Control: MQ Broker should be encrypted with KMS CMK

Description

This control checks whether the MQ Broker is encrypted with KMS CMK.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.mq_broker_encrypted_with_kms_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.mq_broker_encrypted_with_kms_cmk --share

SQL

This control uses a named query:

select
  address as resource,
  case
    when ((attributes_std -> 'encryption_option' ->> 'use_aws_owned_key')::bool and (attributes_std -> 'encryption_option' ->> 'kms_key_id') is null) then 'alarm'
    else 'ok'
  end as status,
  split_part(address, '.', 2) || case
    when ((attributes_std -> 'encryption_option' ->> 'use_aws_owned_key')::bool and (attributes_std -> 'encryption_option' ->> 'kms_key_id') is null) then ' not encrypted with KMS CMK'
    else ' encrypted with KMS CMK'
  end || '.' as reason
  
  , path || ':' || start_line
from
  terraform_resource
where
  type = 'aws_mq_broker';

Control: MQ Broker should be encrypted with KMS CMK

Description

Usage

SQL

Tags