Query: ec2_launch_template_ebs_volume_encrypted

select
  launch_template_id as resource,
  case
    when launch_template_data -> 'BlockDeviceMappings' is null or launch_template_data -> 'BlockDeviceMappings' = 'null' then 'skip'
    when jsonb_typeof(launch_template_data -> 'BlockDeviceMappings') <> 'array' then 'skip'
    when exists (
      select 1
      from jsonb_array_elements(launch_template_data -> 'BlockDeviceMappings') bdm
      where bdm -> 'Ebs' is not null
        and (
          (bdm -> 'Ebs' ->> 'Encrypted')::boolean = false
          or bdm -> 'Ebs' ->> 'Encrypted' is null
        )
    ) then 'alarm'
    else 'ok'
  end as status,
  case
    when launch_template_data -> 'BlockDeviceMappings' is null or launch_template_data -> 'BlockDeviceMappings' = 'null' then title || ' does not define any block device mappings.'
    when jsonb_typeof(launch_template_data -> 'BlockDeviceMappings') <> 'array' then title || ' block device mappings is not an array.'
    when exists (
      select 1
      from jsonb_array_elements(launch_template_data -> 'BlockDeviceMappings') bdm
      where bdm -> 'Ebs' is not null
        and (
          (bdm -> 'Ebs' ->> 'Encrypted')::boolean = false
          or bdm -> 'Ebs' ->> 'Encrypted' is null
        )
    ) then title || ' has unencrypted EBS volumes.'
    else title || ' has all EBS volumes encrypted.'
  end as reason
  , region, account_id
from
  aws_ec2_launch_template_version
where
  default_version;