Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: EC2 instances should not use multiple ENIs

Description

This control checks whether an EC2 instance uses multiple Elastic Network Interfaces (ENIs) or Elastic Fabric Adapters (EFAs). This control passes if a single network adapter is used. The control includes an optional parameter list to identify the allowed ENIs.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_instance_not_use_multiple_enis

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_instance_not_use_multiple_enis --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when jsonb_array_length(network_interfaces) = 1 then 'ok'
    else 'alarm'
  end status,
  title || ' has ' || jsonb_array_length(network_interfaces) || ' ENI(s) attached.'
  as reason
  
  , region, account_id
from
  aws_ec2_instance;

Tags

category = Compliance
nist_csf = true
plugin = aws
service = AWS/EC2