Control: Ensure EC2 instances do not use default VPC
Description
One of the best practices when using EC2s in AWS is not to deploy any resources to the default VPC.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.ec2_instance_not_use_default_vpcSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.ec2_instance_not_use_default_vpc --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'subnet_id') is null then 'skip' when split_part((attributes_std ->> 'subnet_id'), '.', 2) in (select name from terraform_resource where type = 'aws_subnet' and (attributes_std ->> 'vpc_id') like '%default%') then 'alarm' else 'ok' end as status, split_part(address, '.', 2) || case when (attributes_std -> 'subnet_id') is null then ' does not have a subnet id defined' when split_part((attributes_std ->> 'subnet_id'), '.', 2) in (select name from terraform_resource where type = 'aws_subnet' and (attributes_std ->> 'vpc_id') like '%default%') then ' deployed to a default VPC' else ' not deployed to a default VPC' end || '.' as reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_instance';