turbot/steampipe-mod-aws-compliance

Query: s3_multi_region_access_point_public_access_blocked

Usage

powerpipe query aws_compliance.query.s3_multi_region_access_point_public_access_blocked

SQL

select
'arn:' || partition || ':s3::' || account_id || ':accesspoint/' || alias as resource,
case
when (public_access_block -> 'BlockPublicAcls')::bool
and (public_access_block -> 'BlockPublicPolicy')::bool
and (public_access_block -> 'IgnorePublicAcls')::bool
and (public_access_block -> 'RestrictPublicBuckets')::bool
then 'ok'
else 'alarm'
end as status,
case
when (public_access_block -> 'BlockPublicAcls')::bool
and (public_access_block -> 'BlockPublicPolicy')::bool
and (public_access_block -> 'IgnorePublicAcls')::bool
and (public_access_block -> 'RestrictPublicBuckets')::bool
then title || ' block public access settings enabled.'
else title || ' public access settings not enabled for: ' ||
concat_ws(', ',
case when not (public_access_block -> 'BlockPublicAcls')::bool then 'BlockPublicAcls' end,
case when not (public_access_block -> 'BlockPublicPolicy')::bool then 'BlockPublicPolicy' end,
case when not (public_access_block -> 'IgnorePublicAcls')::bool then 'IgnorePublicAcls' end,
case when not (public_access_block -> 'RestrictPublicBuckets')::bool then 'RestrictPublicBuckets' end
) || '.'
end as reason
, account_id
from
aws_s3_multi_region_access_point;

Controls

The query is being used by the following controls: