turbot/steampipe-mod-aws-compliance

Query: docdb_cluster_encryption_in_transit_enabled

Usage

powerpipe query aws_compliance.query.docdb_cluster_encryption_in_transit_enabled

SQL

with docdb_cluster as materialized (
select
db_cluster_parameter_group,
arn,
account_id,
region,
engine,
tags,
title,
_ctx
from
aws_docdb_cluster
), docdb_pg_tls_settings as (
select
g.name,
p ->> 'ParameterValue'
from
docdb_cluster as c,
aws_rds_db_cluster_parameter_group as g,
jsonb_array_elements(parameters) as p
where
c.db_cluster_parameter_group = g.name
and g.account_id = c.account_id
and g.region = c.region
and p ->> 'ParameterName' = 'tls'
and p ->> 'ParameterValue' in ('disabled', 'enabled')
)
select
c.arn as resource,
c.engine,
case
when p.name is not null then 'alarm'
else 'ok'
end as status,
case
when p.name is not null then title || ' encryption in transit disabled.'
else title || ' encryption in transit enabled.'
end as reason
, region, account_id
from
docdb_cluster as c
left join docdb_pg_tls_settings as p on p.name = c.db_cluster_parameter_group;

Controls

The query is being used by the following controls: