Control: RDS DB snapshots should not be publicly accessible
Description
This control checks whether Relational Database Service snapshots are not publicly accessible.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.rds_db_snapshot_not_publicly_accesibleSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.rds_db_snapshot_not_publicly_accesible --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'shared_accounts') @> '["all"]' then 'alarm' else 'ok' end status, split_part(address, '.', 2) || case when (attributes_std -> 'shared_accounts') @> '["all"]' then ' publicly accessible' else ' not publicly accessible' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'aws_db_snapshot';