Control: WAF regional web ACLs should have rules with actions
Description
Ensure WAF regional web ACLs have all have rules actions defined.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.waf_regional_web_acl_rule_with_actionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.waf_regional_web_acl_rule_with_action --shareSQL
This control uses a named query:
with rules_without_action as ( select address as name from terraform_resource, jsonb_array_elements( case jsonb_typeof(attributes_std -> 'rule') when 'array' then (attributes_std -> 'rule') else null end ) as r where ( r -> 'action' is null or (r -> 'action' = '{}')) and type = 'aws_wafregional_web_acl')select r.address as resource, case when (jsonb_typeof(attributes_std -> 'rule') = 'array') and a.name is null then 'ok' when (jsonb_typeof(attributes_std -> 'rule') = 'array') and a.name is not null then 'alarm' when ((attributes_std -> 'rule' ->> 'action') is not null) then 'ok' else 'alarm' end as status, split_part(r.address, '.', 2) || case when (jsonb_typeof(attributes_std -> 'rule') = 'array') and a.name is null then ' has all rules with action attached' when (jsonb_typeof(attributes_std -> 'rule') = 'array') and a.name is not null then ' has rules with no action attached' when ((attributes_std -> 'rule' ->> 'action') is not null) then ' has rule with action attached' else ' has rules with no action attached' end || '.' reason , path || ':' || start_linefrom terraform_resource as r left join rules_without_action as a on a.name = r.addresswhere r.type = 'aws_wafregional_web_acl';