Control: Backup plan should exist in a region

Description

Ensure that there exists at least one backup plan in a region. The rule is non-compliant if there are no backup plans in a region.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.backup_plan_region_configured

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.backup_plan_region_configured --share

SQL

This control uses a named query:

with count_plans as (
  select
    region,
    account_id,
    count(*) as count
  from
    aws_backup_plan
  group by
    region,
    account_id
)
select
  'arn:' || r.partition || '::' || r.region || ':' || r.account_id as resource,
  case
    when cp.count > 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when cp.count > 0 then cp.count || ' backup plan(s) exist in region ' || r.region || '.'
    else 'No backup plans exist in region ' || r.region || '.'
  end as reason
  , r.region, r.account_id
from
  aws_region as r
  left join count_plans as cp on r.account_id = cp.account_id and r.region = cp.region;

Control: Backup plan should exist in a region

Description

Usage

SQL

Tags