Loading controls...
Control: GuardDuty findings should only be shared with trusted accounts
Description
This control checks if GuardDuty findings are only shared with trusted administrator accounts.
Usage
Run the control in your terminal:
powerpipe control run aws_perimeter.control.guarduty_findings_shared_with_trusted_accounts
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_perimeter.control.guarduty_findings_shared_with_trusted_accounts --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | trusted_accounts |
| A list of trusted accounts. |
SQL
select title as resource, case when master_account ->> 'AccountId' is null or (master_account ->> 'AccountId') :: text = any (($1) :: text [ ]) then 'ok' else 'info' end as status, case when master_account ->> 'AccountId' is null or (master_account ->> 'AccountId') :: text = any (($1) :: text [ ]) then title || ' findings shared with trusted administrator account.' else title || ' findings shared with untrusted administrator account ' || (master_account ->> 'AccountId') :: text || '.' end as reason, region, account_idfrom aws_guardduty_detector;