Control: Config service aggregator should only collect data from trusted accounts

Description

Config service aggregator helps in monitoring compliance data for rules and accounts in the aggregated view. An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from (1) Multiple accounts and multiple regions, (2) Single account and multiple regions, (3) An organization in AWS Organizations and all the accounts in that organization which have AWS Config enabled.

Usage

Run the control in your terminal:

powerpipe control run aws_perimeter.control.config_aggregator_shared_with_trusted_accounts

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_perimeter.control.config_aggregator_shared_with_trusted_accounts --share

Steampipe Tables

aws_config_aggregate_authorization

Params

Args	Name	Default	Description	Variable
$1	trusted_accounts	`["123456781234","123456781200"]`	A list of trusted accounts.	trusted_accounts

SQL

select
  title as resource,
  case
    when authorized_account_id is null
    or authorized_account_id = any (($1) :: text [ ]) then 'ok'
    else 'info'
  end as status,
  case
    when authorized_account_id is null
    or authorized_account_id = any (($1) :: text [ ]) then title || ' shared with trusted account.'
    else title || ' shared with untrusted account ' || authorized_account_id || '.'
  end as reason,
  region,
  account_id
from
  aws_config_aggregate_authorization;

Control: Config service aggregator should only collect data from trusted accounts

Description

Usage

Steampipe Tables

Params

SQL

Tags