Control: EC2 transit gateways should have auto accept shared attachments disabled
Description
Ensure transit gateways have auto accept shared attachments feature disabled. If this setting is disabled, then any VPC that attempts to attach to a transit gateway will need to request authorization, and the account that owns the transit gateway will need to accept the authorization.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ec2_transit_gateway_auto_cross_account_attachment_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ec2_transit_gateway_auto_cross_account_attachment_disabled --shareSQL
This control uses a named query:
select transit_gateway_arn as resource, case when auto_accept_shared_attachments = 'enable' then 'alarm' else 'ok' end as status, case when auto_accept_shared_attachments = 'enable' then title || ' automatic shared account attachment enabled.' else title || ' automatic shared account attachment disabled.' end as reason , region, account_idfrom aws_ec2_transit_gateway;