Control: Config configuration recorder should not fail to deliver logs
Description
This control checks whether Config configuration recorder fails to deliver logs. This control is non-compliant if Config configuration recorder fails to deliver logs.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.config_configuration_recorder_no_failed_deliver_logs
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.config_configuration_recorder_no_failed_deliver_logs --share
SQL
This control uses a named query:
select arn as resource, case when status ->> 'LastStatus' = 'FAILURE' then 'alarm' else 'ok' end as status, case when status ->> 'LastStatus' = 'FAILURE' then title || ' has failed deliver logs.' else title || ' does not have failed deliver logs.' end as reason, region, account_idfrom aws_config_configuration_recorder;