Control: Turbot > User Login History
Description
Check User Login activity in customer workspaces
Usage
Run the control in your terminal:
powerpipe control run guardrails_insights.control.guardrails_workspace_user_activity
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run guardrails_insights.control.guardrails_workspace_user_activity --share
SQL
This control uses a named query:
select g.workspace, g.workspace as resource, case when count( case when (n.notifications ->> 'email') not like '%@turbot.com' then 1 else null end ) = 0 then 'alarm' else 'ok' end as status, case when count( case when (n.notifications ->> 'email') not like '%@turbot.com' then 1 else null end ) = 0 then 'Workspace is Inactive. No User Login for 30 Days.' else 'Workspace is Active.' end as reasonfrom guardrails_query gleft join lateral jsonb_array_elements(g.output -> 'notifications' -> 'items') as n(notifications) ON TRUEwhere g.query = '{ notifications: resources( filter: "resourceTypeId:tmod:@turbot/turbot-iam#/resource/types/profile,tmod:@turbot/turbot-iam#/resource/types/groupProfile,tmod:@turbot/aws-iam#/resource/types/instanceProfile $.lastLoginTimestamp:>=T-30d" ) { items { email: get(path:"email") lastLoginTimestamp: get(path: "lastLoginTimestamp") trunk { title } turbot { akas } } } }'group by g.workspace;