turbot/terraform_aws_compliance

Query: glue_security_configuration_encryption_enabled

Usage

powerpipe query terraform_aws_compliance.query.glue_security_configuration_encryption_enabled

Steampipe Tables

SQL

select
address as resource,
case
when (attributes_std -> 'encryption_configuration' -> 'cloudwatch_encryption' ->> 'cloudwatch_encryption_mode') = 'SSE-KMS'
and (attributes_std -> 'encryption_configuration' -> 'cloudwatch_encryption' ->> 'kms_key_arn') is not null
and (attributes_std -> 'encryption_configuration' -> 'job_bookmarks_encryption' ->> 'job_bookmarks_encryption_mode') = 'CSE-KMS'
and (attributes_std -> 'encryption_configuration' -> 'job_bookmarks_encryption' ->> 'kms_key_arn') is not null
and (attributes_std -> 'encryption_configuration' -> 's3_encryption' ->> 's3_encryption_mode') <> 'DISABLED'
and (attributes_std -> 'encryption_configuration' -> 's3_encryption' ->> 'kms_key_arn') is not null then 'ok'
else 'alarm'
end status,
split_part(address, '.', 2) || case
when (attributes_std -> 'encryption_configuration' -> 'cloudwatch_encryption' ->> 'cloudwatch_encryption_mode') = 'SSE-KMS'
and (attributes_std -> 'encryption_configuration' -> 'cloudwatch_encryption' ->> 'kms_key_arn') is not null
and (attributes_std -> 'encryption_configuration' -> 'job_bookmarks_encryption' ->> 'job_bookmarks_encryption_mode') = 'CSE-KMS'
and (attributes_std -> 'encryption_configuration' -> 'job_bookmarks_encryption' ->> 'kms_key_arn') is not null
and (attributes_std -> 'encryption_configuration' -> 's3_encryption' ->> 's3_encryption_mode') <> 'DISABLED'
and (attributes_std -> 'encryption_configuration' -> 's3_encryption' ->> 'kms_key_arn') is not null then ' encryption enabled'
else ' encryption disabled'
end || '.' reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_glue_security_configuration';

Controls

The query is being used by the following controls: