turbot/steampipe-mod-aws-compliance

Query: ssm_automation_cloudwatch_logging_enabled

Usage

powerpipe query aws_compliance.query.ssm_automation_cloudwatch_logging_enabled

Steampipe Tables

SQL

select
arn as resource,
case
when setting_value = 'CloudWatch' then 'ok'
else 'alarm'
end as status,
case
when setting_value = 'CloudWatch' then title || ' CloudWatch logging enabled for region ' || region || '(' || account_id || ').'
else title || ' CloudWatch logging disabled for region ' || region || '(' || account_id || ').'
end as reason
, region, account_id
from
aws_ssm_service_setting
where
setting_id = '/ssm/automation/customer-script-log-destination';

Controls

The query is being used by the following controls: