turbot/steampipe-mod-terraform-aws-compliance

Control: EMR cluster security configurations should have local disk encryption enabled

Description

This control checks whether EMR cluster security configurations have local disk encryption enabled.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.emr_cluster_security_configuration_local_disk_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.emr_cluster_security_configuration_local_disk_encryption_enabled --share

SQL

This control uses a named query:

select
address as resource,
case
when (
(attributes_std ->> 'configuration') :: jsonb -> 'EncryptionConfiguration' ->> 'EnableAtRestEncryption'
) :: bool
and (
(attributes_std ->> 'configuration') :: jsonb -> 'EncryptionConfiguration' -> 'AtRestEncryptionConfiguration' ->> 'LocalDiskEncryptionConfiguration'
) is not null then 'ok'
else 'alarm'
end as status,
split_part(address, '.', 2) || case
when (
(attributes_std ->> 'configuration') :: jsonb -> 'EncryptionConfiguration' ->> 'EnableAtRestEncryption'
) :: bool
and (
(attributes_std ->> 'configuration') :: jsonb -> 'EncryptionConfiguration' -> 'AtRestEncryptionConfiguration' ->> 'LocalDiskEncryptionConfiguration'
) is not null then ' local disk encryption enabled'
else ' local disk encryption disabled'
end || '.' as reason,
path || ':' || start_line
from
terraform_resource
where
type = 'aws_emr_security_configuration';

Tags