{
  "schema": 1,
  "applicationInfo": {
    "name": "My Application",
    "description": "**Important**: This threat model is not comprehensive or complete. This document does not list all possible threats, and where threats do have mapped mitigations - these mitigations are not deemed to be complete.\n\nConsider this as a starting point for your own diligence and threat modeling."
  },
  "architecture": {
    "image": "",
    "description": ""
  },
  "dataflow": {
    "image": "",
    "description": "**Note:** A data flow diagram has not been captured at this stage. You should consider creating a data-flow diagram."
  },
  "assumptions": [],
  "mitigations": [
    {
      "id": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "numericId": 107,
      "displayOrder": 107,
      "tags": [
        "VPC"
      ],
      "content": "cdk-nag rule: VPCSubnetAutoAssignPublicIpDisabled"
    },
    {
      "id": "b77f601d-822e-4911-b1da-6756ba7d4527",
      "numericId": 106,
      "displayOrder": 106,
      "tags": [
        "VPC"
      ],
      "content": "cdk-nag rule: VPCNoNACLs"
    },
    {
      "id": "be57de80-6cb4-420d-80bc-c7fb6a97d6ea",
      "numericId": 105,
      "displayOrder": 105,
      "tags": [
        "Timestream"
      ],
      "content": "cdk-nag rule: TimestreamDatabaseCustomerManagedKey"
    },
    {
      "id": "a92c9799-aba4-45f9-a639-8c922d7706d0",
      "numericId": 104,
      "displayOrder": 104,
      "tags": [
        "SQS"
      ],
      "content": "cdk-nag rule: SQSQueueSSLRequestsOnly"
    },
    {
      "id": "a1aae9d0-1511-4f93-841e-801e9b47976f",
      "numericId": 103,
      "displayOrder": 103,
      "tags": [
        "SQS"
      ],
      "content": "cdk-nag rule: SQSQueueSSE"
    },
    {
      "id": "7e9478e3-4571-4c36-bb7c-bb33acf4ec08",
      "numericId": 102,
      "displayOrder": 102,
      "tags": [
        "SNS"
      ],
      "content": "cdk-nag rule: SNSTopicSSLPublishOnly"
    },
    {
      "id": "fff9fac4-1512-4a49-81a3-88e420f6c110",
      "numericId": 100,
      "displayOrder": 100,
      "tags": [
        "Secrets Manager"
      ],
      "content": "cdk-nag rule: SecretsManagerRotationEnabled"
    },
    {
      "id": "d23b82f2-f274-42eb-9edd-75ddc0ca75d2",
      "numericId": 99,
      "displayOrder": 99,
      "tags": [
        "SageMaker"
      ],
      "content": "cdk-nag rule: SageMakerNotebookNoDirectInternetAccess"
    },
    {
      "id": "75327602-a8f0-48ed-b635-305678ef5893",
      "numericId": 98,
      "displayOrder": 98,
      "tags": [
        "SageMaker"
      ],
      "content": "cdk-nag rule: SageMakerNotebookInVPC"
    },
    {
      "id": "b6cfe99f-842f-4567-8611-92c7cea45eb2",
      "numericId": 97,
      "displayOrder": 97,
      "tags": [
        "SageMaker"
      ],
      "content": "cdk-nag rule: SageMakerNotebookInstanceKMSKeyConfigured"
    },
    {
      "id": "c0f8d761-b616-49d4-b60e-d9d413c91f19",
      "numericId": 96,
      "displayOrder": 96,
      "tags": [
        "S3",
        "CloudFront"
      ],
      "content": "cdk-nag rule: S3WebBucketOAIAccess"
    },
    {
      "id": "b19fd780-64a3-42c6-a0d2-92833af17e40",
      "numericId": 95,
      "displayOrder": 95,
      "tags": [
        "S3"
      ],
      "content": "cdk-nag rule: S3BucketSSLRequestsOnly"
    },
    {
      "id": "1483c264-8b13-4954-8e79-97bb63163b57",
      "numericId": 94,
      "displayOrder": 94,
      "tags": [
        "S3"
      ],
      "content": "cdk-nag rule: S3BucketPublicWriteProhibited"
    },
    {
      "id": "c4b91bbd-8e0f-457e-97e1-3b940b2007ef",
      "numericId": 93,
      "displayOrder": 93,
      "tags": [
        "S3"
      ],
      "content": "cdk-nag rule: S3BucketPublicReadProhibited"
    },
    {
      "id": "646feb9c-6f18-4307-8a90-8a44b851d176",
      "numericId": 92,
      "displayOrder": 92,
      "tags": [
        "S3"
      ],
      "content": "cdk-nag rule: S3BucketLoggingEnabled"
    },
    {
      "id": "0ae5ca12-88c7-4648-a1e8-28ad585c3336",
      "numericId": 91,
      "displayOrder": 91,
      "tags": [
        "S3"
      ],
      "content": "cdk-nag rule: S3BucketLevelPublicAccessProhibited"
    },
    {
      "id": "78d761ef-4297-45d1-ae1b-7ba545d39130",
      "numericId": 90,
      "displayOrder": 90,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftRequireTlsSSL"
    },
    {
      "id": "232d24ee-cfd5-4351-bd5d-3dfdcf2508ee",
      "numericId": 89,
      "displayOrder": 89,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterVersionUpgrade"
    },
    {
      "id": "46e8c83a-a4d0-428d-ba9e-b4c9e68bbc24",
      "numericId": 88,
      "displayOrder": 88,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterPublicAccess"
    },
    {
      "id": "b08bdd06-48c1-4c3f-8401-464d667e92e0",
      "numericId": 87,
      "displayOrder": 87,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterNonDefaultUsername"
    },
    {
      "id": "857bbf82-30f5-40f0-9ffd-60b6b67053e9",
      "numericId": 86,
      "displayOrder": 86,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterNonDefaultPort"
    },
    {
      "id": "c75b2076-9a00-4808-8525-a25d629fb784",
      "numericId": 85,
      "displayOrder": 85,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterInVPC"
    },
    {
      "id": "55c0cdfd-c8e5-4d41-a700-de7a89557782",
      "numericId": 84,
      "displayOrder": 84,
      "tags": [
        "Redshift"
      ],
      "content": "cdk-nag rule: RedshiftClusterEncryptionAtRest"
    },
    {
      "id": "de0b05cd-ff7d-4993-81c5-5bc5585151a4",
      "numericId": 83,
      "displayOrder": 83,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: RDSStorageEncrypted"
    },
    {
      "id": "59a9c68e-b899-4dea-b326-ebebda148f00",
      "numericId": 82,
      "displayOrder": 82,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: RDSRestrictedInbound"
    },
    {
      "id": "5382b34e-1cee-4fe4-acab-1e1ef283437d",
      "numericId": 81,
      "displayOrder": 81,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: RDSNonDefaultPort"
    },
    {
      "id": "dc7ad88b-55b0-480d-9023-b9ac660b388e",
      "numericId": 80,
      "displayOrder": 80,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: RDSInstancePublicAccess"
    },
    {
      "id": "cdfb2f22-d096-468c-ae64-c8a63e6d03d5",
      "numericId": 79,
      "displayOrder": 79,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: RDSAutomaticMinorVersionUpgradeEnabled"
    },
    {
      "id": "16a9eba9-5e70-4d94-b9d9-d77cf17c522f",
      "numericId": 78,
      "displayOrder": 78,
      "tags": [
        "RDS"
      ],
      "content": "cdk-nag rule: AuroraMySQLPostgresIAMAuth"
    },
    {
      "id": "4f2ac79c-f343-4916-9b8c-b078544f81a5",
      "numericId": 77,
      "displayOrder": 77,
      "tags": [
        "Quicksight"
      ],
      "content": "cdk-nag rule: QuicksightSSLConnections"
    },
    {
      "id": "e1239e2d-9267-4608-ab0d-09d4eab63d7d",
      "numericId": 76,
      "displayOrder": 76,
      "tags": [
        "OpenSearch"
      ],
      "content": "cdk-nag rule: OpenSearchNoUnsignedOrAnonymousAccess"
    },
    {
      "id": "68089d75-7a9f-4a48-b742-95dde35b069a",
      "numericId": 75,
      "displayOrder": 75,
      "tags": [
        "OpenSearch"
      ],
      "content": "cdk-nag rule: OpenSearchNodeToNodeEncryption"
    },
    {
      "id": "972fb272-b77f-4f32-95f0-bb47023d3770",
      "numericId": 74,
      "displayOrder": 74,
      "tags": [
        "OpenSearch"
      ],
      "content": "cdk-nag rule: OpenSearchInVPCOnly"
    },
    {
      "id": "28b7cc4b-21f3-4155-a4e3-4f3dcb5e9117",
      "numericId": 73,
      "displayOrder": 73,
      "tags": [
        "OpenSearch"
      ],
      "content": "cdk-nag rule: OpenSearchEncryptedAtRest"
    },
    {
      "id": "6288512e-5ebc-433e-bef5-a3f038119b69",
      "numericId": 72,
      "displayOrder": 72,
      "tags": [
        "OpenSearch"
      ],
      "content": "cdk-nag rule: OpenSearchAllowlistedIPs"
    },
    {
      "id": "c22f8d36-4546-4e39-9eea-156fbbc7d99b",
      "numericId": 71,
      "displayOrder": 71,
      "tags": [
        "Neptune"
      ],
      "content": "cdk-nag rule: NeptuneClusterIAMAuth"
    },
    {
      "id": "8912a402-b365-4d39-ab63-321825adbd1e",
      "numericId": 70,
      "displayOrder": 70,
      "tags": [
        "Neptune"
      ],
      "content": "cdk-nag rule: NeptuneClusterEncryptionAtRest"
    },
    {
      "id": "7f0815f2-c84e-4cd9-9859-3ed693729cab",
      "numericId": 69,
      "displayOrder": 69,
      "tags": [
        "Neptune"
      ],
      "content": "cdk-nag rule: NeptuneClusterAutomaticMinorVersionUpgrade"
    },
    {
      "id": "8f608620-f1a1-40e8-b34b-f6ea547fe0fa",
      "numericId": 68,
      "displayOrder": 68,
      "tags": [
        "MSK"
      ],
      "content": "cdk-nag rule: MSKClientToBrokerTLS"
    },
    {
      "id": "5e01f259-e40f-460e-a1a6-0666398a2c7a",
      "numericId": 67,
      "displayOrder": 67,
      "tags": [
        "MediaStore"
      ],
      "content": "cdk-nag rule: MediaStoreContainerHasContainerPolicy"
    },
    {
      "id": "00dc16be-7bce-4b82-830d-b3ac223a4fbf",
      "numericId": 66,
      "displayOrder": 66,
      "tags": [
        "MediaStore"
      ],
      "content": "cdk-nag rule: MediaStoreContainerSSLRequestsOnly"
    },
    {
      "id": "4487d987-db5b-4a81-a6cb-ab736509ae2e",
      "numericId": 65,
      "displayOrder": 65,
      "tags": [
        "MediaStore"
      ],
      "content": "cdk-nag rule: MediaStoreContainerCORSPolicy"
    },
    {
      "id": "fcd9742a-30eb-4303-97e7-206e4a1f63fd",
      "numericId": 64,
      "displayOrder": 64,
      "tags": [
        "Lambda"
      ],
      "content": "cdk-nag rule: LambdaLatestVersion"
    },
    {
      "id": "d0d6e348-0ed5-4465-b275-ba4f301097e1",
      "numericId": 63,
      "displayOrder": 63,
      "tags": [
        "Lambda"
      ],
      "content": "cdk-nag rule: LambdaFunctionUrlAuth"
    },
    {
      "id": "9cd8dfd8-8f1f-4697-aa2d-17378c3eb587",
      "numericId": 62,
      "displayOrder": 62,
      "tags": [
        "KMS"
      ],
      "content": "cdk-nag rule: KMSBackingKeyRotationEnabled"
    },
    {
      "id": "c22a535f-d743-40ba-8531-e979c1235cb7",
      "numericId": 61,
      "displayOrder": 61,
      "tags": [
        "Kinesis"
      ],
      "content": "cdk-nag rule: KinesisDataStreamSSE"
    },
    {
      "id": "a66e5b68-509d-47bd-888c-a43e390ecd82",
      "numericId": 60,
      "displayOrder": 60,
      "tags": [
        "Kinesis"
      ],
      "content": "cdk-nag rule: KinesisDataStreamDefaultKeyWhenSSE"
    },
    {
      "id": "f1601e79-56fe-4863-8466-7d383ed65274",
      "numericId": 59,
      "displayOrder": 59,
      "tags": [
        "Kinesis"
      ],
      "content": "cdk-nag rule: KinesisDataFirehoseSSE"
    },
    {
      "id": "4fe4bbaf-08fa-437d-b5ea-1e010610133b",
      "numericId": 58,
      "displayOrder": 58,
      "tags": [
        "IAM"
      ],
      "content": "cdk-nag rule: IAMPolicyNoStatementsWithFullAccess"
    },
    {
      "id": "1a74ef32-b240-4173-9f02-0e8ebbc20191",
      "numericId": 57,
      "displayOrder": 57,
      "tags": [
        "IAM"
      ],
      "content": "cdk-nag rule: IAMPolicyNoStatementsWithAdminAccess"
    },
    {
      "id": "ca417660-79a6-4725-b498-7406ffc8a9f5",
      "numericId": 56,
      "displayOrder": 56,
      "tags": [
        "IAM"
      ],
      "content": "cdk-nag rule: IAMNoWildcardPermissions"
    },
    {
      "id": "da85ab97-eb06-4c15-9782-5a7a1924c7d4",
      "numericId": 55,
      "displayOrder": 55,
      "tags": [
        "IAM"
      ],
      "content": "cdk-nag rule: IAMNoManagedPolicies"
    },
    {
      "id": "0ba2992b-2d77-4864-b58b-f52bacdc4349",
      "numericId": 53,
      "displayOrder": 53,
      "tags": [
        "Glue"
      ],
      "content": "cdk-nag rule: GlueJobBookmarkEncrypted"
    },
    {
      "id": "06342334-a5c7-45f5-9325-6c8bb097f005",
      "numericId": 52,
      "displayOrder": 52,
      "tags": [
        "Glue"
      ],
      "content": "cdk-nag rule: GlueEncryptedCloudWatchLogs"
    },
    {
      "id": "a19bfb5e-6416-49d5-ad97-48476a92921f",
      "numericId": 51,
      "displayOrder": 51,
      "tags": [
        "Event Bridge"
      ],
      "content": "cdk-nag rule: EventBusOpenAccess"
    },
    {
      "id": "ca237931-d8f4-487a-9cf3-72d81b7107ab",
      "numericId": 50,
      "displayOrder": 50,
      "tags": [
        "EMR"
      ],
      "content": "cdk-nag rule: EMRLocalDiskEncryption"
    },
    {
      "id": "38e3b1ce-484a-4e02-a00c-cd46686fd3ba",
      "numericId": 49,
      "displayOrder": 49,
      "tags": [
        "EMR"
      ],
      "content": "cdk-nag rule: EMREncryptionInTransit"
    },
    {
      "id": "c8503353-a75f-4e28-a156-4424f9a28c76",
      "numericId": 48,
      "displayOrder": 48,
      "tags": [
        "EMR"
      ],
      "content": "cdk-nag rule: EMRAuthEC2KeyPairOrKerberos"
    },
    {
      "id": "c90a9a7a-1536-4dc3-a582-3eb0abaddd8b",
      "numericId": 47,
      "displayOrder": 47,
      "tags": [
        "ALB"
      ],
      "content": "cdk-nag rule: ALBHttpToHttpsRedirection"
    },
    {
      "id": "01867f64-62e3-4981-a571-07c42ce35dfd",
      "numericId": 46,
      "displayOrder": 46,
      "tags": [
        "Elastic Beanstalk"
      ],
      "content": "cdk-nag rule: ElasticBeanstalkVPCSpecified"
    },
    {
      "id": "0c99176f-071d-4e9a-97d7-90fe9a7f1293",
      "numericId": 45,
      "displayOrder": 45,
      "tags": [
        "Elastic Beanstalk"
      ],
      "content": "cdk-nag rule: ElasticBeanstalkManagedUpdatesEnabled"
    },
    {
      "id": "6a6b668e-63f1-4bd5-bfd3-dbcaf5386a69",
      "numericId": 44,
      "displayOrder": 44,
      "tags": [
        "Elastic Beanstalk"
      ],
      "content": "cdk-nag rule: ElasticBeanstalkEC2InstanceLogsToS3"
    },
    {
      "id": "98e3e1a6-7548-405d-a896-abbda186e920",
      "numericId": 43,
      "displayOrder": 43,
      "tags": [
        "ElastiCache"
      ],
      "content": "cdk-nag rule: ElastiCacheRedisClusterRedisAuth"
    },
    {
      "id": "f2e8e52c-3b0f-4256-9497-d2f6743971c7",
      "numericId": 42,
      "displayOrder": 42,
      "tags": [
        "ElastiCache"
      ],
      "content": "cdk-nag rule: ElastiCacheRedisClusterEncryption"
    },
    {
      "id": "7fde0f89-ef45-49ec-a88d-3a8f17aa9a8a",
      "numericId": 41,
      "displayOrder": 41,
      "tags": [
        "ElastiCache"
      ],
      "content": "cdk-nag rule: ElastiCacheClusterNonDefaultPort"
    },
    {
      "id": "2202a747-7921-4fff-94ec-24467b86bb55",
      "numericId": 40,
      "displayOrder": 40,
      "tags": [
        "ElastiCache"
      ],
      "content": "cdk-nag rule: ElastiCacheClusterInVPC"
    },
    {
      "id": "c00d5353-11bb-48b0-9abd-4ac291dd4cb3",
      "numericId": 39,
      "displayOrder": 39,
      "tags": [
        "EKS"
      ],
      "content": "cdk-nag rule: EKSClusterNoEndpointPublicAccess"
    },
    {
      "id": "24f0ecef-8c8b-4d53-b5ad-be63739587fa",
      "numericId": 38,
      "displayOrder": 38,
      "tags": [
        "API Gateway"
      ],
      "content": "cdk-nag rule: APIGWRequestValidation"
    },
    {
      "id": "22982dbd-4fd5-47fc-804c-03f88e4f479f",
      "numericId": 37,
      "displayOrder": 37,
      "tags": [
        "EKS"
      ],
      "content": "cdk-nag rule: EKSClusterControlPlaneLogs"
    },
    {
      "id": "0c4211b1-4bd1-464d-846e-82353ed1ebfa",
      "numericId": 36,
      "displayOrder": 36,
      "tags": [
        "EFS"
      ],
      "content": "cdk-nag rule: EFSEncrypted"
    },
    {
      "id": "fba0d1b6-ea6e-46cb-85c8-01f0244b1d66",
      "numericId": 35,
      "displayOrder": 35,
      "tags": [
        "ECS"
      ],
      "content": "cdk-nag rule: ECSTaskDefinitionNoEnvironmentVariables"
    },
    {
      "id": "7df3fa44-ac61-44f4-acd5-9ab2b78f2d98",
      "numericId": 34,
      "displayOrder": 34,
      "tags": [
        "ECS"
      ],
      "content": "cdk-nag rule: ECSTaskDefinitionContainerLogging"
    },
    {
      "id": "30b62ffd-ce1e-423c-a715-458971016ced",
      "numericId": 33,
      "displayOrder": 33,
      "tags": [
        "ECR"
      ],
      "content": "cdk-nag rule: ECROpenAccess"
    },
    {
      "id": "a3adc4bc-12e6-4e51-9a3b-f70173626aed",
      "numericId": 32,
      "displayOrder": 32,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2SecurityGroupDescription"
    },
    {
      "id": "c09ffb80-6a08-4d17-b497-6fadcf3f723e",
      "numericId": 31,
      "displayOrder": 31,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2RestrictedSSH"
    },
    {
      "id": "0edef48e-478a-4354-afba-04cbd8a678af",
      "numericId": 30,
      "displayOrder": 30,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2RestrictedInbound"
    },
    {
      "id": "dec3b995-d1ed-4a35-a3f3-b4053f05b3ab",
      "numericId": 29,
      "displayOrder": 29,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2RestrictedCommonPorts"
    },
    {
      "id": "1232e7b6-14d3-49a2-b323-cd7b789918ed",
      "numericId": 28,
      "displayOrder": 28,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2InstancesInVPC"
    },
    {
      "id": "b2ea394d-a5af-48c3-a0e2-5fedd84b252a",
      "numericId": 27,
      "displayOrder": 27,
      "tags": [
        "EC2"
      ],
      "content": "cdk-nag rule: EC2InstanceProfileAttached"
    },
    {
      "id": "84451178-bb5d-4426-b751-d356b47e4f8e",
      "numericId": 26,
      "displayOrder": 26,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: EC2InstanceNoPublicIp"
    },
    {
      "id": "7a5dd7f5-9fb9-4a91-a42a-347d1582a878",
      "numericId": 25,
      "displayOrder": 25,
      "tags": [
        "EC2",
        "EBS"
      ],
      "content": "cdk-nag rule: EC2EBSVolumeEncrypted"
    },
    {
      "id": "dbd35851-09f6-4979-8a04-a4c6e164b1e9",
      "numericId": 24,
      "displayOrder": 24,
      "tags": [
        "DAX"
      ],
      "content": "cdk-nag rule: DAXEncrypted"
    },
    {
      "id": "00a07f21-641a-4587-bdf3-7b540f4a3d72",
      "numericId": 23,
      "displayOrder": 23,
      "tags": [
        "DocumentDB"
      ],
      "content": "cdk-nag rule: DocumentDBCredentialsInSecretsManager"
    },
    {
      "id": "a4a01d7e-929a-4b05-9d94-32800cc114a1",
      "numericId": 22,
      "displayOrder": 22,
      "tags": [
        "DocumentDB"
      ],
      "content": "cdk-nag rule: DocumentDBClusterNonDefaultPort"
    },
    {
      "id": "d94476ca-88c9-4926-9475-dfa5cdd65820",
      "numericId": 21,
      "displayOrder": 21,
      "tags": [
        "DocumentDB"
      ],
      "content": "cdk-nag rule: DocumentDBClusterEncryptionAtRest"
    },
    {
      "id": "b5fc0f6b-28e8-49e6-ba4a-3b2c4654c1d2",
      "numericId": 20,
      "displayOrder": 20,
      "tags": [
        "DMS"
      ],
      "content": "cdk-nag rule: DMSReplicationNotPublic"
    },
    {
      "id": "a38a6f2c-709e-4d84-92dc-469d3177cc9a",
      "numericId": 19,
      "displayOrder": 19,
      "tags": [
        "Cognito"
      ],
      "content": "cdk-nag rule: CognitoUserPoolStrongPasswordPolicy"
    },
    {
      "id": "aec2e7cc-4c4a-4477-9f08-2dfab6d6f04a",
      "numericId": 18,
      "displayOrder": 18,
      "tags": [
        "Cognito"
      ],
      "content": "cdk-nag rule: CognitoUserPoolNoUnauthenticatedLogins"
    },
    {
      "id": "889e8015-010f-4af9-995b-f65e15e9492a",
      "numericId": 17,
      "displayOrder": 17,
      "tags": [
        "Cognito"
      ],
      "content": "cdk-nag rule: CognitoUserPoolMFA"
    },
    {
      "id": "908e9591-18d5-4654-9435-56971de5ece1",
      "numericId": 16,
      "displayOrder": 16,
      "tags": [
        "Cognito"
      ],
      "content": "cdk-nag rule: CognitoUserPoolAPIGWAuthorizer"
    },
    {
      "id": "b4019a73-d194-48ee-957c-50300e7b4f39",
      "numericId": 15,
      "displayOrder": 15,
      "tags": [
        "Cognito"
      ],
      "content": "cdk-nag rule: CognitoUserPoolAdvancedSecurityModeEnforced"
    },
    {
      "id": "c84d3721-1539-444a-af67-bd2fed80735f",
      "numericId": 14,
      "displayOrder": 14,
      "tags": [
        "CodeBuild"
      ],
      "content": "cdk-nag rule: CodeBuildProjectPrivilegedModeDisabled"
    },
    {
      "id": "ea70a6ca-3fa7-403b-87fc-80e4da6bce1e",
      "numericId": 13,
      "displayOrder": 13,
      "tags": [
        "CodeBuild"
      ],
      "content": "cdk-nag rule: CodeBuildProjectManagedImages"
    },
    {
      "id": "64a10a2f-8f11-4e98-8d08-8675853b9fef",
      "numericId": 12,
      "displayOrder": 12,
      "tags": [
        "CodeBuild"
      ],
      "content": "cdk-nag rule: CodeBuildProjectKMSEncryptedArtifacts"
    },
    {
      "id": "89f5fd68-0d19-4c7e-9d91-56832acfa017",
      "numericId": 11,
      "displayOrder": 11,
      "tags": [
        "CodeBuild"
      ],
      "content": "cdk-nag rule: CodeBuildProjectEnvVarAwsCred"
    },
    {
      "id": "93a7595c-d3b1-4460-a945-734905c19414",
      "numericId": 10,
      "displayOrder": 10,
      "tags": [
        "CloudFront"
      ],
      "content": "cdk-nag rule: CloudFrontDistributionWAFIntegration"
    },
    {
      "id": "41220750-87bd-4c85-94f1-999746809166",
      "numericId": 9,
      "displayOrder": 9,
      "tags": [
        "CloudFront"
      ],
      "content": "cdk-nag rule: CloudFrontDistributionS3OriginAccessIdentity"
    },
    {
      "id": "89a72e46-d073-4207-bd5a-23636c9a29e6",
      "numericId": 8,
      "displayOrder": 8,
      "tags": [
        "CloudFront"
      ],
      "content": "cdk-nag rule: CloudFrontDistributionNoOutdatedSSL"
    },
    {
      "id": "679b9bd9-fd4c-4e23-8f5f-18355483faba",
      "numericId": 7,
      "displayOrder": 7,
      "metadata": [
        {
          "key": "Comments",
          "value": "[cdk-nag rule definition for CloudFrontDistributionHttpsViewerNoOutdatedSSL](https://github.com/cdklabs/cdk-nag/blob/main/src/rules/cloudfront/CloudFrontDistributionHttpsViewerNoOutdatedSSL.ts)"
        }
      ],
      "tags": [
        "CloudFront"
      ],
      "content": "cdk-nag rule: CloudFrontDistributionHttpsViewerNoOutdatedSSL"
    },
    {
      "id": "81de7d44-a27e-4854-a2f4-ec052f327b22",
      "numericId": 6,
      "displayOrder": 6,
      "tags": [
        "CloudFront"
      ],
      "content": "cdk-nag rule: CloudFrontDistributionGeoRestrictions"
    },
    {
      "id": "6a8e5465-5e17-4cfd-892d-7a5f4617362b",
      "numericId": 5,
      "displayOrder": 5,
      "tags": [
        "Cloud9"
      ],
      "content": "cdk-nag rule: Cloud9InstanceNoIngressSystemsManager"
    },
    {
      "id": "46efe10d-a73d-4ebf-9506-bc39cc929899",
      "numericId": 4,
      "displayOrder": 4,
      "tags": [
        "EC2",
        "VPC"
      ],
      "content": "cdk-nag rule: AutoScalingLaunchConfigPublicIpDisabled"
    },
    {
      "id": "7fffe312-7361-4f89-800b-929cc23c084a",
      "numericId": 3,
      "displayOrder": 3,
      "tags": [
        "Athena"
      ],
      "content": "cdk-nag rule: AthenaWorkgroupEncryptedQueryResults"
    },
    {
      "id": "9901b80d-0db7-4554-9dee-b6aa5454b1e3",
      "numericId": 2,
      "displayOrder": 2,
      "tags": [
        "API Gateway"
      ],
      "content": "cdk-nag rule: APIGWAuthorization"
    },
    {
      "id": "ce102965-0b66-4352-a6c9-9a99d10b2bfd",
      "numericId": 1,
      "displayOrder": 1,
      "metadata": [
        {
          "key": "Comments",
          "value": "The API Gateway is associated with a WAF (Web Application Firewall)"
        }
      ],
      "tags": [
        "API Gateway"
      ],
      "content": "cdk-nag rule: APIGWAssociatedWithWAF"
    }
  ],
  "assumptionLinks": [],
  "mitigationLinks": [
    {
      "mitigationId": "ce102965-0b66-4352-a6c9-9a99d10b2bfd",
      "linkedId": "dc429030-4063-43db-96ea-d60b8ab83152"
    },
    {
      "mitigationId": "9901b80d-0db7-4554-9dee-b6aa5454b1e3",
      "linkedId": "2d370353-bc79-43a7-8e92-68d0850a13d0"
    },
    {
      "mitigationId": "7fffe312-7361-4f89-800b-929cc23c084a",
      "linkedId": "4395c4e3-db64-44c0-8be0-0bcffad7f752"
    },
    {
      "mitigationId": "46efe10d-a73d-4ebf-9506-bc39cc929899",
      "linkedId": "82ffe16c-520c-420e-aa68-d1e9562acc5d"
    },
    {
      "mitigationId": "6a8e5465-5e17-4cfd-892d-7a5f4617362b",
      "linkedId": "c40381b0-0bdf-4e2a-86ba-966634fab370"
    },
    {
      "mitigationId": "81de7d44-a27e-4854-a2f4-ec052f327b22",
      "linkedId": "8c9cd385-7a3d-486d-90fc-5b9f3b28a04a"
    },
    {
      "mitigationId": "679b9bd9-fd4c-4e23-8f5f-18355483faba",
      "linkedId": "8cde9550-4aac-4792-851f-e6ac01b3ae92"
    },
    {
      "mitigationId": "89a72e46-d073-4207-bd5a-23636c9a29e6",
      "linkedId": "c7d756f0-0576-4644-a9b3-afea5bd52a7c"
    },
    {
      "mitigationId": "41220750-87bd-4c85-94f1-999746809166",
      "linkedId": "d4378c9b-e680-41c1-8cc2-136e124461dd"
    },
    {
      "mitigationId": "93a7595c-d3b1-4460-a945-734905c19414",
      "linkedId": "3baec34a-5ed0-459d-90d9-9e5497e29751"
    },
    {
      "mitigationId": "89f5fd68-0d19-4c7e-9d91-56832acfa017",
      "linkedId": "493365cb-ff0b-411b-bc10-aaa97b6306fa"
    },
    {
      "mitigationId": "64a10a2f-8f11-4e98-8d08-8675853b9fef",
      "linkedId": "7b1dbdd4-2cea-4b16-a15b-51b05822f972"
    },
    {
      "mitigationId": "ea70a6ca-3fa7-403b-87fc-80e4da6bce1e",
      "linkedId": "3e3ee2f1-053d-4e40-8917-52ce4f45ea56"
    },
    {
      "mitigationId": "c84d3721-1539-444a-af67-bd2fed80735f",
      "linkedId": "9d2c9e3b-f5c8-42af-8f63-4bd2309cf0d9"
    },
    {
      "mitigationId": "b4019a73-d194-48ee-957c-50300e7b4f39",
      "linkedId": "3b6b28ec-be93-41c1-b93c-8df4411a821a"
    },
    {
      "mitigationId": "b4019a73-d194-48ee-957c-50300e7b4f39",
      "linkedId": "36547ec4-c4d6-487d-8fdf-83cb2975473e"
    },
    {
      "mitigationId": "908e9591-18d5-4654-9435-56971de5ece1",
      "linkedId": "9893d5cc-6cff-4d3e-8bd2-f7c2f4af58f2"
    },
    {
      "mitigationId": "889e8015-010f-4af9-995b-f65e15e9492a",
      "linkedId": "0837eafd-540f-4a08-a602-a577d6dcdbc0"
    },
    {
      "mitigationId": "aec2e7cc-4c4a-4477-9f08-2dfab6d6f04a",
      "linkedId": "ae94934d-1eda-4be0-befd-1e5c75cda4e2"
    },
    {
      "mitigationId": "a38a6f2c-709e-4d84-92dc-469d3177cc9a",
      "linkedId": "eb82eea2-d949-4fd4-b5d2-1516b9c977bb"
    },
    {
      "mitigationId": "b5fc0f6b-28e8-49e6-ba4a-3b2c4654c1d2",
      "linkedId": "9f6177a5-0f9f-408b-b0d1-9e8067b60dc2"
    },
    {
      "mitigationId": "d94476ca-88c9-4926-9475-dfa5cdd65820",
      "linkedId": "6e86656c-5779-4695-9a8f-1caa535bb4e9"
    },
    {
      "mitigationId": "a4a01d7e-929a-4b05-9d94-32800cc114a1",
      "linkedId": "76de4625-b01a-4cf4-8cbb-b5a1a1f75ebf"
    },
    {
      "mitigationId": "00a07f21-641a-4587-bdf3-7b540f4a3d72",
      "linkedId": "a5fba694-7098-4263-8001-305f13512f3b"
    },
    {
      "mitigationId": "dbd35851-09f6-4979-8a04-a4c6e164b1e9",
      "linkedId": "28a2d363-365e-4959-a35c-d51eaf74af5f"
    },
    {
      "mitigationId": "7a5dd7f5-9fb9-4a91-a42a-347d1582a878",
      "linkedId": "9bbb493a-c435-420a-aa35-3fa992064127"
    },
    {
      "mitigationId": "84451178-bb5d-4426-b751-d356b47e4f8e",
      "linkedId": "82ffe16c-520c-420e-aa68-d1e9562acc5d"
    },
    {
      "mitigationId": "84451178-bb5d-4426-b751-d356b47e4f8e",
      "linkedId": "c40381b0-0bdf-4e2a-86ba-966634fab370"
    },
    {
      "mitigationId": "dbd35851-09f6-4979-8a04-a4c6e164b1e9",
      "linkedId": "c40381b0-0bdf-4e2a-86ba-966634fab370"
    },
    {
      "mitigationId": "b2ea394d-a5af-48c3-a0e2-5fedd84b252a",
      "linkedId": "71e166df-1f57-4f3c-a1af-919180bcdb65"
    },
    {
      "mitigationId": "1232e7b6-14d3-49a2-b323-cd7b789918ed",
      "linkedId": "801739c7-11d2-4bbe-8368-4d49c501e39f"
    },
    {
      "mitigationId": "dec3b995-d1ed-4a35-a3f3-b4053f05b3ab",
      "linkedId": "aadd2e92-221b-4a13-90e2-7f5b41e80709"
    },
    {
      "mitigationId": "0edef48e-478a-4354-afba-04cbd8a678af",
      "linkedId": "8c3352e2-b817-4139-9256-81e75ff127f7"
    },
    {
      "mitigationId": "c09ffb80-6a08-4d17-b497-6fadcf3f723e",
      "linkedId": "961651aa-830e-4b67-9755-1541d005475b"
    },
    {
      "mitigationId": "a3adc4bc-12e6-4e51-9a3b-f70173626aed",
      "linkedId": "310b7a7f-e13c-44a3-bb3a-91ad7bf9ba98"
    },
    {
      "mitigationId": "30b62ffd-ce1e-423c-a715-458971016ced",
      "linkedId": "5f5adfdb-98cf-4580-86bb-42ae5bd2bb7b"
    },
    {
      "mitigationId": "7df3fa44-ac61-44f4-acd5-9ab2b78f2d98",
      "linkedId": "61009521-4be1-4bf7-b0cd-ada8401ec7f7"
    },
    {
      "mitigationId": "fba0d1b6-ea6e-46cb-85c8-01f0244b1d66",
      "linkedId": "dd2bfe1d-f75c-42cb-a2cd-6dfb949318e1"
    },
    {
      "mitigationId": "0c4211b1-4bd1-464d-846e-82353ed1ebfa",
      "linkedId": "1fc40b42-ddf8-4632-8584-00d2fe423f8f"
    },
    {
      "mitigationId": "22982dbd-4fd5-47fc-804c-03f88e4f479f",
      "linkedId": "b34692af-8e67-46d1-8393-2f5c8264c783"
    },
    {
      "mitigationId": "24f0ecef-8c8b-4d53-b5ad-be63739587fa",
      "linkedId": "813c3fc1-33bc-4823-9f9c-91b2df1f4030"
    },
    {
      "mitigationId": "c00d5353-11bb-48b0-9abd-4ac291dd4cb3",
      "linkedId": "63c13cf9-adcc-4db5-b0a7-e58a455f1190"
    },
    {
      "mitigationId": "2202a747-7921-4fff-94ec-24467b86bb55",
      "linkedId": "9162a0f9-b47f-49b9-8422-220ac65697c6"
    },
    {
      "mitigationId": "7fde0f89-ef45-49ec-a88d-3a8f17aa9a8a",
      "linkedId": "e89e4939-4f14-4fb0-9be2-ce9955dd1a3b"
    },
    {
      "mitigationId": "f2e8e52c-3b0f-4256-9497-d2f6743971c7",
      "linkedId": "18cb5978-912c-4fd8-bae2-9f4339f342b3"
    },
    {
      "mitigationId": "f2e8e52c-3b0f-4256-9497-d2f6743971c7",
      "linkedId": "df2c6877-518f-4d73-97ee-e79c9f0bde84"
    },
    {
      "mitigationId": "98e3e1a6-7548-405d-a896-abbda186e920",
      "linkedId": "f4bd72a6-d939-42c7-9433-6d0d8850abbc"
    },
    {
      "mitigationId": "6a6b668e-63f1-4bd5-bfd3-dbcaf5386a69",
      "linkedId": "5ee158eb-f45c-43af-bfe4-b22bd4a38b8b"
    },
    {
      "mitigationId": "0c99176f-071d-4e9a-97d7-90fe9a7f1293",
      "linkedId": "aa4ace87-4350-4e06-b975-2cb9a3dda05a"
    },
    {
      "mitigationId": "01867f64-62e3-4981-a571-07c42ce35dfd",
      "linkedId": "1d6b6a27-939a-4515-a3ac-dda8cb2cbebe"
    },
    {
      "mitigationId": "c90a9a7a-1536-4dc3-a582-3eb0abaddd8b",
      "linkedId": "5abdfbc3-cc06-477c-95ea-9be582df206b"
    },
    {
      "mitigationId": "c8503353-a75f-4e28-a156-4424f9a28c76",
      "linkedId": "7f1c16c7-7551-4aaa-b7c1-8805c31b3e11"
    },
    {
      "mitigationId": "38e3b1ce-484a-4e02-a00c-cd46686fd3ba",
      "linkedId": "9a2693b0-a706-4ada-9b0f-5cf06be35597"
    },
    {
      "mitigationId": "ca237931-d8f4-487a-9cf3-72d81b7107ab",
      "linkedId": "9676651f-67e7-4e99-81f3-e3f7b4b68951"
    },
    {
      "mitigationId": "a19bfb5e-6416-49d5-ad97-48476a92921f",
      "linkedId": "9d7f556d-56f3-422f-867e-8c1d0be77763"
    },
    {
      "mitigationId": "06342334-a5c7-45f5-9325-6c8bb097f005",
      "linkedId": "54847997-f8e0-41ce-94f4-da04703e9ea2"
    },
    {
      "mitigationId": "0ba2992b-2d77-4864-b58b-f52bacdc4349",
      "linkedId": "29753d15-d761-4051-a692-5f2b43a5d952"
    },
    {
      "mitigationId": "da85ab97-eb06-4c15-9782-5a7a1924c7d4",
      "linkedId": "1c62b52e-f3ba-4968-a14d-745691b706f6"
    },
    {
      "mitigationId": "ca417660-79a6-4725-b498-7406ffc8a9f5",
      "linkedId": "1c62b52e-f3ba-4968-a14d-745691b706f6"
    },
    {
      "mitigationId": "1a74ef32-b240-4173-9f02-0e8ebbc20191",
      "linkedId": "1c62b52e-f3ba-4968-a14d-745691b706f6"
    },
    {
      "mitigationId": "4fe4bbaf-08fa-437d-b5ea-1e010610133b",
      "linkedId": "1c62b52e-f3ba-4968-a14d-745691b706f6"
    },
    {
      "mitigationId": "f1601e79-56fe-4863-8466-7d383ed65274",
      "linkedId": "2720ca94-372b-4f20-885c-363540194948"
    },
    {
      "mitigationId": "c22a535f-d743-40ba-8531-e979c1235cb7",
      "linkedId": "35bb299c-4a0a-40c7-9904-ea94463fc972"
    },
    {
      "mitigationId": "d0d6e348-0ed5-4465-b275-ba4f301097e1",
      "linkedId": "29b040ef-2af1-47c9-9bd7-ef1982c6898d"
    },
    {
      "mitigationId": "fcd9742a-30eb-4303-97e7-206e4a1f63fd",
      "linkedId": "5d521ccc-ca9c-4790-b045-0a1e26de9aa0"
    },
    {
      "mitigationId": "4487d987-db5b-4a81-a6cb-ab736509ae2e",
      "linkedId": "105eadf1-cd9a-41ae-a045-0a841321c9e6"
    },
    {
      "mitigationId": "00dc16be-7bce-4b82-830d-b3ac223a4fbf",
      "linkedId": "6de74250-8b27-4196-bb80-e916737f42c4"
    },
    {
      "mitigationId": "5e01f259-e40f-460e-a1a6-0666398a2c7a",
      "linkedId": "2db78753-b02e-4fc0-bdd6-1331f8340514"
    },
    {
      "mitigationId": "8f608620-f1a1-40e8-b34b-f6ea547fe0fa",
      "linkedId": "f445b352-3f3c-4194-89f9-d7d37dc034e5"
    },
    {
      "mitigationId": "7f0815f2-c84e-4cd9-9859-3ed693729cab",
      "linkedId": "ee0b0c99-e8b7-4074-81d2-d060bf81dacd"
    },
    {
      "mitigationId": "8912a402-b365-4d39-ab63-321825adbd1e",
      "linkedId": "a960e824-cd07-4606-b6bb-f35ce27bbf5a"
    },
    {
      "mitigationId": "c22f8d36-4546-4e39-9eea-156fbbc7d99b",
      "linkedId": "acb24ce7-a489-4c88-a12e-c09f212c569c"
    },
    {
      "mitigationId": "6288512e-5ebc-433e-bef5-a3f038119b69",
      "linkedId": "9aab600f-250b-4b1f-94f5-3bf59db093b9"
    },
    {
      "mitigationId": "28b7cc4b-21f3-4155-a4e3-4f3dcb5e9117",
      "linkedId": "47e30a3b-8666-47d7-b92f-43510bb87615"
    },
    {
      "mitigationId": "972fb272-b77f-4f32-95f0-bb47023d3770",
      "linkedId": "4c4f232c-a735-431b-8717-9d8e02faae3d"
    },
    {
      "mitigationId": "972fb272-b77f-4f32-95f0-bb47023d3770",
      "linkedId": "9aab600f-250b-4b1f-94f5-3bf59db093b9"
    },
    {
      "mitigationId": "68089d75-7a9f-4a48-b742-95dde35b069a",
      "linkedId": "89dd20e6-148c-4f23-9f58-28306b3816b6"
    },
    {
      "mitigationId": "e1239e2d-9267-4608-ab0d-09d4eab63d7d",
      "linkedId": "9aab600f-250b-4b1f-94f5-3bf59db093b9"
    },
    {
      "mitigationId": "4f2ac79c-f343-4916-9b8c-b078544f81a5",
      "linkedId": "5d523d1a-03f1-414a-be76-e0bb3b606dde"
    },
    {
      "mitigationId": "16a9eba9-5e70-4d94-b9d9-d77cf17c522f",
      "linkedId": "e5c4f1d0-113a-4dfd-94c5-8072226608e4"
    },
    {
      "mitigationId": "cdfb2f22-d096-468c-ae64-c8a63e6d03d5",
      "linkedId": "978e7c53-4c2f-49c2-86ce-8d3a14bb5cb4"
    },
    {
      "mitigationId": "dc7ad88b-55b0-480d-9023-b9ac660b388e",
      "linkedId": "e5c4f1d0-113a-4dfd-94c5-8072226608e4"
    },
    {
      "mitigationId": "5382b34e-1cee-4fe4-acab-1e1ef283437d",
      "linkedId": "ef634b32-084b-42f6-ae5c-4e65b3953ba5"
    },
    {
      "mitigationId": "59a9c68e-b899-4dea-b326-ebebda148f00",
      "linkedId": "e5c4f1d0-113a-4dfd-94c5-8072226608e4"
    },
    {
      "mitigationId": "de0b05cd-ff7d-4993-81c5-5bc5585151a4",
      "linkedId": "172ce9d2-8159-4c70-a2b7-70dc846bdf70"
    },
    {
      "mitigationId": "55c0cdfd-c8e5-4d41-a700-de7a89557782",
      "linkedId": "012e2241-559a-45f8-98ae-df21d7012639"
    },
    {
      "mitigationId": "c75b2076-9a00-4808-8525-a25d629fb784",
      "linkedId": "aa52a71f-4293-47c2-aeb1-080cadb9c607"
    },
    {
      "mitigationId": "857bbf82-30f5-40f0-9ffd-60b6b67053e9",
      "linkedId": "4309ecb8-b7d1-4251-88f3-8f4f4635f046"
    },
    {
      "mitigationId": "b08bdd06-48c1-4c3f-8401-464d667e92e0",
      "linkedId": "aa52a71f-4293-47c2-aeb1-080cadb9c607"
    },
    {
      "mitigationId": "46e8c83a-a4d0-428d-ba9e-b4c9e68bbc24",
      "linkedId": "aa52a71f-4293-47c2-aeb1-080cadb9c607"
    },
    {
      "mitigationId": "232d24ee-cfd5-4351-bd5d-3dfdcf2508ee",
      "linkedId": "807bfa40-afe3-42a8-b7c5-2800fe7f7bf8"
    },
    {
      "mitigationId": "78d761ef-4297-45d1-ae1b-7ba545d39130",
      "linkedId": "7f8aaef1-4f43-4329-add1-9bda1a25cc77"
    },
    {
      "mitigationId": "0ae5ca12-88c7-4648-a1e8-28ad585c3336",
      "linkedId": "8c383856-988d-45a4-bc92-5c9aab42aab3"
    },
    {
      "mitigationId": "646feb9c-6f18-4307-8a90-8a44b851d176",
      "linkedId": "1b240cb7-3557-41e7-9c19-21ebc73ad0ec"
    },
    {
      "mitigationId": "c4b91bbd-8e0f-457e-97e1-3b940b2007ef",
      "linkedId": "8c383856-988d-45a4-bc92-5c9aab42aab3"
    },
    {
      "mitigationId": "1483c264-8b13-4954-8e79-97bb63163b57",
      "linkedId": "8c383856-988d-45a4-bc92-5c9aab42aab3"
    },
    {
      "mitigationId": "b19fd780-64a3-42c6-a0d2-92833af17e40",
      "linkedId": "77e519f0-641e-4b99-96a3-db0130381c97"
    },
    {
      "mitigationId": "c0f8d761-b616-49d4-b60e-d9d413c91f19",
      "linkedId": "cc8b9fcb-dd2a-41ad-a4f1-11e93ae0b031"
    },
    {
      "mitigationId": "b6cfe99f-842f-4567-8611-92c7cea45eb2",
      "linkedId": "1ed4872c-279d-444d-9343-aca8bb343d00"
    },
    {
      "mitigationId": "d23b82f2-f274-42eb-9edd-75ddc0ca75d2",
      "linkedId": "bd25bc81-1e9e-4982-a47d-05848e13af6c"
    },
    {
      "mitigationId": "75327602-a8f0-48ed-b635-305678ef5893",
      "linkedId": "bd25bc81-1e9e-4982-a47d-05848e13af6c"
    },
    {
      "mitigationId": "fff9fac4-1512-4a49-81a3-88e420f6c110",
      "linkedId": "90619d5b-6450-4108-8013-2eaafc5788b5"
    },
    {
      "mitigationId": "7e9478e3-4571-4c36-bb7c-bb33acf4ec08",
      "linkedId": "9d47bd52-9dbc-4eee-8e55-04a3fc8064c4"
    },
    {
      "mitigationId": "a1aae9d0-1511-4f93-841e-801e9b47976f",
      "linkedId": "49a1ba28-3c57-48a9-a1d2-798b633be2e2"
    },
    {
      "mitigationId": "a92c9799-aba4-45f9-a639-8c922d7706d0",
      "linkedId": "a3434833-a75f-4c0a-8ef2-fcc776878231"
    },
    {
      "mitigationId": "be57de80-6cb4-420d-80bc-c7fb6a97d6ea",
      "linkedId": "afe2db28-0f4c-4deb-b894-184ed223e560"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "82ffe16c-520c-420e-aa68-d1e9562acc5d"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "c40381b0-0bdf-4e2a-86ba-966634fab370"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "9f6177a5-0f9f-408b-b0d1-9e8067b60dc2"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "8c3352e2-b817-4139-9256-81e75ff127f7"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "961651aa-830e-4b67-9755-1541d005475b"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "9162a0f9-b47f-49b9-8422-220ac65697c6"
    },
    {
      "mitigationId": "f6d8a0a5-e5ed-4f9a-b3a6-55bd45df7e3c",
      "linkedId": "1d6b6a27-939a-4515-a3ac-dda8cb2cbebe"
    }
  ],
  "threats": [
    {
      "id": "afe2db28-0f4c-4deb-b894-184ed223e560",
      "numericId": 92,
      "displayOrder": 92,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "T"
          ]
        }
      ],
      "tags": [
        "Timestream",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the Timestream database",
      "threatAction": "view or modify the data",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with access to underlying storage used for the Timestream database can view or modify the data, resulting in reduced confidentiality and/or integrity of this application's data"
    },
    {
      "id": "a3434833-a75f-4c0a-8ef2-fcc776878231",
      "numericId": 91,
      "displayOrder": 91,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "T",
            "I"
          ]
        }
      ],
      "tags": [
        "SQS",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the Amazon SQS endpoint",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the Amazon SQS endpoint can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application"
    },
    {
      "id": "49a1ba28-3c57-48a9-a1d2-798b633be2e2",
      "numericId": 90,
      "displayOrder": 90,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "S",
            "T"
          ]
        }
      ],
      "tags": [
        "SQS",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the SQS (Simple Queue Service) topic",
      "threatAction": "view or modify the SQS messages",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with access to underlying storage used for the SQS (Simple Queue Service) topic can view or modify the SQS messages, resulting in reduced confidentiality and/or integrity of this application"
    },
    {
      "id": "9d47bd52-9dbc-4eee-8e55-04a3fc8064c4",
      "numericId": 89,
      "displayOrder": 89,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "T"
          ]
        }
      ],
      "tags": [
        "SNS",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the publisher and the Amazon SNS endpoint",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between the publisher and the Amazon SNS endpoint can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application's data"
    },
    {
      "id": "90619d5b-6450-4108-8013-2eaafc5788b5",
      "numericId": 87,
      "displayOrder": 87,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "S",
            "T",
            "I",
            "E"
          ]
        }
      ],
      "tags": [
        "Secrets Manager",
        "AuthN"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who has obtained a long-lived secret (e.g. password)",
      "threatAction": "spoof an authenticated user or system",
      "threatImpact": "the actor being able to do anything the user or system can do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who has obtained a long-lived secret (e.g. password) can spoof an authenticated user or system, which leads to the actor being able to do anything the user or system can do, negatively impacting this application"
    },
    {
      "id": "bd25bc81-1e9e-4982-a47d-05848e13af6c",
      "numericId": 86,
      "displayOrder": 86,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "E"
          ]
        }
      ],
      "tags": [
        "SageMaker",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with interactive access to the SageMaker notebook",
      "threatAction": "take advantage of unfiltered / unrestricted access to the internet via the Sagemaker VPC",
      "threatImpact": "download malicious code or tools; or exfiltrate data bypassing any centralised internet ingress/egress controls that may in place within your own VPC",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with interactive access to the SageMaker notebook can take advantage of unfiltered / unrestricted access to the internet via the Sagemaker VPC, which leads to download malicious code or tools; or exfiltrate data bypassing any centralised internet ingress/egress controls that may in place within your own VPC, negatively impacting this application"
    },
    {
      "id": "1ed4872c-279d-444d-9343-aca8bb343d00",
      "numericId": 85,
      "displayOrder": 85,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "T"
          ]
        }
      ],
      "tags": [
        "SageMaker",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the SageMaker notebook",
      "threatAction": "view the contents of the notebook (e.g. code or query results)",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with access to underlying storage used for the SageMaker notebook can view the contents of the notebook (e.g. code or query results), resulting in reduced confidentiality and/or integrity of this application's data"
    },
    {
      "id": "cc8b9fcb-dd2a-41ad-a4f1-11e93ae0b031",
      "numericId": 84,
      "displayOrder": 84,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I"
          ]
        }
      ],
      "tags": [
        "S3",
        "Network Access"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who has discovered misconfigured S3 hosted website",
      "threatAction": "bypass the protections put in place by CloudFront (e.g. geo blocking)",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "An external threat actor who has discovered misconfigured S3 hosted website can bypass the protections put in place by CloudFront (e.g. geo blocking), resulting in reduced confidentiality of this application's data"
    },
    {
      "id": "77e519f0-641e-4b99-96a3-db0130381c97",
      "numericId": 83,
      "displayOrder": 83,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "T"
          ]
        }
      ],
      "tags": [
        "S3",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the Amazon S3 bucket endpoint",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the Amazon S3 bucket endpoint can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application's data"
    },
    {
      "id": "1b240cb7-3557-41e7-9c19-21ebc73ad0ec",
      "numericId": 82,
      "displayOrder": 82,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "R"
          ]
        }
      ],
      "tags": [
        "S3",
        "Repudiation"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is authenticated and authorized",
      "threatAction": "deny taking a action associated with an Amazon S3 bucket",
      "threatImpact": "lack of knowledge/proof of who took the action",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is authenticated and authorized can deny taking an action associated with an Amazon S3 bucket, which leads to lack of knowledge/proof of who took the action"
    },
    {
      "id": "8c383856-988d-45a4-bc92-5c9aab42aab3",
      "numericId": 81,
      "displayOrder": 81,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "T",
            "I"
          ]
        }
      ],
      "tags": [
        "S3",
        "Public Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who has discovered a S3 bucket configured for public read or write",
      "threatAction": "read or write data to or from the S3 bucket",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who has discovered a S3 bucket configured for public read or write can read or write data to or from the S3 bucket, resulting in reduced confidentiality, integrity and/or availability of this application's data"
    },
    {
      "id": "7f8aaef1-4f43-4329-add1-9bda1a25cc77",
      "numericId": 80,
      "displayOrder": 80,
      "tags": [
        "Redshift",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the Redshift cluster",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the Redshift cluster can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application's data"
    },
    {
      "id": "807bfa40-afe3-42a8-b7c5-2800fe7f7bf8",
      "numericId": 79,
      "displayOrder": 79,
      "tags": [
        "Redshift",
        "Vuln Management"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the Redshift cluster",
      "threatAction": "attempt to take advantage of a known vulnerability in a component exposed by Redshift",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the Redshift cluster can attempt to take advantage of a known vulnerability in a component exposed by Redshift, negatively impacting this application"
    },
    {
      "id": "4309ecb8-b7d1-4251-88f3-8f4f4635f046",
      "numericId": 78,
      "displayOrder": 78,
      "tags": [
        "Redshift",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the Redshift cluster listener",
      "threatAction": "perform a network probe the database using it's default port",
      "threatImpact": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the Redshift cluster listener can perform a network probe the database using it's default port, which leads to perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "aa52a71f-4293-47c2-aeb1-080cadb9c607",
      "numericId": 77,
      "displayOrder": 77,
      "tags": [
        "Redshift",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the Redshift cluster listener",
      "threatAction": "brute-force the database credentials",
      "threatImpact": "the ability to view or modify data",
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with a network path to the Redshift cluster listener can brute-force the database credentials, which leads to the ability to view or modify data, negatively impacting this application's data"
    },
    {
      "id": "012e2241-559a-45f8-98ae-df21d7012639",
      "numericId": 76,
      "displayOrder": 76,
      "tags": [
        "Redshift",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the Redshift cluster",
      "threatAction": "view the contents of the database",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with access to underlying storage used for the Redshift cluster can view the contents of the database, resulting in reduced confidentiality of this application's data"
    },
    {
      "id": "172ce9d2-8159-4c70-a2b7-70dc846bdf70",
      "numericId": 75,
      "displayOrder": 75,
      "tags": [
        "RDS",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the RDS cluster",
      "threatAction": "view the contents of the database",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with access to underlying storage used for the RDS cluster can view the contents of the database, resulting in reduced confidentiality of this application's data"
    },
    {
      "id": "ef634b32-084b-42f6-ae5c-4e65b3953ba5",
      "numericId": 74,
      "displayOrder": 74,
      "tags": [
        "RDS",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the RDS cluster listener",
      "threatAction": "perform a network probe the database using it's default port",
      "threatImpact": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the RDS cluster listener can perform a network probe the database using it's default port, which leads to perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "978e7c53-4c2f-49c2-86ce-8d3a14bb5cb4",
      "numericId": 73,
      "displayOrder": 73,
      "tags": [
        "RDS",
        "Vuln Management"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the RDS cluster or instance",
      "threatAction": "attempt to take advantage of a known vulnerability in a component exposed by RDS",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the RDS cluster or instance can attempt to take advantage of a known vulnerability in a component exposed by RDS, negatively impacting this application"
    },
    {
      "id": "e5c4f1d0-113a-4dfd-94c5-8072226608e4",
      "numericId": 72,
      "displayOrder": 72,
      "tags": [
        "RDS",
        "AuthN",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the RDS database listener",
      "threatAction": "brute-force the database credentials",
      "threatImpact": "the ability to view or modify data",
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with a network path to the RDS database listener can brute-force the database credentials, which leads to the ability to view or modify data, negatively impacting this application's data"
    },
    {
      "id": "5d523d1a-03f1-414a-be76-e0bb3b606dde",
      "numericId": 71,
      "displayOrder": 71,
      "tags": [
        "Quicksight",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between Quicksight and it's data source",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between Quicksight and it's data source can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application's data"
    },
    {
      "id": "89dd20e6-148c-4f23-9f58-28306b3816b6",
      "numericId": 70,
      "displayOrder": 70,
      "tags": [
        "OpenSearch",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the OpenSearch nodes",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor who is in a person-in-the-middle position between the OpenSearch nodes can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses, negatively impacting this application's data"
    },
    {
      "id": "47e30a3b-8666-47d7-b92f-43510bb87615",
      "numericId": 69,
      "displayOrder": 69,
      "tags": [
        "OpenSearch",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the OpenSearch cluster",
      "threatAction": "view the contents of the database",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's data"
      ],
      "statement": "A threat actor with access to underlying storage used for the OpenSearch cluster can view the contents of the database, resulting in reduced confidentiality of this application's data"
    },
    {
      "id": "9aab600f-250b-4b1f-94f5-3bf59db093b9",
      "numericId": 68,
      "displayOrder": 68,
      "tags": [
        "OpenSearch",
        "Network Access"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the OpenSearch domain",
      "threatAction": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "threatImpact": "the ability to view or modify data",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the OpenSearch domain can perform reconnaissance and intrusion activities against the exposed attack surface, which leads to the ability to view or modify data, negatively impacting this application"
    },
    {
      "id": "acb24ce7-a489-4c88-a12e-c09f212c569c",
      "numericId": 67,
      "displayOrder": 67,
      "tags": [
        "Neptune",
        "AuthN"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to the Neptune database listener",
      "threatAction": "brute-force the database credentials",
      "threatImpact": "the ability to view or modify data",
      "impactedAssets": [
        "this application's Neptune data"
      ],
      "statement": "An external threat actor with a network path to the Neptune database listener can brute-force the database credentials, which leads to the ability to view or modify data, negatively impacting this application's Neptune data"
    },
    {
      "id": "a960e824-cd07-4606-b6bb-f35ce27bbf5a",
      "numericId": 66,
      "displayOrder": 66,
      "tags": [
        "Neptune",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for the Neptune cluster",
      "threatAction": "view the contents of the database",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's Neptune data"
      ],
      "statement": "A threat actor with access to underlying storage used for the Neptune cluster can view the contents of the database, resulting in reduced confidentiality of this application's Neptune data"
    },
    {
      "id": "ee0b0c99-e8b7-4074-81d2-d060bf81dacd",
      "numericId": 65,
      "displayOrder": 65,
      "tags": [
        "Neptune",
        "Vuln Management"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the Neptune cluster or instance",
      "threatAction": "attempt to take advantage of a known vulnerability in a component exposed by Neptune",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the Neptune cluster or instance can attempt to take advantage of a known vulnerability in a component exposed by Neptune, negatively impacting this application"
    },
    {
      "id": "f445b352-3f3c-4194-89f9-d7d37dc034e5",
      "numericId": 64,
      "displayOrder": 64,
      "tags": [
        "MSK",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the Amazon MSK (Managed Streaming for Apache Kafka) cluster broker",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the Amazon MSK (Managed Streaming for Apache Kafka) cluster broker can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "2db78753-b02e-4fc0-bdd6-1331f8340514",
      "numericId": 63,
      "displayOrder": 63,
      "tags": [
        "MediaStore",
        "AuthZ"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to a valid and authorized IAM Principal",
      "threatAction": "take advantage of unnecessary permissions included in the associated MediaStore container policy",
      "threatImpact": "the actor being able to do anything the user can do (for example: perform all supported operations on the container)",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with access to a valid and authorized IAM Principal can take advantage of unnecessary permissions included in the associated MediaStore container policy, which leads to the actor being able to do anything the user can do (for example: perform all supported operations on the container), negatively impacting this application"
    },
    {
      "id": "6de74250-8b27-4196-bb80-e916737f42c4",
      "numericId": 62,
      "displayOrder": 62,
      "tags": [
        "MediaStore",
        "MiTM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the MediaStore container",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the MediaStore container can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "105eadf1-cd9a-41ae-a045-0a841321c9e6",
      "numericId": 61,
      "displayOrder": 61,
      "tags": [
        "MediaStore",
        "XSS"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who has discovered a XSS (Cross-site scripting) vulnerability on assets hosted on MediaStore container",
      "threatAction": "cause unintended external resources such as javascript, images or videos to loaded within the context of the website",
      "threatImpact": "",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor who has discovered an XSS (Cross-site scripting) vulnerability on assets hosted on MediaStore container can cause unintended external resources such as javascript, images or videos to loaded within the context of the website, negatively impacting this application"
    },
    {
      "id": "5d521ccc-ca9c-4790-b045-0a1e26de9aa0",
      "numericId": 60,
      "displayOrder": 60,
      "tags": [
        "Lambda",
        "Vuln Management"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with the ability to invoke or interact with a Lambda function",
      "threatAction": "take advantage of a disclosed vulnerability within the runtime version used for a non-container based Lambda function",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with the ability to invoke or interact with a Lambda function can take advantage of a disclosed vulnerability within the runtime version used for a non-container based Lambda function, resulting in reduced confidentiality, integrity and/or availability of this application"
    },
    {
      "id": "29b040ef-2af1-47c9-9bd7-ef1982c6898d",
      "numericId": 59,
      "displayOrder": 59,
      "tags": [
        "Lambda",
        "Public access"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who has discovered the Lambda Function URL",
      "threatAction": "invoke the function without any authentication",
      "threatImpact": "allowing the actor to perform the actions permitted by the associated Lambda function",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor who has discovered the Lambda Function URL can invoke the function without any authentication, which leads to allowing the actor to perform the actions permitted by the associated Lambda function, negatively impacting this application"
    },
    {
      "id": "35bb299c-4a0a-40c7-9904-ea94463fc972",
      "numericId": 58,
      "displayOrder": 58,
      "tags": [
        "Kinesis",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for a Kinesis Data Stream",
      "threatAction": "view the contents of the stream",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's Kinesis Data Stream"
      ],
      "statement": "A threat actor with access to underlying storage used for a Kinesis Data Stream can view the contents of the stream, resulting in reduced confidentiality of this application's Kinesis Data Stream"
    },
    {
      "id": "2720ca94-372b-4f20-885c-363540194948",
      "numericId": 57,
      "displayOrder": 57,
      "tags": [
        "Kinesis",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to underlying storage used for a Kinesis Data Firehouse delivery stream",
      "threatAction": "view the contents of the stream",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's Kinesis Data Stream",
        "this application's Kinesis Data Firehouse delivery stream"
      ],
      "statement": "A threat actor with access to underlying storage used for a Kinesis Data Firehouse delivery stream can view the contents of the stream, resulting in reduced confidentiality of this application's Kinesis Data Stream and this application's Kinesis Data Firehouse delivery stream"
    },
    {
      "id": "1c62b52e-f3ba-4968-a14d-745691b706f6",
      "numericId": 56,
      "displayOrder": 56,
      "tags": [
        "IAM"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to a valid IAM Principal",
      "threatAction": "take advantage of unnecessary permissions included in the associated IAM Policy",
      "threatImpact": "the actor being able to do anything the user can do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with access to a valid IAM Principal can take advantage of unnecessary permissions included in the associated IAM Policy, which leads to the actor being able to do anything the user can do, negatively impacting this application"
    },
    {
      "id": "29753d15-d761-4051-a692-5f2b43a5d952",
      "numericId": 55,
      "displayOrder": 55,
      "tags": [
        "Glue"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to Amazon S3 bucket used for Glue job bookmarks",
      "threatAction": "view the contents of the bookmarks",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's Glue job bookmarks"
      ],
      "statement": "A threat actor with access to Amazon S3 bucket used for Glue job bookmarks can view the contents of the bookmarks, resulting in reduced confidentiality of this application's Glue job bookmarks"
    },
    {
      "id": "54847997-f8e0-41ce-94f4-da04703e9ea2",
      "numericId": 54,
      "displayOrder": 54,
      "tags": [
        "Glue"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to the CloudWatch Log storage",
      "threatAction": "view or modify the contents of the logs",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "glue crawler or job logs"
      ],
      "statement": "A threat actor with access to the CloudWatch Log storage can view or modify the contents of the logs, resulting in reduced confidentiality and/or integrity of glue crawler or job logs"
    },
    {
      "id": "9d7f556d-56f3-422f-867e-8c1d0be77763",
      "numericId": 53,
      "displayOrder": 53,
      "tags": [
        "EventBridge"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who has discovered the Event Bridge event bus (e.g. Endpoint ID)",
      "threatAction": "put arbitrary events onto the bus",
      "threatImpact": "those events being processed by the application",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor who has discovered the Event Bridge event bus (e.g. Endpoint ID) can put arbitrary events onto the bus, which leads to those events being processed by the application, resulting in reduced confidentiality, integrity and/or availability of this application"
    },
    {
      "id": "9676651f-67e7-4e99-81f3-e3f7b4b68951",
      "numericId": 52,
      "displayOrder": 52,
      "tags": [
        "EMR"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with access to the EMR local storage",
      "threatAction": "view or modify the contents on the disk",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data within the EMR cluster"
      ],
      "statement": "A threat actor with access to the EMR local storage can view or modify the contents on the disk, resulting in reduced confidentiality and/or integrity of data within the EMR cluster"
    },
    {
      "id": "9a2693b0-a706-4ada-9b0f-5cf06be35597",
      "numericId": 51,
      "displayOrder": 51,
      "tags": [
        "EMR"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the EMR cluster",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the EMR cluster can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "7f1c16c7-7551-4aaa-b7c1-8805c31b3e11",
      "numericId": 50,
      "displayOrder": 50,
      "tags": [
        "EMR"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the EMR cluster listener not configured with authentication",
      "threatAction": "perform unauthenticated commands to the cluster",
      "threatImpact": "",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the EMR cluster listener not configured with authentication can perform unauthenticated commands to the cluster, resulting in reduced confidentiality, integrity and/or availability of this application"
    },
    {
      "id": "f00ee4a4-18da-412e-927f-6b79e0315000",
      "numericId": 49,
      "displayOrder": 49,
      "tags": [
        "CLB"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the CLB (Classic Load Balancer)",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the CLB (Classic Load Balancer) can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "5abdfbc3-cc06-477c-95ea-9be582df206b",
      "numericId": 48,
      "displayOrder": 48,
      "tags": [
        "ALB"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the client and the ALB (Application Load Balancer)",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the client and the ALB (Application Load Balancer) can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "1d6b6a27-939a-4515-a3ac-dda8cb2cbebe",
      "numericId": 47,
      "displayOrder": 47,
      "tags": [
        "ElasticBeanStalk"
      ],
      "threatSource": "threat actor",
      "prerequisites": "that discovers an Elastic Beanstalk environment in a public subnet",
      "threatAction": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor that discovers an Elastic Beanstalk environment in a public subnet can perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "aa4ace87-4350-4e06-b975-2cb9a3dda05a",
      "numericId": 46,
      "displayOrder": 46,
      "tags": [
        "ElasticBeanStalk"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the Elastic Beanstalk environment",
      "threatAction": "attempt to take advantage of a known vulnerability in a platform component used by Elastic Beanstalk",
      "impactedGoal": [
        "integrity",
        "availability",
        "confidentiality"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the Elastic Beanstalk environment can attempt to take advantage of a known vulnerability in a platform component used by Elastic Beanstalk, resulting in reduced integrity, availability and/or confidentiality of this application"
    },
    {
      "id": "5ee158eb-f45c-43af-bfe4-b22bd4a38b8b",
      "numericId": 45,
      "displayOrder": 45,
      "tags": [
        "ElasticBeanStalk"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is authenticated and authorized",
      "threatAction": "deny taking a action that is orchestrated via Elastic Beanstalk environment",
      "threatImpact": "lack of knowledge/proof of who took the action",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is authenticated and authorized can deny taking an action that is orchestrated via Elastic Beanstalk environment, which leads to lack of knowledge/proof of who took the action"
    },
    {
      "id": "f4bd72a6-d939-42c7-9433-6d0d8850abbc",
      "numericId": 44,
      "displayOrder": 44,
      "tags": [
        "ElastiCache"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the ElastiCache Redis cluster listener not configured with IAM authentication",
      "threatAction": "perform unauthenticated commands to the cluster",
      "threatImpact": "",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the ElastiCache Redis cluster listener not configured with IAM authentication can perform unauthenticated commands to the cluster, resulting in reduced confidentiality, integrity and/or availability of this application"
    },
    {
      "id": "df2c6877-518f-4d73-97ee-e79c9f0bde84",
      "numericId": 43,
      "displayOrder": 43,
      "tags": [
        "ElastiCache"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the user and the ElastiCache Redis cluster",
      "threatAction": "view plaintext requests and responses",
      "threatImpact": "them being able manipulate view or modify the requests or responses",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the user and the ElastiCache Redis cluster can view plaintext requests and responses, which leads to them being able manipulate view or modify the requests or responses"
    },
    {
      "id": "18cb5978-912c-4fd8-bae2-9f4339f342b3",
      "numericId": 42,
      "displayOrder": 42,
      "tags": [
        "ElastiCache"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to ElastiCache Redis storage",
      "threatAction": "view or modify the contents on the disk",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data within the ElastiCache Redis cluster"
      ],
      "statement": "A threat actor with physical access to ElastiCache Redis storage can view or modify the contents on the disk, resulting in reduced confidentiality and/or integrity of data within the ElastiCache Redis cluster"
    },
    {
      "id": "e89e4939-4f14-4fb0-9be2-ce9955dd1a3b",
      "numericId": 41,
      "displayOrder": 41,
      "tags": [
        "ElastiCache"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the ElastiCache cluster listener",
      "threatAction": "perform a network probe the database using it's default port",
      "threatImpact": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the ElastiCache cluster listener can perform a network probe the database using it's default port, which leads to perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "9162a0f9-b47f-49b9-8422-220ac65697c6",
      "numericId": 40,
      "displayOrder": 40,
      "tags": [
        "ElastiCache"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "",
      "threatAction": "discover the ElastiCache cluster that has a public IP address",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application",
        "data within the ElastiCache cluster"
      ],
      "statement": "An external threat actor can discover the ElastiCache cluster that has a public IP address, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application and data within the ElastiCache cluster"
    },
    {
      "id": "63c13cf9-adcc-4db5-b0a7-e58a455f1190",
      "numericId": 39,
      "displayOrder": 39,
      "tags": [
        "EKS"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who has discovered a EKS cluster Kubernetes API server endpoint",
      "threatAction": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor who has discovered an EKS cluster Kubernetes API server endpoint can perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "b34692af-8e67-46d1-8393-2f5c8264c783",
      "numericId": 38,
      "displayOrder": 38,
      "tags": [
        "EKS"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is authenticated and authorized",
      "threatAction": "deny taking a action that is performed via the EKS control plane",
      "threatImpact": "lack of knowledge/proof of who took the action",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is authenticated and authorized can deny taking an action that is performed via the EKS control plane, which leads to lack of knowledge/proof of who took the action"
    },
    {
      "id": "1fc40b42-ddf8-4632-8584-00d2fe423f8f",
      "numericId": 37,
      "displayOrder": 37,
      "tags": [
        "EFS"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to EFS (Elastic File System) storage",
      "threatAction": "view or modify the contents on the disk",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data within the EFS mount"
      ],
      "statement": "A threat actor with physical access to EFS (Elastic File System) storage can view or modify the contents on the disk, resulting in reduced confidentiality and/or integrity of data within the EFS mount"
    },
    {
      "id": "dd2bfe1d-f75c-42cb-a2cd-6dfb949318e1",
      "numericId": 36,
      "displayOrder": 36,
      "tags": [
        "ECS"
      ],
      "threatSource": "actor",
      "prerequisites": "that can view the ECS Task Definition",
      "threatAction": "can obtain any AWS Access Key and Secret Access Key that may be stored there",
      "threatImpact": "the actor being able to take any action that the IAM Principal associated with the keys is able to do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An actor that can view the ECS Task Definition can can obtain any AWS Access Key and Secret Access Key that may be stored there, which leads to the actor being able to take any action that the IAM Principal associated with the keys is able to do, negatively impacting this application"
    },
    {
      "id": "61009521-4be1-4bf7-b0cd-ada8401ec7f7",
      "numericId": 35,
      "displayOrder": 35,
      "metadata": [],
      "tags": [
        "ECS"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is authenticated and authorized",
      "threatAction": "deny taking a action that is orchestrated via an ECS Task",
      "threatImpact": "lack of knowledge/proof of who took the action",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is authenticated and authorized can deny taking an action that is orchestrated via an ECS Task, which leads to lack of knowledge/proof of who took the action"
    },
    {
      "id": "5f5adfdb-98cf-4580-86bb-42ae5bd2bb7b",
