Control: EC2 instances should not have a public IP address

powerpipe control run aws_perimeter.control.ec2_instance_not_publicly_accessible

powerpipe login
powerpipe control run aws_perimeter.control.ec2_instance_not_publicly_accessible --share

select
  arn as resource,
  case
    when public_ip_address is null then 'ok'
    else 'alarm'
  end status,
  case
    when public_ip_address is null then instance_id || ' not publicly accessible.'
    else instance_id || ' publicly accessible.'
  end reason,
  region,
  account_id
from
  aws_ec2_instance;