aws-samples · kuettai · Apr 29, 2024 · Apr 29, 2024 · Apr 29, 2024 · Apr 29, 2024
diff --git a/frameworks/SSB/map.json b/frameworks/SSB/map.json
@@ -3,7 +3,7 @@
     "originator": "AWS",
     "shortname": "SSB",
     "fullname": "AWS Startup Security Baseline",
-    "description": "The AWS Startup Security Baseline (SSB) is a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility. These controls form the basis of your security posture and are focused on securing credentials, enabling logging and visibility, managing contact information, and implementing basic data boundaries.<br><br>The controls in this guide are designed with early startups in mind, mitigating the most common security risks without requiring significant effort. Many startups begin their journey in the AWS Cloud with a single AWS account. As organizations grow, they migrate to multi-account architectures. The guidance in this guide is designed for single-account architectures, but it helps you set up security controls that are easily migrated or modified as you transition to a multi-account architecture.<br><br>The controls in the AWS SSB are separated into two categories: account and workload. Account controls help keep your AWS account secure. It includes recommendations for setting up user access, policies, and permissions, and it includes recommendations for how to monitor your account for unauthorized or potentially malicious activity. Workload controls help secure your resources and code in the cloud, such as applications, backend processes, and data. It includes recommendations such as encryption and reducing the scope of access.",
+    "description": "The AWS Startup Security Baseline (SSB) is a set of controls that create a minimum foundation for businesses to build securely on AWS without decreasing their agility. These controls form the basis of your security posture and are focused on securing credentials, enabling logging and visibility, managing contact information, and implementing basic data boundaries.<br><br>The controls in this guide are designed with early startups in mind, mitigating the most common security risks without requiring significant effort. Many startups begin their journey in the AWS Cloud with a single AWS account. As organizations grow, they migrate to multi-account architectures. The guidance in this guide is designed for single-account architectures, but it helps you set up security controls that are easily migrated or modified as you transition to a multi-account architecture.<br><br>The controls in the AWS SSB are separated into two categories: account and workload. Account controls help keep your AWS account secure. It includes recommendations for setting up user access, policies, and permissions, and it includes recommendations for how to monitor your account for unauthorized or potentially malicious activity. Workload controls help secure your resources and code in the cloud, such as applications, backend processes, and data. It includes recommendations such as encryption and reducing the scope of access. You can find guides/information on this workshop: https://catalog.workshops.aws/startup-security-baseline/en-US to learn more about it",
     "_": "https://docs.aws.amazon.com/prescriptive-guidance/latest/aws-startup-security-baseline/welcome.html",
     "emptyCheckDefaultMsg": ""
   },

diff --git a/services/cloudfront/drivers/cloudfrontDist.py b/services/cloudfront/drivers/cloudfrontDist.py
@@ -51,6 +51,9 @@ def _checkDeprecatedSSL(self):
             if not 'CustomOriginConfig' in y:
                 continue
 
+            if y['CustomOriginConfig']['OriginProtocolPolicy'] == 'http-only':
+                continue
+
             if 'SSLv3' in y['CustomOriginConfig']['OriginSslProtocols']['Items']:
                 self.results['DeprecatedSSLProtocol'] = [-1, '']
                 break

diff --git a/services/dashboard/DashboardPageBuilder.py b/services/dashboard/DashboardPageBuilder.py
@@ -85,6 +85,8 @@ def buildContentDetail_dashboard(self):
         donutR = {} 
         dataSetsL = {}
         dataSetsR = {}
+        filterDonutL = {}
+        filterDonutR = {}
 
         regions = self.regions
         services = self.services
@@ -111,13 +113,22 @@ def buildContentDetail_dashboard(self):
                 donutL[region] += hri
                 donutR[serv] += hri
 
+        for region, cnt in donutL.items():
+            if cnt > 0:
+                filterDonutL[region] = cnt
+
+        for serv, cnt in donutR.items():
+            if cnt > 0:
+                filterDonutR[serv] = cnt
+
+
         # card = self.generateCard(pid=pid, html=html, cardClass='danger', title='No. Criticality', titleBadge='', collapse=False, noPadding=False)
 
-        html = self.generateDonutPieChart(donutL, 'hriByRegion', 'doughnut')
+        html = self.generateDonutPieChart(filterDonutL, 'hriByRegion', 'doughnut')
         card = self.generateCard(pid=self.getHtmlId('chartServRegion'), html=html, cardClass='warning', title='High Risk - Group by Region', titleBadge='', collapse=True, noPadding=False)
         items = [[card, '']]
 
-        html = self.generateDonutPieChart(donutR, 'hriByService', 'pie')
+        html = self.generateDonutPieChart(filterDonutR, 'hriByService', 'pie')
         card = self.generateCard(pid=self.getHtmlId('pieHriByService'), html=html, cardClass='warning', title='High Risk - Group by Service', titleBadge='', collapse=True, noPadding=False)
         items.append([card, ''])