turbot/terraform_aws_compliance

Query: s3_bucket_default_encryption_enabled

Usage

powerpipe query terraform_aws_compliance.query.s3_bucket_default_encryption_enabled

Steampipe Tables

SQL

select
address as resource,
case
when coalesce(trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'), '') = '' then 'alarm'
when coalesce(trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'), '') not in ('aws:kms', 'AES256') then 'alarm'
else 'ok'
end as status,
split_part(address, '.', 2) || case
when coalesce(trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'), '') = '' then ' ''sse_algorithm'' is not defined'
when trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm') in ('aws:kms', 'AES256') then ' default encryption enabled'
else ' default encryption disabled'
end || '.' as reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_s3_bucket';

Controls

The query is being used by the following controls: