🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-terraform-aws-compliance
Overview
69Dashboards
357Benchmarks
357Queries
2Variables
GitHub

Control: VPC EIPs should be associated with an EC2 instance or ENI

Description

This rule ensures Elastic IPs allocated to an Amazon Virtual Private Cloud (Amazon VPC) are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances or in-use Elastic Network Interfaces.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.vpc_eip_associated

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.vpc_eip_associated --share

SQL

This control uses a named query:

select
  address as resource,
  case
    when (attributes_std -> 'vpc') is null then 'skip'
    when (attributes_std -> 'instance') is not null or (attributes_std -> 'network_interface') is not null then 'ok'
    else 'alarm'
  end status,
  split_part(address, '.', 2) || case
    when (attributes_std -> 'vpc') is null then ' not associated with VPC'
    when (attributes_std -> 'instance') is not null or (attributes_std -> 'network_interface') is not null then ' associated with an instance or network interface'
    else ' not associated with an instance or network interface'
  end || '.' as reason
  , path || ':' || start_line
from
  terraform_resource
where
  type = 'aws_eip';

Tags

category = Compliance
nist_csf = true
pci = true
plugin = terraform
service = AWS/VPC