More wording improvements to AWS Policy

core/mondoo-aws-security.mql.yaml

@@ -46,19 +46,19 @@ policies:
       mondoo-aws-security-vpc-flow-logs-enabled: null
 props:
   - uid: maxAccessKeyAge
-    title: Define the max amount of days an IAM key is allowed to exist before rotation
+    title: Define the maximum number of days an IAM key is allowed to exist before rotation
     query: 90
   - uid: maxCredentialUsageAge
-    title: Define the max amount of days a credential is allowed to go unused.
+    title: Define the maximum number of days a credential can go unused.
     query: 90
   - uid: iamPasswordPolicyMaxPasswordAge
-    title: The amount of time (in days) a password is allowed to exist before being rotated
+    title: Define the maximum number of days a password is allowed to exist before being rotated
     query: 90
   - uid: iamPasswordPolicyMinimumPasswordLength
     title: Minimum password length
     query: 14
   - uid: iamPasswordPolicyPasswordReusePrevention
-    title: Number of password before allowing reuse
+    title: Number of passwords before allowing reuse
     query: 24
   - uid: iamPasswordPolicyRequireLowercaseCharacters
     title: Denotes whether lowercase characters are required for passwords.
@@ -242,7 +242,7 @@ queries:
     desc: |
       AWS allows for custom password policies on your AWS account to specify complexity requirements and mandatory rotation periods for your IAM users' passwords. IAM user passwords must meet the default AWS password policy if you don't set a custom password policy. AWS security best practices recommends the following password complexity requirements:
       
-      - Require at least one uppercase character in password.
+      - Require at least one uppercase character in passwords.
       - Require at least one lowercase character in passwords.
       - Require at least one symbol in passwords.
       - Require at least one number in passwords.
@@ -401,7 +401,7 @@ queries:
   severity: 95
   docs: 
     desc: |
-      Multi-factor authentication (MFA) is a best practice that adds an extra layer of protection on top of user names and passwords. With MFA, when a user signs in to the AWS Management Console, they are required to provide a time-sensitive authentication code, provided by a registered virtual or physical device.
+      Multi-factor authentication (MFA) is a best practice that adds an extra layer of protection on top of user names and passwords. With MFA, when a user signs in to the AWS Management Console, they are required to provide a time-sensitive authentication code provided by a registered virtual or physical device.
     audit: |
       __cnspec shell__
 
@@ -433,9 +433,9 @@ queries:
       
       The following example shows how to:
       1. Create users.
-      2. Create users login profiles with a PGP Public key.
-      3. Create group and group policy that allows self management of IAM profile.
-      4. Attach users to group.
+      2. Create users' login profiles with a PGP Public key.
+      3. Create a group and group policy that allows self-management of IAM profiles.
+      4. Attach users to a group.
       5. Create Virtual MFA devices for users.
       6. Provide each user with the output QR Code and password.
 
@@ -619,8 +619,8 @@ queries:
       3. In the User Name list, choose the name of the intended MFA user.
       4. Choose the Security credentials tab. Next to Assigned MFA device, choose Manage.
       5. In the Manage MFA Device wizard, choose Virtual MFA device, and then choose Continue.
-      6. IAM generates and displays configuration information for the virtual MFA device, including a QR code graphic. The graphic is a representation of the "secret configuration key" that is available for manual entry on devices that do not support QR codes.
-      7. Open your virtual MFA app. For a list of apps that you can use for hosting virtual MFA devices, see [Multi-Factor Authentication](http://aws.amazon.com/iam/details/mfa/).
+      6. IAM generates and displays configuration information for the virtual MFA device, including a QR code graphic. The graphic represents the "secret configuration key" available for manual entry on devices that do not support QR codes.
+      7. Open your virtual MFA app. For a list of apps you can use to host virtual MFA devices, see [Multi-Factor Authentication](http://aws.amazon.com/iam/details/mfa/).
       8. If the virtual MFA app supports multiple virtual MFA devices or accounts, choose the option to create a new virtual MFA device or account.
       9. Determine whether the MFA app supports QR codes, and then do one of the following:
       
@@ -1384,20 +1384,20 @@ queries:
         * Delete default VPCs.
         * Enable flow logs for the non-default VPCs.
 
-      We recommend using either Terraform or the console as there is automation to delete VPC and its dependencies in place.
+      We recommend using either Terraform or the AWS console as there is automation to delete VPC and its dependencies in place.
       
       __Terraform__
 
       Open source Terraform modules can help us obtain this result by providing ways to delete VPCs and children dependencies.
 
-      **Notice:** The following example is destructive and irreversible. It destroy all children dependencies of default VPCs, including:
+      **Notice:** The following example is destructive and irreversible. It destroys all child dependencies of default VPCs, including:
 
       1. Subnets
       2. Route tables
       3. NACLs
       4. Internet Gateways
 
-      This module execution will fail for VPCs containing resources attached to the network interfaces. In this case review the resources and redeploy them to a non-default VPC.
+      This module execution will fail for VPCs containing resources attached to the network interfaces. In this case, review the resources and redeploy them to a non-default VPC.
       
       ```hcl
       terraform {
@@ -1420,7 +1420,7 @@ queries:
       }
       ```
 
-      To enable Flow logs for VPCs with customer managed KMS key
+      To enable Flow logs for VPCs with customer-managed KMS keys:
 
       ```hcl
       data "aws_caller_identity" "current" {}
@@ -1518,7 +1518,7 @@ queries:
 
       __AWS Console__
 
-      To delete the default VPCs
+      To delete the default VPCs:
 
       1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
       2. Under Resources by Region, VPCs, choose See all regions.
@@ -1533,7 +1533,7 @@ queries:
         * Redeploy your resources to the non-default VPC.
         * Try deleting the VPC again.
 
-      To enable VPC flow logging
+      To enable VPC flow logging:
 
       1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
       2. Under Virtual Private Cloud, choose Your VPCs.
@@ -1547,11 +1547,11 @@ queries:
 
       __AWS CLI__
 
-      Deleting default VPCs using the CLI is discouraged. In order to maintain idempotency of commands, there is no automated deletion of children resources in place.
+      Deleting default VPCs using the CLI is discouraged. In order to maintain the idempotency of commands, there is no automated deletion of children resources in place.
       
       We advise that AWS customers delete default VPCs using either Terraform or the AWS Console (see above).
       
-      To create flow logs for non-default VPCs and sending it to CloudWatch (recommended), proceed as follows:
+      To create flow logs for non-default VPCs and send them to CloudWatch (recommended), proceed as follows:
 
       1. Create a policy (`key-policy.json`) to allow the CloudWatch principal access to KMS keys, replace `<account_id>`