Control: VPC flow logs should be enabled

Description

The VPC flow logs provide detailed records for information about the IP traffic going to and from network interfaces in your Amazon Virtual Private Cloud (Amazon VPC.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.vpc_flow_logs_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.vpc_flow_logs_enabled --share

SQL

This control uses a named query:

with flow_logs as (
  select
    attributes_std ->> 'vpc_id' as flow_log_vpc_id
  from
    terraform_resource
  where
    type = 'aws_flow_log'
), all_vpc as (
    select
      '\$\{aws_vpc.' || name || '.id}' as vpc_id,
      *
    from
      terraform_resource
    where
      type = 'aws_vpc'
)
select
  a.address as resource,
  case
    when b.flow_log_vpc_id is not null then 'ok'
    else 'alarm'
  end as status,
  split_part(a.address, '.', 2) || case
    when b.flow_log_vpc_id is not null then ' flow logging enabled'
    else ' flow logging disabled'
  end || '.' reason
  
  , path || ':' || start_line
from
  all_vpc as a
  left join flow_logs as b on a.vpc_id = b.flow_log_vpc_id;

Control: VPC flow logs should be enabled

Description

Usage

SQL

Tags