Control: 3 EventBridge custom event buses should have a resource-based policy attached
Description
This control checks if an Amazon EventBridge custom event bus has a resource-based policy attached. This control fails if the custom event bus doesn't have a resource-based policy.
By default, an EventBridge custom event bus doesn't have a resource-based policy attached. This allows principals in the account to access the event bus. By attaching a resource-based policy to the event bus, you can limit access to the event bus to specified accounts, as well as intentionally grant access to entities in another account.
Remediation
To attach a resource-based policy to an EventBridge custom event bus, see Managing event bus permissions in the Amazon EventBridge User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_eventbridge_3Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_eventbridge_3 --shareSQL
This control uses a named query:
eventbridge_custom_bus_resource_based_policy_attached