      "numericId": 34,
      "displayOrder": 34,
      "tags": [
        "ECR"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "who as discovered a ECR repository",
      "threatAction": "access the container images hosted within the repository",
      "threatImpact": "information disclosure that aid in the intrusion activities being successful against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor who as discovered an ECR repository can access the container images hosted within the repository, which leads to information disclosure that aid in the intrusion activities being successful against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "310b7a7f-e13c-44a3-bb3a-91ad7bf9ba98",
      "numericId": 33,
      "displayOrder": 33,
      "tags": [
        "EC2",
        "VPC"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with established persistence within a host in the VPC",
      "threatAction": "go unnoticed for a prolonged period due unnecessary Security Groups being kept as their rationale for existence is not clear",
      "statement": "A threat actor with established persistence within a host in the VPC can go unnoticed for a prolonged period due unnecessary Security Groups being kept as their rationale for existence is not clear"
    },
    {
      "id": "961651aa-830e-4b67-9755-1541d005475b",
      "numericId": 32,
      "displayOrder": 32,
      "tags": [
        "EC2",
        "VPC"
      ],
      "threatSource": "external threat actor",
      "threatAction": "discover EC2 instances that have public IP addresses and allow ingress to all internet addresses to SSH, or move laterally to non-public EC2 instances via SSH",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover EC2 instances that have public IP addresses and allow ingress to all internet addresses to SSH, or move laterally to non-public EC2 instances via SSH, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "8c3352e2-b817-4139-9256-81e75ff127f7",
      "numericId": 31,
      "displayOrder": 31,
      "tags": [
        "EC2",
        "VPC"
      ],
      "threatSource": "external threat actor",
      "threatAction": "discover EC2 instances that have public IP addresses and allow ingress to all internet addresses, or move laterally to non-public EC2 instances",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover EC2 instances that have public IP addresses and allow ingress to all internet addresses, or move laterally to non-public EC2 instances, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "aadd2e92-221b-4a13-90e2-7f5b41e80709",
      "numericId": 30,
      "displayOrder": 30,
      "tags": [
        "EC2",
        "VPC"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to a listener(s) configured on an EC2 instance",
      "threatAction": "perform a network probe on common service ports (e.g. 20, 21, 3389, 3309, 3306, 4333)",
      "threatImpact": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to a listener(s) configured on an EC2 instance can perform a network probe on common service ports (e.g. 20, 21, 3389, 3309, 3306, 4333), which leads to perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "801739c7-11d2-4bbe-8368-4d49c501e39f",
      "numericId": 29,
      "displayOrder": 29,
      "tags": [
        "EC2"
      ],
      "threatSource": "threat actor",
      "prerequisites": "that has discovered a legacy EC2-Classic instance",
      "threatAction": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "statement": "A threat actor that has discovered a legacy EC2-Classic instance can perform reconnaissance and intrusion activities against the exposed attack surface"
    },
    {
      "id": "71e166df-1f57-4f3c-a1af-919180bcdb65",
      "numericId": 28,
      "displayOrder": 28,
      "tags": [
        "EC2"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with access to an EC2 instance",
      "threatAction": "can steal any long-lived AWS credentials (AWS Access Key, AWS Secret Key) being stored on the instance",
      "threatImpact": "the actor to take any action that the credentials allowed can do, and can do so from outside of the EC2 instance and until the credentials are manually revoked",
      "statement": "An external threat actor with access to an EC2 instance can can steal any long-lived AWS credentials (AWS Access Key, AWS Secret Key) being stored on the instance, which leads to the actor to take any action that the credentials allowed can do, and can do so from outside of the EC2 instance and until the credentials are manually revoked"
    },
    {
      "id": "9bbb493a-c435-420a-aa35-3fa992064127",
      "numericId": 27,
      "displayOrder": 27,
      "tags": [
        "EBS",
        "SSE",
        "EC2"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to EBS (Elastic Block Store) storage",
      "threatAction": "view or modify the contents on the disk",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data within the EBS volume"
      ],
      "statement": "A threat actor with physical access to EBS (Elastic Block Store) storage can view or modify the contents on the disk, resulting in reduced confidentiality and/or integrity of data within the EBS volume"
    },
    {
      "id": "28a2d363-365e-4959-a35c-d51eaf74af5f",
      "numericId": 26,
      "displayOrder": 26,
      "tags": [
        "DAX",
        "SSE"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to DAX storage",
      "threatAction": "view or modify the contents of the database",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data written to disk by the DAX cluster"
      ],
      "statement": "A threat actor with physical access to DAX storage can view or modify the contents of the database, resulting in reduced confidentiality and/or integrity of data written to disk by the DAX cluster"
    },
    {
      "id": "a5fba694-7098-4263-8001-305f13512f3b",
      "numericId": 25,
      "displayOrder": 25,
      "tags": [
        "DocumentDB"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who can view the DocumentDB configuration",
      "threatAction": "obtain the username and password for the DocumentDB cluster",
      "threatImpact": "the actor being able to access anything the associated DocumentDB user is authorised to do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who can view the DocumentDB configuration can obtain the username and password for the DocumentDB cluster, which leads to the actor being able to access anything the associated DocumentDB user is authorised to do, negatively impacting this application"
    },
    {
      "id": "76de4625-b01a-4cf4-8cbb-b5a1a1f75ebf",
      "numericId": 24,
      "displayOrder": 24,
      "tags": [
        "DocumentDB"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with a network path to the DocumentDB database listener",
      "threatAction": "perform a network probe the database using it's default port",
      "threatImpact": "perform reconnaissance and intrusion activities against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor with a network path to the DocumentDB database listener can perform a network probe the database using it's default port, which leads to perform reconnaissance and intrusion activities against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "6e86656c-5779-4695-9a8f-1caa535bb4e9",
      "numericId": 23,
      "displayOrder": 23,
      "tags": [
        "DocumentDB"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to DocumentDB storage",
      "threatAction": "view or modify the contents of the database",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "data hosted within the database"
      ],
      "statement": "A threat actor with physical access to DocumentDB storage can view or modify the contents of the database, resulting in reduced confidentiality and/or integrity of data hosted within the database"
    },
    {
      "id": "9f6177a5-0f9f-408b-b0d1-9e8067b60dc2",
      "numericId": 22,
      "displayOrder": 22,
      "tags": [
        "DMS",
        "VPC"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "",
      "threatAction": "discover DMS (Database Migration Services) instances that have public IP addresses",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover DMS (Database Migration Services) instances that have public IP addresses, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "eb82eea2-d949-4fd4-b5d2-1516b9c977bb",
      "numericId": 21,
      "displayOrder": 21,
      "tags": [
        "Cognito"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who has discovered an application endpoint with Cognito authenticated logins",
      "threatAction": "perform a dictionary or brute force attack to authenticate as an authorized Cognito user",
      "threatImpact": "the actor being able to do anything the associated Cognito user is authorised to do",
      "impactedGoal": [],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who has discovered an application endpoint with Cognito authenticated logins can perform a dictionary or brute force attack to authenticate as an authorized Cognito user, which leads to the actor being able to do anything the associated Cognito user is authorised to do, negatively impacting this application"
    },
    {
      "id": "ae94934d-1eda-4be0-befd-1e5c75cda4e2",
      "numericId": 20,
      "displayOrder": 20,
      "tags": [
        "Cognito"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who has discovered an application endpoint with Cognito authenticated logins",
      "threatAction": "perform any unauthenticated actions allowed by the Cognito user pool configuration",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who has discovered an application endpoint with Cognito authenticated logins can perform any unauthenticated actions allowed by the Cognito user pool configuration, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "0837eafd-540f-4a08-a602-a577d6dcdbc0",
      "numericId": 19,
      "displayOrder": 19,
      "metadata": [],
      "tags": [
        "Cognito"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is able brute force, or has knowledge of valid Amazon Cognito usernames and passwords",
      "threatAction": "spoof an authenticated user",
      "threatImpact": "the actor being able to do anything the user can do",
      "impactedGoal": [],
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who is able brute force, or has knowledge of valid Amazon Cognito usernames and passwords can spoof an authenticated user, which leads to the actor being able to do anything the user can do, negatively impacting this application"
    },
    {
      "id": "9893d5cc-6cff-4d3e-8bd2-f7c2f4af58f2",
      "numericId": 18,
      "displayOrder": 18,
      "tags": [
        "Cognito"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to the API",
      "threatAction": "access the API using a method other than Cognito user pool authentication",
      "threatImpact": "the actor being able to do anything a authenticated or unauthenticated user is permitted to do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with a network path to the API can access the API using a method other than Cognito user pool authentication, which leads to the actor being able to do anything an authenticated or unauthenticated user is permitted to do, negatively impacting this application"
    },
    {
      "id": "36547ec4-c4d6-487d-8fdf-83cb2975473e",
      "numericId": 17,
      "displayOrder": 17,
      "tags": [
        "Cognito"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with valid user credentials",
      "threatAction": "authenticate as a the valid user from a geo-location not associated with the valid users established baseline",
      "threatImpact": "the actor being able to do anything the user can do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with valid user credentials can authenticate as a the valid user from a geo-location not associated with the valid users established baseline, which leads to the actor being able to do anything the user can do, negatively impacting this application"
    },
    {
      "id": "3b6b28ec-be93-41c1-b93c-8df4411a821a",
      "numericId": 16,
      "displayOrder": 16,
      "tags": [
        "Cognito"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with access to a compromised credential list (e.g. purchased from the dark web)",
      "threatAction": "perform credential stuffing against a valid Cognito user in the pool that has re-used a password present in the compromised list",
      "threatImpact": "the actor being able to do anything the user can do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with access to a compromised credential list (e.g. purchased from the dark web) can perform credential stuffing against a valid Cognito user in the pool that has re-used a password present in the compromised list, which leads to the actor being able to do anything the user can do, negatively impacting this application"
    },
    {
      "id": "9d2c9e3b-f5c8-42af-8f63-4bd2309cf0d9",
      "numericId": 15,
      "displayOrder": 15,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "I",
            "E",
            "D"
          ]
        }
      ],
      "tags": [
        "CodeBuild"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is able to influence what commands are run within a CodeBuild job",
      "threatAction": "take run commands supported by 'privilegedMode'",
      "threatImpact": "them accessing the Docker API and associated resources",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who is able to influence what commands are run within a CodeBuild job can take run commands supported by 'privilegedMode', which leads to them accessing the Docker API and associated resources, negatively impacting this application"
    },
    {
      "id": "3e3ee2f1-053d-4e40-8917-52ce4f45ea56",
      "numericId": 14,
      "displayOrder": 14,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "T"
          ]
        }
      ],
      "tags": [
        "CodeBuild"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who can trick a user into using a external vulnerable or malicious Docker image in their CodeBuild project",
      "threatAction": "tamper with the build process",
      "impactedAssets": [
        "this application"
      ],
      "statement": "A threat actor who can trick a user into using an external vulnerable or malicious Docker image in their CodeBuild project can tamper with the build process, negatively impacting this application"
    },
    {
      "id": "7b1dbdd4-2cea-4b16-a15b-51b05822f972",
      "numericId": 13,
      "displayOrder": 13,
      "tags": [
        "CodeBuild"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to CodeBuild storage",
      "threatAction": "view or modify build artefacts (e.g. cache, logs, exported raw test report data files, and build results)",
      "impactedGoal": [
        "confidentiality",
        "integrity"
      ],
      "impactedAssets": [
        "this application's build artefacts"
      ],
      "statement": "A threat actor with physical access to CodeBuild storage can view or modify build artefacts (e.g. cache, logs, exported raw test report data files, and build results), resulting in reduced confidentiality and/or integrity of this application's build artefacts"
    },
    {
      "id": "493365cb-ff0b-411b-bc10-aaa97b6306fa",
      "numericId": 12,
      "displayOrder": 12,
      "tags": [
        "CodeBuild"
      ],
      "threatSource": "actor",
      "prerequisites": "that can view the CodeBuild environment variables",
      "threatAction": "can obtain any AWS Access Key and Secret Access Key that may be stored there",
      "threatImpact": "the actor being able to take any action that the IAM Principal associated with the keys is able to do",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An actor that can view the CodeBuild environment variables can can obtain any AWS Access Key and Secret Access Key that may be stored there, which leads to the actor being able to take any action that the IAM Principal associated with the keys is able to do, negatively impacting this application"
    },
    {
      "id": "3baec34a-5ed0-459d-90d9-9e5497e29751",
      "numericId": 11,
      "displayOrder": 11,
      "tags": [
        "CloudFront"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to the CloudFront Distribution",
      "threatAction": "make arbitrary web requests that are either not explicitly allowed, blocked or counted",
      "threatImpact": "them perform reconnaissance and intrusion activities against the content served by the CloudFront Distribution",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with a network path to the CloudFront Distribution can make arbitrary web requests that are either not explicitly allowed, blocked or counted, which leads to them perform reconnaissance and intrusion activities against the content served by the CloudFront Distribution, negatively impacting this application"
    },
    {
      "id": "d4378c9b-e680-41c1-8cc2-136e124461dd",
      "numericId": 10,
      "displayOrder": 10,
      "tags": [
        "CloudFront"
      ],
      "threatSource": "external threat actor",
      "threatAction": "bypass the CloudFront Distribution and associated controls (e.g. Geo-blocking)",
      "threatImpact": "direct access to static assets hosted on the Amazon S3 Origin",
      "impactedAssets": [
        "assets hosted on the S3 Origin for this application"
      ],
      "statement": "An external threat actor can bypass the CloudFront Distribution and associated controls (e.g. Geo-blocking), which leads to direct access to static assets hosted on the Amazon S3 Origin, negatively impacting assets hosted on the S3 Origin for this application"
    },
    {
      "id": "c7d756f0-0576-4644-a9b3-afea5bd52a7c",
      "numericId": 9,
      "displayOrder": 9,
      "tags": [
        "CloudFront"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between CloudFront Distribution and the origin",
      "threatAction": "take advantage of a vulnerability in an older/depreciated SSL/TLS protocol",
      "threatImpact": "them being able manipulate view or modify the content from the origin and served by the CloudFront Distribution",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between CloudFront Distribution and the origin can take advantage of a vulnerability in an older/depreciated SSL/TLS protocol, which leads to them being able manipulate view or modify the content from the origin and served by the CloudFront Distribution"
    },
    {
      "id": "8cde9550-4aac-4792-851f-e6ac01b3ae92",
      "numericId": 8,
      "displayOrder": 8,
      "metadata": [
        {
          "key": "STRIDE",
          "value": [
            "T",
            "I"
          ]
        }
      ],
      "tags": [
        "CloudFront"
      ],
      "threatSource": "threat actor",
      "prerequisites": "who is in a person-in-the-middle position between the user and the CloudFront Distribution",
      "threatAction": "take advantage of a vulnerability in an older/depreciated SSL/TLS protocol",
      "threatImpact": "them being able manipulate view or modify the content served by the CloudFront Distribution",
      "impactedGoal": [],
      "impactedAssets": [],
      "statement": "A threat actor who is in a person-in-the-middle position between the user and the CloudFront Distribution can take advantage of a vulnerability in an older/depreciated SSL/TLS protocol, which leads to them being able manipulate view or modify the content served by the CloudFront Distribution"
    },
    {
      "id": "8c9cd385-7a3d-486d-90fc-5b9f3b28a04a",
      "numericId": 7,
      "displayOrder": 7,
      "tags": [
        "CloudFront"
      ],
      "threatSource": "external threat actor",
      "threatAction": "discover application web assets that are exposed via CloudFront distributions",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover application web assets that are exposed via CloudFront distributions, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "c40381b0-0bdf-4e2a-86ba-966634fab370",
      "numericId": 6,
      "displayOrder": 6,
      "tags": [
        "Cloud9",
        "EC2",
        "VPC"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "",
      "threatAction": "discover Cloud9 EC2 instances that have public IP addresses and that are exposing SSH",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover Cloud9 EC2 instances that have public IP addresses and that are exposing SSH, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "82ffe16c-520c-420e-aa68-d1e9562acc5d",
      "numericId": 5,
      "displayOrder": 5,
      "metadata": [],
      "tags": [
        "EC2",
        "VPC"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "",
      "threatAction": "discover EC2 instances that have public IP addresses",
      "threatImpact": "reconnaissance and intrusion activities being performed against the exposed attack surface",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor can discover EC2 instances that have public IP addresses, which leads to reconnaissance and intrusion activities being performed against the exposed attack surface, negatively impacting this application"
    },
    {
      "id": "4395c4e3-db64-44c0-8be0-0bcffad7f752",
      "numericId": 4,
      "displayOrder": 4,
      "metadata": [],
      "tags": [
        "Athena"
      ],
      "threatSource": "threat actor",
      "prerequisites": "with physical access to Amazon S3 bucket used for Athena workgroup storage",
      "threatAction": "view the results of Athena queries",
      "impactedGoal": [
        "confidentiality"
      ],
      "impactedAssets": [
        "this application's Athena queries"
      ],
      "statement": "A threat actor with physical access to Amazon S3 bucket used for Athena workgroup storage can view the results of Athena queries, resulting in reduced confidentiality of this application's Athena queries"
    },
    {
      "id": "813c3fc1-33bc-4823-9f9c-91b2df1f4030",
      "numericId": 3,
      "displayOrder": 3,
      "metadata": [],
      "tags": [
        "API Gateway"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to, and authorization to use the API",
      "threatAction": "can supply unexpected HTTP headers or JSON payload to the API",
      "threatImpact": "the application behaving in unintended ways",
      "impactedGoal": [],
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with a network path to, and authorization to use the API can can supply unexpected HTTP headers or JSON payload to the API, which leads to the application behaving in unintended ways, negatively impacting this application"
    },
    {
      "id": "2d370353-bc79-43a7-8e92-68d0850a13d0",
      "numericId": 2,
      "displayOrder": 2,
      "metadata": [],
      "tags": [
        "API Gateway"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to the API",
      "threatAction": "make unauthenticated calls to the API",
      "threatImpact": "",
      "impactedGoal": [
        "confidentiality",
        "integrity",
        "availability"
      ],
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with a network path to the API can make unauthenticated calls to the API, resulting in reduced confidentiality, integrity and/or availability of this application"
    },
    {
      "id": "dc429030-4063-43db-96ea-d60b8ab83152",
      "numericId": 1,
      "displayOrder": 1,
      "metadata": [],
      "tags": [
        "API Gateway"
      ],
      "threatSource": "external threat actor",
      "prerequisites": "with a network path to the API",
      "threatAction": "make arbitrary web requests that are either not explicitly allowed, blocked or counted",
      "threatImpact": "them perform reconnaissance and intrusion activities against the API",
      "impactedAssets": [
        "this application"
      ],
      "statement": "An external threat actor with a network path to the API can make arbitrary web requests that are either not explicitly allowed, blocked or counted, which leads to them perform reconnaissance and intrusion activities against the API, negatively impacting this application"
    }
  ]
}