turbot/steampipe-mod-aws-compliance

Query: efs_mount_target_not_publicly_accessible

Usage

powerpipe query aws_compliance.query.efs_mount_target_not_publicly_accessible

SQL

select
mt.mount_target_id as resource,
case
when s.map_public_ip_on_launch then 'alarm'
else 'ok'
end as status,
case
when s.map_public_ip_on_launch then mt.file_system_id || ' mount target ' || mt.mount_target_id || ' is in subnet ' || s.subnet_id || ' that assigns public IPs on launch.'
else mt.file_system_id || ' mount target ' || mt.mount_target_id || ' is in subnet ' || s.subnet_id || ' that does not assign public IPs on launch.'
end as reason
, mt.region, mt.account_id
from
aws_efs_mount_target mt
join aws_vpc_subnet s on mt.subnet_id = s.subnet_id;

Controls

The query is being used by the following controls: