🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: EBS volume snapshots should exist

Description

Ensure that EBS volume snapshots exist. This rule is non-compliant if the EBS volume does not have any snapshot.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ebs_volume_snapshot_exists

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ebs_volume_snapshot_exists --share

SQL

This control uses a named query:

with volume_with_snapshots as (
  select
    volume_id,
    count(*) as snap_count
  from
    aws_ebs_snapshot
  group by
    volume_id
)
select
  v.arn as resource,
  case
    when s.volume_id is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when s.volume_id is not null then v.title || ' has ' || s.snap_count || ' snapshot(s).'
    else v.title || ' does not have snapshot.'
  end as reason
  
  , region, account_id
from
  aws_ebs_volume as v
  left join volume_with_snapshots as s on s.volume_id = v.volume_id;

Tags

category = Compliance
plugin = aws
service = AWS/EBS