Control: EMR cluster security configurations should use SSE-KMS
Description
This control checks whether EMR cluster security configurations use SSE-KMS.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.emr_cluster_security_configuration_encryption_uses_sse_kmsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.emr_cluster_security_configuration_encryption_uses_sse_kms --shareSQL
This control uses a named query:
select address as resource, case when ((attributes_std ->> 'configuration')::jsonb -> 'EncryptionConfiguration' ->> 'EnableAtRestEncryption')::bool and ((attributes_std ->> 'configuration')::jsonb -> 'EncryptionConfiguration' -> 'AtRestEncryptionConfiguration' -> 'S3EncryptionConfiguration' ->> 'EncryptionMode') = 'SSE-KMS' then 'ok' else 'alarm' end as status, split_part(address, '.', 2) || case when ((attributes_std ->> 'configuration')::jsonb -> 'EncryptionConfiguration' ->> 'EnableAtRestEncryption')::bool and ((attributes_std ->> 'configuration')::jsonb -> 'EncryptionConfiguration' -> 'AtRestEncryptionConfiguration' -> 'S3EncryptionConfiguration' ->> 'EncryptionMode') = 'SSE-KMS' then ' encryption uses SSE-KMS' else ' encryption does not use SSE-KMS' end || '.' as reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_emr_security_configuration';