turbot/steampipe-mod-aws-compliance

Query: cloudfront_distribution_uses_recommended_tls_security_policy

Usage

powerpipe query aws_compliance.query.cloudfront_distribution_uses_recommended_tls_security_policy

SQL

select
arn as resource,
case
when viewer_certificate is null then 'alarm'
when not (viewer_certificate ->> 'MinimumProtocolVersion' = ANY($1::text[])) then 'alarm'
else 'ok'
end as status,
case
when viewer_certificate is null then title || ' has no MinimumProtocolVersion set.'
when not (viewer_certificate ->> 'MinimumProtocolVersion' = ANY($1::text[])) then title || ' uses non-recommended MinimumProtocolVersion: ' || (viewer_certificate ->> 'MinimumProtocolVersion') || '.'
else title || ' uses recommended MinimumProtocolVersion: ' || (viewer_certificate ->> 'MinimumProtocolVersion') || '.'
end as reason
, region, account_id
from
aws_cloudfront_distribution

Params

ArgsNameDefaultDescriptionVariable
$1cloudfront_distribution_tls_security_policy
["TLSv1.2_2021"]
A list of SSL policies for CloudFront distributions.

Controls

The query is being used by the following controls: