🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: VPCs should exist in multiple regions

Description

This control checks whether there are VPCs present in multiple regions.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.vpc_in_more_than_one_region

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.vpc_in_more_than_one_region --share

SQL

This control uses a named query:

with vpc_region_list as (
  select
    distinct region, account_id
  from
    aws_vpc
), vpc_count_in_account as (
    select
    count(*) as num,
    account_id
  from
    vpc_region_list
    group by account_id
)
select
  arn as resource,
  case
    when v.num > 1 then 'ok'
    when v.num = 1 then 'alarm'
    else 'alarm'
  end as status,
  case
    when v.num > 1 then 'VPCs exist in ' || v.num || ' regions.'
    when v.num = 1 then 'VPCs exist only in one region.'
    else 'VPC does not exist.'
  end as reason
  , a.region, a.account_id
from
  aws_account as a
  left join vpc_count_in_account as v on v.account_id = a.account_id;

Tags

category = Compliance
plugin = aws
service = AWS/VPC