turbot/terraform_aws_compliance

Query: s3_public_access_block_account

Usage

powerpipe query terraform_aws_compliance.query.s3_public_access_block_account

Steampipe Tables

SQL

select
address as resource,
case
when
(attributes_std ->> 'block_public_acls')::boolean
and (attributes_std ->> 'block_public_policy')::boolean
and (attributes_std ->> 'ignore_public_acls')::boolean
and (attributes_std ->> 'restrict_public_buckets')::boolean
then 'ok'
else 'alarm'
end as status,
case
when
attributes_std -> 'block_public_acls' is null
or attributes_std -> 'block_public_policy' is null
or attributes_std -> 'ignore_public_acls' is null
or attributes_std -> 'restrict_public_buckets' is null
then concat_ws(', ',
case when attributes_std -> 'block_public_acls' is null then 'block_public_acls' end,
case when attributes_std -> 'block_public_policy' is null then 'block_public_policy' end,
case when attributes_std -> 'ignore_public_acls' is null then 'ignore_public_acls' end,
case when attributes_std -> 'restrict_public_buckets' is null then 'restrict_public_buckets' end
) || ' not defined'
when
(attributes_std ->> 'block_public_acls')::boolean
and (attributes_std ->> 'block_public_policy')::boolean
and (attributes_std ->> 'ignore_public_acls')::boolean
and (attributes_std ->> 'restrict_public_buckets')::boolean
then 'Account level public access blocks enabled'
else 'Account level public access not enabled for: ' ||
concat_ws(', ',
case when not ((attributes_std ->> 'block_public_acls')::boolean) then 'block_public_acls' end,
case when not ((attributes_std ->> 'block_public_policy')::boolean) then 'block_public_policy' end,
case when not ((attributes_std ->> 'ignore_public_acls')::boolean ) then 'ignore_public_acls' end,
case when not ((attributes_std ->> 'restrict_public_buckets')::boolean) then 'restrict_public_buckets' end
)
end || '.' as reason
, path || ':' || start_line
from
terraform_resource
where
type = 'aws_s3_account_public_access_block';

Controls

The query is being used by the following controls: