turbot/aws_compliance

Control: 3 EventBridge custom event buses should have a resource-based policy attached

Description

This control checks if an Amazon EventBridge custom event bus has a resource-based policy attached. This control fails if the custom event bus doesn't have a resource-based policy.

By default, an EventBridge custom event bus doesn't have a resource-based policy attached. This allows principals in the account to access the event bus. By attaching a resource-based policy to the event bus, you can limit access to the event bus to specified accounts, as well as intentionally grant access to entities in another account.

Remediation

To attach a resource-based policy to an EventBridge custom event bus, see Managing event bus permissions in the Amazon EventBridge User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_eventbridge_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_eventbridge_3 --share

SQL

This control uses a named query:

eventbridge_custom_bus_resource_based_policy_attached

Tags