turbot/aws_compliance

Query: networkfirewall_stateless_rule_group_not_empty

Usage

powerpipe query aws_compliance.query.networkfirewall_stateless_rule_group_not_empty

SQL

select
arn as resource,
case
when type = 'STATEFUL' then 'skip'
when jsonb_array_length(
rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules'
) > 0 then 'ok'
else 'alarm'
end as status,
case
when type = 'STATEFUL' then title || ' is a stateful rule group.'
else title || ' has ' || jsonb_array_length(
rules_source -> 'StatelessRulesAndCustomActions' -> 'StatelessRules'
) || ' rule(s).'
end as reason,
region,
account_id
from
aws_networkfirewall_rule_group;

Controls

The query is being used by the following controls: