accounts between StatefulSets",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
             "StatefulSet",
         )
 
@@ -178,7 +178,7 @@ def use_dedicated_service_accounts_for_each_daemon_set(
         print_workload_table(
             offenders,
             "[red]Don't share service accounts between DaemonSets",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]",
             "DaemonSet",
         )
 

diff --git a/hardeneks/namespace_based/security/network_security.py b/hardeneks/namespace_based/security/network_security.py
@@ -30,6 +30,6 @@ def use_encryption_with_aws_load_balancers(
         print_service_table(
             offenders,
             "[red]Make sure you specify an ssl cert",
-            "Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers",
+            "[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers]Click to see the guide[/link]",
         )
     return offenders