turbot/terraform_aws_compliance

Query: cloudfront_distribution_encryption_in_transit_enabled

Usage

powerpipe query terraform_aws_compliance.query.cloudfront_distribution_encryption_in_transit_enabled

Steampipe Tables

SQL

with cloudfront_distribution as (
select
*
from
terraform_resource
where type = 'aws_cloudfront_distribution'
), data as (
select
distinct address
from
cloudfront_distribution,
jsonb_array_elements(
case jsonb_typeof(attributes_std -> 'ordered_cache_behavior' -> 'Items')
when 'array' then (attributes_std -> 'ordered_cache_behavior' -> 'Items')
else null end
) as cb
where
cb ->> 'ViewerProtocolPolicy' = 'allow-all'
)
select
b.address as resource,
case
when d.address is not null or (attributes_std -> 'default_cache_behavior' ->> 'ViewerProtocolPolicy' = 'allow-all') then 'alarm'
else 'ok'
end status,
split_part(b.address, '.', 2) || case
when d.address is not null or (attributes_std -> 'default_cache_behavior' ->> 'ViewerProtocolPolicy' = 'allow-all') then ' data not encrypted in transit'
else ' data encrypted in transit'
end || '.' reason
, path || ':' || start_line
from
cloudfront_distribution as b
left join data as d on b.address = d.address;

Controls

The query is being used by the following controls: