Control: Ensure IAM instance roles are used for AWS resource access from instances

Description

AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access. "AWS Access" means accessing the APIs of AWS in order to access AWS resources or manage AWS account resources.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_instance_using_iam_instance_role

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_instance_using_iam_instance_role --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when iam_instance_profile_arn is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when iam_instance_profile_arn is not null then title || ' uses IAM role for access.'
    else title || ' does not use IAM role for access.'
  end as reason
  
  , region, account_id
from
  aws_ec2_instance;

Control: Ensure IAM instance roles are used for AWS resource access from instances

Description

Usage

SQL

Tags