turbot/steampipe-mod-aws-compliance

Control: Kinesis streams should have an adequate data retention period

Description

This control checks whether an Amazon Kinesis data stream has a data retention period greater than or equal to the specified time frame. The control fails if the data retention period is less than the specified time frame. Unless you provide a custom parameter value for the data retention period, Security Hub uses a default value of 168 hours.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours --share

SQL

This control uses a named query:

select
stream_arn as resource,
case
when retention_period_hours = 168 then 'ok'
else 'alarm'
end as status,
title || ' retention period set to ' || retention_period_hours || ' hours.' as reason
, region, account_id
from
aws_kinesis_stream;

Tags