Control: Logging of delivery status should be enabled for notification messages sent to a topic
Description
This control checks whether logging is enabled for the delivery status of notification messages sent to an AWS SNS topic for the endpoints. This control fails if the delivery status notification for messages is not enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.sns_topic_notification_delivery_status_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.sns_topic_notification_delivery_status_enabled --shareSQL
This control uses a named query:
select topic_arn as resource, case when application_failure_feedback_role_arn is null and firehose_failure_feedback_role_arn is null and http_failure_feedback_role_arn is null and lambda_failure_feedback_role_arn is null and sqs_failure_feedback_role_arn is null then 'alarm' else 'ok' end as status, case when application_failure_feedback_role_arn is null and firehose_failure_feedback_role_arn is null and http_failure_feedback_role_arn is null and lambda_failure_feedback_role_arn is null and sqs_failure_feedback_role_arn is null then title || ' has delivery status logging for notification messages disabled.' else title || ' has delivery status logging for notification messages enabled.' end as reason , region, account_idfrom aws_sns_topic;