Merge pull request #10 from eddie-knight/strike-messages

Polished some strike messages

strikes/AutomatedBackups.go

@@ -2,6 +2,7 @@ package strikes
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/rds"
@@ -45,14 +46,14 @@ func (a *Strikes) AutomatedBackups() (strikeName string, result raidengine.Strik
 	}
 
 	result.Passed = true
-	result.Message = "Completed Successfully"
+	result.Message = "Automated Backups are enabled"
 	return
 }
 
 func checkRDSAutomatedBackupMovement(cfg aws.Config) (result raidengine.MovementResult) {
 
 	result = raidengine.MovementResult{
-		Description: "Check if the instance has automated backups enabled",
+		Description: "Check whether the instance has automated backups enabled",
 		Function:    utils.CallerPath(0),
 	}
 
@@ -71,6 +72,8 @@ func checkRDSAutomatedBackupMovement(cfg aws.Config) (result raidengine.Movement
 	}
 
 	// Loop through the instances and print information
-	result.Passed = len(backups.DBInstanceAutomatedBackups) > 0
+	backupCount := len(backups.DBInstanceAutomatedBackups)
+	result.Message = fmt.Sprintf("%d Automated backups found", backupCount)
+	result.Passed = backupCount > 0
 	return
 }

strikes/Encryption.go

@@ -42,14 +42,14 @@ func (a *Strikes) Encryption() (strikeName string, result raidengine.StrikeResul
 	}
 
 	result.Passed = true
-	result.Message = "Completed Successfully"
+	result.Message = "Storage encryption is enabled"
 	return
 }
 
 func checkIfStorageIsEncryptedMovement(cfg aws.Config) (result raidengine.MovementResult) {
 
 	result = raidengine.MovementResult{
-		Description: "Check if the instance has storage encryption enabled",
+		Description: "Check whether the instance has storage encryption enabled",
 		Function:    utils.CallerPath(0),
 	}
 

strikes/MultiRegion.go

@@ -10,7 +10,7 @@ func (a *Strikes) MultiRegion() (strikeName string, result raidengine.StrikeResu
 	strikeName = "MultiRegion"
 	result = raidengine.StrikeResult{
 		Passed:      false,
-		Description: "Check if AWS RDS instance has multi region. This strike only checks for a read replica in a seperate region",
+		Description: "Check whether AWS RDS instance has multi-region read replicas",
 		DocsURL:     "https://www.github.com/krumIO/raid-rds",
 		ControlID:   "CCC-Taxonomy-1",
 		Movements:   make(map[string]raidengine.MovementResult),
@@ -46,7 +46,7 @@ func (a *Strikes) MultiRegion() (strikeName string, result raidengine.StrikeResu
 func checkRDSMultiRegionMovement(cfg aws.Config) (result raidengine.MovementResult) {
 
 	result = raidengine.MovementResult{
-		Description: "Check if the instance has multi region enabled",
+		Description: "Look for read replicas in a different region than the host instance",
 		Function:    utils.CallerPath(0),
 	}
 	instanceIdentifier, _ := getHostDBInstanceIdentifier()
@@ -58,7 +58,7 @@ func checkRDSMultiRegionMovement(cfg aws.Config) (result raidengine.MovementResu
 
 	if len(readReplicas) == 0 {
 		result.Passed = false
-		result.Message = "Multi Region instances not found"
+		result.Message = "Read replicas not found for this instance"
 		return
 	}
 
@@ -78,7 +78,7 @@ func checkRDSMultiRegionMovement(cfg aws.Config) (result raidengine.MovementResu
 
 		if len(replicaInstance.DBInstances) == 0 {
 			result.Passed = false
-			result.Message = "Cannot access the replica instance " + replica
+			result.Message = "Read replica exists, but cannot access: " + replica
 			return
 		}
 
@@ -87,7 +87,7 @@ func checkRDSMultiRegionMovement(cfg aws.Config) (result raidengine.MovementResu
 		// db instance doesnt contain the region so we need to remove the last character from the az
 		if az[:len(az)-1] == hostRDSRegion {
 			result.Passed = false
-			result.Message = "Multi Region instances not found"
+			result.Message = "Read replica exists, but not in a different region"
 			return
 		}
 	}

strikes/RBAC.go

@@ -14,7 +14,7 @@ func (a *Strikes) RBAC() (strikeName string, result raidengine.StrikeResult) {
 	strikeName = "RBAC"
 	result = raidengine.StrikeResult{
 		Passed:      false,
-		Description: "Check if database IAM authentication is enabled on the specified RDS instance",
+		Description: "Check whether primary RDS instance supports RBAC authentication",
 		DocsURL:     "https://www.github.com/krumIO/raid-rds",
 		ControlID:   "CCC-Taxonomy-1",
 		Movements:   make(map[string]raidengine.MovementResult),
@@ -36,20 +36,19 @@ func (a *Strikes) RBAC() (strikeName string, result raidengine.StrikeResult) {
 
 	iamDatabaseAuthMovement := checkForIAMDatabaseAuthMovement(cfg)
 	result.Movements["CheckForIAMDatabaseAuth"] = iamDatabaseAuthMovement
+	result.Message = iamDatabaseAuthMovement.Message
 	if !iamDatabaseAuthMovement.Passed {
-		result.Message = iamDatabaseAuthMovement.Message
 		return
 	}
 
 	result.Passed = true
-	result.Message = "Completed Successfully"
 	return
 }
 
 func checkForIAMDatabaseAuthMovement(cfg aws.Config) (result raidengine.MovementResult) {
 
 	result = raidengine.MovementResult{
-		Description: "Check if the instance has IAM Database Authentication enabled",
+		Description: "Check whether the instance has IAM Database Authentication enabled",
 		Function:    utils.CallerPath(0),
 	}
 
@@ -71,5 +70,6 @@ func checkForIAMDatabaseAuthMovement(cfg aws.Config) (result raidengine.Movement
 
 	// Loop through the instances and print information
 	result.Passed = true
+	result.Message = "IAM Database Authentication is enabled"
 	return
 }

strikes/common.go

@@ -92,7 +92,7 @@ func connectToDb() (result raidengine.MovementResult) {
 func checkRDSInstanceMovement(cfg aws.Config) (result raidengine.MovementResult) {
 	// check if the instance is available
 	result = raidengine.MovementResult{
-		Description: "Check if the instance is available/exists",
+		Description: "Check whether the instance can be reached",
 		Function:    utils.CallerPath(0),
 	}
 
@@ -105,6 +105,7 @@ func checkRDSInstanceMovement(cfg aws.Config) (result raidengine.MovementResult)
 		result.Passed = false
 		return
 	}
+	result.Message = "Instance found"
 	result.Passed = len(instance.DBInstances) > 0
 	return
 }