turbot/terraform_aws_compliance

Query: s3_bucket_default_encryption_enabled_kms

Usage

powerpipe query terraform_aws_compliance.query.s3_bucket_default_encryption_enabled_kms

Steampipe Tables

SQL

select
address as resource,
case
when coalesce(trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'), '') <> 'aws:kms'
then 'alarm'
else 'ok'
end as status,
split_part(address, '.', 2) || case
when coalesce(trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'), '') = '' then ' ''sse_algorithm'' is not defined'
when trim(attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm') = 'aws:kms' then ' default encryption with KMS enabled'
else ' default encryption with KMS disabled'
end || '.' as reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_s3_bucket';

Controls

The query is being used by the following controls: