Control: EC2 Client VPN endpoints should have client connection logging enabled
Description
This control checks whether an AWS Client VPN endpoint has client connection logging enabled. The control fails if the endpoint doesn't have client connection logging enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ec2_client_vpn_endpoint_client_connection_logging_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ec2_client_vpn_endpoint_client_connection_logging_enabled --shareSQL
This control uses a named query:
select client_vpn_endpoint_id as resource, case when (connection_log_options ->> 'Enabled')::bool then 'ok' else 'alarm' end as status, case when (connection_log_options ->> 'Enabled')::bool then title || ' client connection logging enabled.' else title || ' client connection logging disabled.' end as reason , region, account_idfrom aws_ec2_client_vpn_endpoint;