Benchmark: Shared Access Settings
This benchmark answers the following questions:
- What resources are shared with untrusted accounts, organization units, and organizations?
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-perimeterStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Shared Access Settings.
Run this benchmark in your terminal:
powerpipe benchmark run aws_perimeter.benchmark.shared_access_settingsSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_perimeter.benchmark.shared_access_settings --shareControls
- Config service aggregator should only collect data from trusted accounts
- Directory Service directories should only be shared with trusted accounts
- DLM policies should only share EBS snapshot copies with trusted accounts
- EBS snapshots should only be shared with trusted accounts
- EC2 AMIs should only be shared with trusted accounts
- EC2 AMIs should only be shared with trusted OUs
- EC2 AMIs should only be shared with trusted organizations
- GuardDuty findings should only be shared with trusted accounts
- RDS DB snapshots should only be shared with trusted accounts