🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub

Query: cloudfront_distribution_encryption_in_transit_enabled

Usage

powerpipe query aws_compliance.query.cloudfront_distribution_encryption_in_transit_enabled

Steampipe Tables

aws_cloudfront_distribution
Amazon Web Services plugin

SQL

with data as (
  select
    distinct arn
  from
    aws_cloudfront_distribution,
      jsonb_array_elements(
    case jsonb_typeof(cache_behaviors -> 'Items')
        when 'array' then (cache_behaviors -> 'Items')
        else null end
    ) as cb
  where
    cb ->> 'ViewerProtocolPolicy' = 'allow-all'
)
select
  b.arn as resource,
  case
    when d.arn is not null or (default_cache_behavior ->> 'ViewerProtocolPolicy' = 'allow-all') then 'alarm'
    else 'ok'
  end as status,
  case
    when d.arn is not null or (default_cache_behavior ->> 'ViewerProtocolPolicy' = 'allow-all') then title || ' data not encrypted in transit.'
    else title || ' data encrypted in transit.'
  end as reason
  
  , b.region, b.account_id
from
  aws_cloudfront_distribution as b
  left join data as d on b.arn = d.arn;

Controls

The query is being used by the following controls: