turbot/steampipe-mod-aws-compliance

Control: Config configuration recorder should not fail to deliver logs

Description

This control checks whether Config configuration recorder fails to deliver logs. This control is non-compliant if Config configuration recorder fails to deliver logs.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.config_configuration_recorder_no_failed_deliver_logs

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.config_configuration_recorder_no_failed_deliver_logs --share

SQL

This control uses a named query:

select
arn as resource,
case
when status ->> 'LastStatus' = 'FAILURE' then 'alarm'
else 'ok'
end as status,
case
when status ->> 'LastStatus' = 'FAILURE' then title || ' has failed deliver logs.'
else title || ' does not have failed deliver logs.'
end as reason,
region,
account_id
from
aws_config_configuration_recorder;

Tags