turbot/aws_compliance

Query: cloudtrail_s3_logging_enabled

Usage

powerpipe query aws_compliance.query.cloudtrail_s3_logging_enabled

SQL

select
t.arn as resource,
case
when b.logging is not null then 'ok'
else 'alarm'
end as status,
case
when b.logging is not null then t.title || '''s logging bucket ' || t.s3_bucket_name || ' has access logging enabled.'
else t.title || '''s logging bucket ' || t.s3_bucket_name || ' has access logging disabled.'
end as reason,
t.region,
t.account_id
from
aws_cloudtrail_trail t
inner join aws_s3_bucket b on t.s3_bucket_name = b.name
where
t.region = t.home_region;

Controls

The query is being used by the following controls: