Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub

Query: s3_bucket_not_accessible_to_all_authenticated_user

Usage

powerpipe query aws_compliance.query.s3_bucket_not_accessible_to_all_authenticated_user

Steampipe Tables

aws_s3_bucket
Amazon Web Services plugin

SQL

with public_acl as (
  select
    distinct name
  from
    aws_s3_bucket,
    jsonb_array_elements(acl -> 'Grants') as grants
  where
    grants -> 'Grantee' ->> 'URI' = 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'
)
select
  b.arn as resource,
  case
    when p.name is null then 'ok'
    else 'alarm'
  end status,
  case
    when p.name is null then b.title || ' not accessible to all authenticated user.'
    else b.title || ' accessible to all authenticated user.'
  end as reason,
  b.region,
  b.account_id
from
  aws_s3_bucket as b
  left join public_acl as p on b.name = p.name;

Controls

The query is being used by the following controls: