🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: DRS jobs should be enabled

Description

Ensure that DRS is enabled with jobs. This rule is non-compliant if DRS is not enabled with jobs for a particular region.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.drs_job_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.drs_job_enabled --share

SQL

This control uses a named query:

with drs_job_count as (
  select
    count(*) as count,
    region,
    account_id,
    _ctx
  from
    aws_drs_job
  group by
    region,
    account_id,
    _ctx
)
select
  'arn:' || r.partition || '::' || r.region || ':' || r.account_id as resource,
  case
    when drs_job_count.count = 0 or drs_job_count.count is null then 'alarm'
    else 'ok'
  end as status,
  case
    when drs_job_count.count = 0 or drs_job_count.count is null then 'DRS job not enabled for region ' || r.region || '.'
    else 'DRS job enabled for region ' || r.region || '.'
  end as reason
  , drs_job_count.region, drs_job_count.account_id
from
  aws_region as r
  left join drs_job_count on r.region = drs_job_count.region;

Tags

category = Compliance
plugin = aws
service = AWS/DRS