Control: SSM managed instance associations should be compliant
Description
Use AWS Systems Manager Associations to help with inventory of software platforms and applications within an organization.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ssm_managed_instance_compliance_association_compliantSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ssm_managed_instance_compliance_association_compliant --shareSQL
This control uses a named query:
select id as resource, case when c.status = 'COMPLIANT' then 'ok' else 'alarm' end as status, case when c.status = 'COMPLIANT' then c.resource_id || ' association ' || c.title || ' is compliant.' else c.resource_id || ' association ' || c.title || ' is non-compliant.' end as reason
, c.region, c.account_idfrom aws_ssm_managed_instance as i, aws_ssm_managed_instance_compliance as cwhere c.resource_id = i.instance_id and c.compliance_type = 'Association';