turbot/steampipe-mod-terraform-aws-compliance

Control: RDS DB instances should prohibit public access

Description

Manage access to resources in the AWS Cloud by ensuring that Relational Database Service (RDS) instances are not public.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.rds_db_instance_prohibit_public_access

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.rds_db_instance_prohibit_public_access --share

SQL

This control uses a named query:

select
address as resource,
case
when (attributes_std -> 'publicly_accessible') is null then 'ok'
when (attributes_std -> 'publicly_accessible')::boolean then 'alarm'
else 'ok'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'publicly_accessible') is null then ' not publicly accessible'
when (attributes_std -> 'publicly_accessible')::boolean then ' publicly accessible'
else ' not publicly accessible'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_db_instance';

Tags