Control: S3 buckets should have event notifications enabled
Description
This control checks whether S3 Event Notifications are enabled on an AWS S3 bucket. This control fails if S3 Event Notifications are not enabled on a bucket.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.s3_bucket_event_notifications_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.s3_bucket_event_notifications_enabled --shareSQL
This control uses a named query:
select arn as resource, case when event_notification_configuration ->> 'EventBridgeConfiguration' is null and event_notification_configuration ->> 'LambdaFunctionConfigurations' is null and event_notification_configuration ->> 'QueueConfigurations' is null and event_notification_configuration ->> 'TopicConfigurations' is null then 'alarm' else 'ok' end as status, case when event_notification_configuration ->> 'EventBridgeConfiguration' is null and event_notification_configuration ->> 'LambdaFunctionConfigurations' is null and event_notification_configuration ->> 'QueueConfigurations' is null and event_notification_configuration ->> 'TopicConfigurations' is null then title || ' event notifications disabled.' else title || ' event notifications enabled.' end as reason , region, account_idfrom aws_s3_bucket;