turbot/aws_compliance

Query: rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability

Usage

powerpipe query aws_compliance.query.rds_db_instance_postgres_not_exposed_to_local_file_read_vulnerability

Steampipe Tables

SQL

select
arn as resource,
case
when not engine = 'postgres' then 'skip'
when engine = 'postgres' and engine_version like any (array ['10.11', '10.12', '10.13', '11.6', '11.7', '11.8']) then 'alarm'
else 'ok'
end as status,
case
when not engine = 'postgres' then title || ' not PostgreSQL edition.'
when engine = 'postgres' and engine_version like any (array ['13.2','13.1','12.6','12.5','12.4','12.3','12.2','11.11','11.10','11.9','11.8','11.7','11.6','11.5','11.4','11.3','11.2','11.1','10.16','10.15','10.14','10.13','10.12','10.11','10.10','10.9','10.7','10.6','10.5','10.4','10.3','10.1','9.6.21','9.6.20','9.6.19','9.6.18','9.6.17','9.6.16','9.6.15','9.6.14','9.6.12','9.6.11','9.6.10','9.6.9','9.6.8','9.6.6','9.6.5','9.6.3','9.6.2','9.6.1','9.5','9.4','9.3']) then title || ' exposed to local file read vulnerability.'
else title || ' not exposed to local file read vulnerability.'
end as reason
, region, account_id
from
aws_rds_db_instance;

Controls

The query is being used by the following controls: