Control: MSK clusters should have public access disabled

Description

This control checks whether public access is disabled for an Amazon MSK cluster. The control fails if public access is enabled for the MSK cluster.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.msk_cluster_not_publicly_accessible

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.msk_cluster_not_publicly_accessible --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo' -> 'PublicAccess' ->> 'Type' = 'DISABLED' then 'ok'
    else 'alarm'
  end as status,
  case
    when provisioned -> 'BrokerNodeGroupInfo' -> 'ConnectivityInfo' -> 'PublicAccess' ->> 'Type' = 'DISABLED' then title || ' restricts public access.'
    else title || ' allows public access.'
  end as reason
  
  , region, account_id
from
  aws_msk_cluster;

Control: MSK clusters should have public access disabled

Description

Usage

SQL

Tags