Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1598Benchmarks
674Queries
9Variables
GitHub

Control: VPCs should be configured with an interface endpoint for Systems Manager Incident Manager

Description

This control checks whether a virtual private cloud (VPC) that you manage has an interface VPC endpoint for AWS Systems Manager Incident Manager. The control fails if the VPC doesn't have an interface VPC endpoint for Systems Manager Incident Manager. This control evaluates resources in a single account.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.vpc_configured_to_use_interface_endpoint_for_ssm_incidents

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.vpc_configured_to_use_interface_endpoint_for_ssm_incidents --share

SQL

This control uses a named query:

with vpc_endpoints as (
  select distinct
    vpc_id
  from
    aws_vpc_endpoint
  where
    service_name  like 'com.amazonaws.' || region || '.ssm-incidents'
)
select
  v.arn as resource,
  case
    when e.vpc_id is null then 'alarm'
    else 'ok'
  end as status,
  case
    when e.vpc_id is null then v.title || ' not configured to use interface endpoint for SSM incidents.'
    else v.title || ' configured to use interface endpoint for SSM incidents.'
  end as reason
  
  , region, account_id
from
  aws_vpc v left join vpc_endpoints e using (vpc_id);

Tags

category = Compliance
plugin = aws
service = AWS/VPC