certificate_with_auto_renew_enablediam_access_group_with_public_accessiam_account_owner_no_api_keyiam_restrict_api_key_service_id_creationiam_support_center_access_group_configurediam_user_api_key_age_90iam_user_member_of_only_access_groupiam_user_mfa_enabled_alliam_user_with_valid_emailiam_user_with_valid_phoneinternet_service_ddos_protection_activeinternet_service_tls_higher_version_enabledinternet_service_waf_enabledmanual_controlobject_storage_bucket_with_cmkobject_storage_bucket_with_key_protect_enabledvpc_network_acl_restrict_ingress_rdp_allvpc_network_acl_restrict_ingress_ssh_allvpc_security_group_restrict_ingress_rdp_allvpc_security_group_restrict_ingress_ssh_all
Query: vpc_security_group_restrict_ingress_rdp_all
Usage
powerpipe query ibm_compliance.query.vpc_security_group_restrict_ingress_rdp_allSteampipe Tables
SQL
with ingress_rdp_rules as ( select crn, count(id) as num_rdp_rules from ibm_is_security_group, jsonb_array_elements(rules) as rule where rule ->> 'direction' = 'inbound' and rule -> 'remote' ->> 'cidr_block' = '0.0.0.0/0' and ( rule ->> 'protocol' = 'all' or ( (rule ->> 'port_min') :: integer <= 3389 and (rule ->> 'port_max') :: integer >= 3389 ) ) group by crn)select sg.crn as resource, case when r.crn is null then 'ok' else 'alarm' end as status, case when r.crn is null then sg.title || ' ingress restricted for RDP from 0.0.0.0/0.' else sg.title || ' contains ' || r.num_rdp_rules || ' ingress rule(s) allowing RDP from 0.0.0.0/0.' end as reason, sg.region, sg.account_idfrom ibm_is_security_group as sg left join ingress_rdp_rules as r on r.crn = sg.crn;
Controls
The query is being used by the following controls: