Control: MSK clusters should have public access disabled

powerpipe control run aws_compliance.control.msk_cluster_not_publicly_accessible

powerpipe login
powerpipe control run aws_compliance.control.msk_cluster_not_publicly_accessible --share

select
  arn as resource,
  case
    when provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo' -> 'PublicAccess' ->> 'Type' = 'DISABLED' then 'ok'
    else 'alarm'
  end as status,
  case
    when provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo' -> 'PublicAccess' ->> 'Type' = 'DISABLED' then title || ' restricts public access.'
    else title || ' allows public access.'
  end as reason
  
  , region, account_id
from
  aws_msk_cluster;