Control: SSM parameters encryption should be enabled
Description
This control checks if SSM parameter has encryption enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ssm_parameter_encryption_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ssm_parameter_encryption_enabled --shareSQL
This control uses a named query:
select arn as resource, case when type = 'SecureString' then 'ok' else 'alarm' end as status, case when type = 'SecureString' then title || ' encryption enabled.' else title || ' encryption disabled.' end as reason , region, account_idfrom aws_ssm_parameter;