Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub
Loading controls...

Control: EMR public access should be blocked at account level

Description

The block public access feature prevents a cluster in a public subnet from launching when any security group associated with the cluster has a rule that allows inbound traffic from IPv4 0.0.0.0/0 or IPv6 ::/0 (public access) on a port, unless the port has been specified as an exception - port 22 is an exception by default. This feature is enabled by default for each AWS Region in your AWS account and is not recommended to be turned off.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.emr_account_public_access_blocked

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.emr_account_public_access_blocked --share

SQL

This control uses a named query:

emr_account_public_access_blocked

Tags

category = Compliance
plugin = aws
service = AWS/EMR