Control: Ensure IAM instance roles are used for AWS resource access from instances
Description
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. "AWS Access" means accessing the APIs of AWS in order to access AWS resources or manage AWS account resources.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.ec2_instance_using_iam_instance_role
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.ec2_instance_using_iam_instance_role --share
SQL
This control uses a named query:
select arn as resource, case when iam_instance_profile_arn is not null then 'ok' else 'alarm' end as status, case when iam_instance_profile_arn is not null then title || ' uses IAM role for access.' else title || ' does not use IAM role for access.' end as reason , region, account_idfrom aws_ec2_instance;