turbot/aws_compliance

Query: rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability

Usage

powerpipe query aws_compliance.query.rds_db_cluster_aurora_postgres_not_exposed_to_local_file_read_vulnerability

Steampipe Tables

SQL

select
arn as resource,
case
when not engine ilike '%aurora-postgres%' then 'skip'
when engine ilike '%aurora-postgres%' and engine_version like any (array ['10.11', '10.12', '10.13', '11.6', '11.7', '11.8']) then 'alarm'
else 'ok'
end as status,
case
when not engine ilike '%aurora-postgres%' then title || ' not Aurora PostgreSQL edition.'
when engine ilike '%aurora-postgres%' and engine_version like any (array ['10.11', '10.12', '10.13', '11.6', '11.7', '11.8']) then title || ' exposed to local file read vulnerability.'
else title || ' not exposed to local file read vulnerability.'
end as reason
, region, account_id
from
aws_rds_db_instance;

Controls

The query is being used by the following controls: