turbot/aws_compliance

Query: ssm_managed_instance_compliance_patch_compliant

Usage

powerpipe query aws_compliance.query.ssm_managed_instance_compliance_patch_compliant

SQL

select
id as resource,
case
when c.status = '' then 'skip'
when c.status = 'COMPLIANT' then 'ok'
else 'alarm'
end as status,
case
when c.status = '' then 'Patch is not applicable for instance ' || i.title || '.'
when c.status = 'COMPLIANT' then c.resource_id || ' patch ' || c.title || ' is compliant.'
else c.resource_id || ' patch ' || c.title || ' is non-compliant.'
end as reason,
c.region,
c.account_id
from
aws_ssm_managed_instance as i,
aws_ssm_managed_instance_compliance as c
where
c.resource_id = i.instance_id
and c.compliance_type = 'Patch';

Controls

The query is being used by the following controls: