Control: CloudFormation stacks should have rollback enabled
Description
Ensure CloudFormation stacks have the rollback feature enabled. Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to rollback that operation if the application breaches the threshold of any of the alarms you've specified.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudformation_stack_rollback_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudformation_stack_rollback_enabled --shareSQL
This control uses a named query:
select id as resource, case when not disable_rollback then 'ok' else 'alarm' end as status, case when not disable_rollback then title || ' rollback enabled.' else title || ' rollback disabled.' end as reason , region, account_idfrom aws_cloudformation_stack;