🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: Backup vaults should exist in a region

Description

Ensure that there exists at least one backup vault in a region. The rule is non-compliant if there are no backup vaults in a region.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.backup_vault_region_configured

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.backup_vault_region_configured --share

SQL

This control uses a named query:

with count_vaults as (
  select
    region,
    account_id,
    count(*) as count
  from
    aws_backup_vault
  group by
    region,
    account_id
)
select
  'arn:' || r.partition || '::' || r.region || ':' || r.account_id as resource,
  case
    when v.count > 0 then 'ok'
    else 'alarm'
  end as status,
  case
    when v.count > 0 then v.count || ' backup vault(s) exist in region ' || r.region || '.'
    else 'No backup vault exists in region ' || r.region || '.'
  end as reason
  , r.region, r.account_id
from
  aws_region as r
  left join count_vaults as v on r.account_id = v.account_id and r.region = v.region;

Tags

category = Compliance
plugin = aws
service = AWS/Backup