Control: Kinesis firehose delivery streams should not have prohibited tags
Description
Check if Kinesis firehose delivery streams have any prohibited tags.
Usage
Run the control in your terminal:
powerpipe control run aws_tags.control.kinesis_firehose_delivery_stream_prohibited
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_tags.control.kinesis_firehose_delivery_stream_prohibited --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | prohibited_tags |
|
SQL
with analysis as ( select arn, array_agg(k) as prohibited_tags, region, account_id, tags, _ctx from aws_kinesis_firehose_delivery_stream, jsonb_object_keys(tags) as k, unnest($1::text[]) as prohibited_key where k = prohibited_key group by arn, region, account_id, tags, _ctx)select r.arn as resource, case when a.prohibited_tags <> array[]::text[] then 'alarm' else 'ok' end as status, case when a.prohibited_tags <> array[]::text[] then r.title || ' has prohibited tags: ' || array_to_string(a.prohibited_tags, ', ') || '.' else r.title || ' has no prohibited tags.' end as reason , r.region, r.account_idfrom aws_kinesis_firehose_delivery_stream as rfull outer join analysis as a on a.arn = r.arn;