turbot/aws_compliance

Query: vpc_flow_logs_enabled

Usage

powerpipe query aws_compliance.query.vpc_flow_logs_enabled

Steampipe Tables

SQL

with vpcs as (
select
arn,
account_id,
region,
owner_id,
vpc_id,
tags,
_ctx
from
aws_vpc
order by
vpc_id
),
flowlogs as (
select
resource_id,
account_id,
region
from
aws_vpc_flow_log
order by
resource_id
)
select
v.arn as resource,
case
when v.account_id <> v.owner_id then 'skip'
when f.resource_id is not null then 'ok'
else 'alarm'
end as status,
case
when v.account_id <> v.owner_id then v.vpc_id || ' is a shared VPC.'
when f.resource_id is not null then v.vpc_id || ' flow logging enabled.'
else v.vpc_id || ' flow logging disabled.'
end as reason
, v.region, v.account_id
from
vpcs as v
left join flowlogs as f on v.vpc_id = f.resource_id;

Controls

The query is being used by the following controls: