Control: WAFV2 regex pattern sets should have mandatory tags
Description
Check if WAFV2 regex pattern sets have mandatory tags.
Usage
Run the control in your terminal:
powerpipe control run aws_tags.control.wafv2_regex_pattern_set_mandatory
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_tags.control.wafv2_regex_pattern_set_mandatory --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | mandatory_tags |
|
SQL
with analysis as ( select arn, title, tags ?& $1 as has_mandatory_tags, to_jsonb($1) - array(select jsonb_object_keys(tags)) as missing_tags, region, account_id, tags, _ctx from aws_wafv2_regex_pattern_set)select arn as resource, case when has_mandatory_tags then 'ok' else 'alarm' end as status, case when has_mandatory_tags then title || ' has all mandatory tags.' else title || ' is missing tags: ' || array_to_string(array(select jsonb_array_elements_text(missing_tags)), ', ') || '.' end as reason , region, account_idfrom analysis;