cloudfront_distribution_pricing_classcw_log_group_without_retentiondynamodb_stale_dataebs_volumes_not_using_gp3ec2_application_lb_unusedec2_classic_lb_unusedec2_gateway_lb_unusedec2_network_lb_unusedec2_reserved_instance_lease_expiration_daysecs_cluster_low_utilizationecs_service_without_autoscalingelasticache_long_running_clusteremr_cluster_instance_prev_genemr_cluster_is_idle_30_minutesgp2_ebs_volumeshigh_iops_volumesinactive_ebs_volumesio1_ebs_volumeslambda_function_excessive_timeoutlambda_function_high_error_ratelarge_ebs_volumeslarge_ec2_instanceslong_running_instanceslow_connections_rds_metricslow_iops_volumeslow_usage_ebs_volumeslow_usage_rds_metricslow_utilization_ec2_instancemonthly_service_cost_changesmultiple_cloudtrail_trailsmultiple_regional_trailsold_ebs_snapshotsold_rds_db_instancesprev_gen_rds_instancesredshift_cluster_low_utilizationredshift_cluster_max_ageredshift_cluster_schedule_pause_resume_enableds3_bucket_without_lifecyclestale_cw_log_streamunattached_ebs_volumesunattached_eipsvpc_nat_gateway_unused
Query: multiple_regional_trails
Usage
steampipe query aws_thrifty.query.multiple_regional_trailsPlugins & Tables
SQL
with global_trails as ( select count(*) as total from aws_cloudtrail_trail where is_multi_region_trail ), org_trails as ( select count(*) as total from aws_cloudtrail_trail where is_organization_trail ), regional_trails as ( select region, count(*) as total from aws_cloudtrail_trail where not is_multi_region_trail and not is_organization_trail group by region )select arn as resource, case when global_trails.total > 0 then 'alarm' when org_trails.total > 0 then 'alarm' when regional_trails.total > 1 then 'alarm' else 'ok' end as status, case when global_trails.total > 0 then name || ' is redundant to a global trail.' when org_trails.total > 0 then name || ' is redundant to a organizational trail.' when regional_trails.total > 1 then name || ' is one of ' || regional_trails.total || ' trails in ' || t.region || '.' else name || ' is the only global trail.' end as reason, t.region, account_idfrom aws_cloudtrail_trail t, global_trails, org_trails, regional_trailswhere regional_trails.region = t.region and not is_multi_region_trail and not is_organization_trailControls
The query is being used by the following controls: