turbot/aws_compliance

Query: securityhub_enabled

Usage

powerpipe query aws_compliance.query.securityhub_enabled

SQL

select
'arn:' || r.partition || '::' || r.region || ':' || r.account_id as resource,
case
when r.region = any(array['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1', 'ap-northeast-3']) then 'skip'
-- Skip any regions that are disabled in the account.
when r.opt_in_status = 'not-opted-in' then 'skip'
when h.hub_arn is not null then 'ok'
else 'alarm'
end as status,
case
when r.region = any(array['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1', 'ap-northeast-3']) then r.region || ' region not supported.'
when r.opt_in_status = 'not-opted-in' then r.region || ' region is disabled.'
when h.hub_arn is not null then 'Security Hub enabled in ' || r.region || '.'
else 'Security Hub disabled in ' || r.region || '.'
end as reason
, r.region, r.account_id
from
aws_region as r
left join aws_securityhub_hub as h on r.account_id = h.account_id and r.name = h.region;

Controls

The query is being used by the following controls: