turbot/steampipe-mod-aws-compliance

Query: ec2_spot_fleet_request_with_launch_parameter_ebs_encryption_enabled

Usage

powerpipe query aws_compliance.query.ec2_spot_fleet_request_with_launch_parameter_ebs_encryption_enabled

SQL

select
spot_fleet_request_id as resource,
case
when launch_specifications is null then 'skip'
when exists (
select 1
from jsonb_array_elements(launch_specifications) spec,
jsonb_array_elements(spec -> 'BlockDeviceMappings') bdm
where (bdm -> 'Ebs' ->> 'Encrypted')::boolean = false
or bdm -> 'Ebs' ->> 'Encrypted' is null
) then 'alarm'
else 'ok'
end as status,
case
when launch_specifications is null then title || ' does not define any launch specifications.'
when exists (
select 1
from jsonb_array_elements(launch_specifications) spec,
jsonb_array_elements(spec -> 'BlockDeviceMappings') bdm
where (bdm -> 'Ebs' ->> 'Encrypted')::boolean = false
or bdm -> 'Ebs' ->> 'Encrypted' is null
)
then title || ' has launch parameters with unencrypted EBS volumes.'
else title || ' has all launch parameters with encrypted EBS volumes.'
end as reason
, region, account_id
from
aws_ec2_spot_fleet_request;

Controls

The query is being used by the following controls: