Control: CloudFront distributions should have field level encryption enabled
Description
This control checks whether an AWS CloudFront distribution has field-level encryption enabled. The control fails if CloudFront distribution field-level encryption is not enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudfront_distribution_field_level_encryption_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudfront_distribution_field_level_encryption_enabled --shareSQL
This control uses a named query:
select arn as resource, case when default_cache_behavior ->> 'FieldLevelEncryptionId' = '' then 'alarm' else 'ok' end as status, case when default_cache_behavior ->> 'FieldLevelEncryptionId' = '' then title || ' field level encryption disabled.' else title || ' field level encryption enabled.' end as reason , region, account_idfrom aws_cloudfront_distribution;