turbot/aws_compliance

Query: iam_policy_no_full_access_to_cloudtrail

Usage

powerpipe query aws_compliance.query.iam_policy_no_full_access_to_cloudtrail

Steampipe Tables

SQL

with cloudtrail_full_access_policies as (
select
arn,
count(*) as statements_num
from
aws_iam_policy,
jsonb_array_elements(policy_std -> 'Statement') as s,
jsonb_array_elements_text(s -> 'Resource') as resource,
jsonb_array_elements_text(s -> 'Action') as action
where
not is_aws_managed
and s ->> 'Effect' = 'Allow'
and resource = '*'
and action = 'cloudtrail:*'
group by
arn
)
select
p.arn as resource,
case
when w.arn is null then 'ok'
else 'alarm'
end status,
p.name || ' contains ' || coalesce(w.statements_num,0) ||
' statements that allow action "*" on at cloudtrail service on resource "*".' as reason
, p.account_id
from
aws_iam_policy as p
left join cloudtrail_full_access_policies as w on p.arn = w.arn
where
not p.is_aws_managed;

Controls

The query is being used by the following controls: