v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 3 EventBridge custom event buses should have a resource-based policy attached

Description

This control checks if an Amazon EventBridge custom event bus has a resource-based policy attached. This control fails if the custom event bus doesn't have a resource-based policy.

By default, an EventBridge custom event bus doesn't have a resource-based policy attached. This allows principals in the account to access the event bus. By attaching a resource-based policy to the event bus, you can limit access to the event bus to specified accounts, as well as intentionally grant access to entities in another account.

Remediation

To attach a resource-based policy to an EventBridge custom event bus, see Managing event bus permissions in the Amazon EventBridge User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_eventbridge_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_eventbridge_3 --share

SQL

This control uses a named query:

eventbridge_custom_bus_resource_based_policy_attached

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = resource_policy_configuration
foundational_security_item_id = eventbridge_3
plugin = aws
service = AWS/EventBridge