turbot/steampipe-mod-aws-compliance

Control: 2 Active MQ brokers should stream audit logs to CloudWatch

Description

This control checks whether an Amazon MQ ActiveMQ broker streams audit logs to Amazon CloudWatch Logs. The control fails if the broker doesn't stream audit logs to CloudWatch Logs.

By publishing ActiveMQ broker logs to CloudWatch Logs, you can create CloudWatch alarms and metrics that increase the visibility of security-related information.

Remediation

To stream ActiveMQ broker logs to CloudWatch Logs, see Configuring Amazon MQ for ActiveMQ logs in the Amazon MQ Developer Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_mq_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_mq_2 --share

SQL

This control uses a named query:

select
arn as resource,
case
when (logs -> 'Audit')::bool then 'ok'
else 'alarm'
end as status,
case
when (logs -> 'Audit')::bool then title || ' audit log enabled.'
else title || ' audit log disabled.'
end as reason
, region, account_id
from
aws_mq_broker;

Tags