turbot/aws_compliance

Query: iam_managed_policy_attached_to_role

Usage

powerpipe query aws_compliance.query.iam_managed_policy_attached_to_role

SQL

with role_attached_policies as (
select
jsonb_array_elements_text(attached_policy_arns) as policy_arn
from
aws_iam_role
)
select
arn as resource,
case
when arn in (
select
policy_arn
from
role_attached_policies
) then 'ok'
else 'alarm'
end as status,
case
when arn in (
select
policy_arn
from
role_attached_policies
) then title || ' attached to IAM role.'
else title || ' not attached to IAM role.'
end as reason,
account_id
from
aws_iam_policy
where
is_aws_managed;

Controls

The query is being used by the following controls: