turbot/aws_compliance

Query: emr_cluster_local_disk_encryption_enabled

Usage

powerpipe query aws_compliance.query.emr_cluster_local_disk_encryption_enabled

SQL

select
cluster_arn as resource,
case
when s.name is null then 'alarm'
when s.name is not null
and (encryption_configuration -> 'EnableAtRestEncryption')::bool
and (encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration') is not null then 'ok'
else 'alarm'
end as status,
case
when s.name is null then c.title || ' security configuration disabled.'
when s.name is not null
and (encryption_configuration -> 'EnableAtRestEncryption')::bool
and (encryption_configuration -> 'AtRestEncryptionConfiguration' -> 'LocalDiskEncryptionConfiguration') is not null then c.title || ' local disk encryption enabled.'
else c.title || ' local disk encryption disabled.'
end as reason
, c.region, c.account_id
from
aws_emr_cluster as c
left join aws_emr_security_configuration as s on c.security_configuration = s.name and s.region = s.region and s.account_id = c.account_id;

Controls

The query is being used by the following controls: