Control: VPCs should only be peered with trusted accounts

Description

This control checks if VPCs are only peered with trusted accounts.

Usage

Run the control in your terminal:

powerpipe control run aws_perimeter.control.vpc_peering_connection_cross_account_shared

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_perimeter.control.vpc_peering_connection_cross_account_shared --share

Steampipe Tables

aws_vpc_peering_connection

Params

Args	Name	Default	Description	Variable
$1	trusted_accounts	`["123456781234","123456781200"]`	A list of trusted accounts.	trusted_accounts

SQL

select
  id as resource,
  case
    when accepter_owner_id = requester_owner_id
    or accepter_owner_id = any (($1) :: text [ ]) then 'ok'
    else 'info'
  end status,
  case
    when accepter_owner_id = requester_owner_id
    or accepter_owner_id = any (($1) :: text [ ]) then title || ' is peered with a trust account.'
    else title || ' is peered with untrusted account ' || accepter_owner_id || '.'
  end reason,
  region,
  account_id
from
  aws_vpc_peering_connection;

Control: VPCs should only be peered with trusted accounts

Description

Usage

Steampipe Tables

Params

SQL

Tags