turbot/aws_compliance

Query: cloudtrail_trail_bucket_mfa_enabled

Usage

powerpipe query aws_compliance.query.cloudtrail_trail_bucket_mfa_enabled

SQL

select
t.arn as resource,
case
when t.s3_bucket_name is null then 'alarm'
when b.versioning_mfa_delete then 'ok'
else 'alarm'
end as status,
case
when t.s3_bucket_name is null then t.title || ' logging disabled.'
when b.versioning_mfa_delete then t.title || t.s3_bucket_name || ' MFA enabled.'
else t.title || t.s3_bucket_name || ' MFA disabled.'
end as reason
, t.region, t.account_id
from
aws_cloudtrail_trail t
left join aws_s3_bucket b on t.s3_bucket_name = b.name
where
t.region = t.home_region;

Controls

The query is being used by the following controls: