v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 16 Unused network access control lists should be removed

Description

This control checks whether there are any unused network access control lists (ACLs).

The control checks the item configuration of the resource AWS::EC2::NetworkAcl and determines the relationships of the network ACL.

If the only relationship is the VPC of the network ACL, then the control fails.

Remediation

For instructions on how to delete an unused network ACL, see Delete a network ACL.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_ec2_16

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_ec2_16 --share

SQL

This control uses a named query:

vpc_network_acl_unused

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = network_security
foundational_security_item_id = ec2_16
plugin = aws
service = AWS/EC2