turbot/aws_compliance

Query: ssm_document_prohibit_public_access

Usage

powerpipe query aws_compliance.query.ssm_document_prohibit_public_access

Steampipe Tables

SQL

select
'arn:' || partition || ':ssm:' || region || ':' || account_id || ':document/' || name as resource,
case
when account_ids :: jsonb ? 'all' then 'alarm'
else 'ok'
end as status,
case
when account_ids :: jsonb ? 'all' then title || ' publicly accesible.'
else title || ' not publicly accesible.'
end as reason,
region,
account_id
from
aws_ssm_document
where
owner_type = 'Self';

Controls

The query is being used by the following controls: