cw_log_group_without_retentiondynamodb_stale_dataebs_volumes_not_using_gp3gp2_ebs_volumeshigh_iops_volumesinactive_ebs_volumesio1_ebs_volumeslarge_ebs_volumeslarge_ec2_instanceslong_running_instanceslow_connections_rds_metricslow_iops_volumeslow_usage_ebs_volumeslow_usage_rds_metricslow_utilization_ec2_instancemonthly_service_cost_changesmultiple_cloudtrail_trailsmultiple_regional_trailsold_ebs_snapshotsold_rds_db_instancesprev_gen_rds_instancess3_bucket_without_lifecyclestale_cw_log_streamunattached_ebs_volumesunattached_eips
Query: multiple_regional_trails
Usage
steampipe query aws_thrifty.query.multiple_regional_trailsPlugins & Tables
SQL
with global_trails as ( select count(*) as total from aws_cloudtrail_trail where is_multi_region_trail ), org_trails as ( select count(*) as total from aws_cloudtrail_trail where is_organization_trail ), regional_trails as ( select region, count(*) as total from aws_cloudtrail_trail where not is_multi_region_trail and not is_organization_trail group by region )select arn as resource, case when global_trails.total > 0 then 'alarm' when org_trails.total > 0 then 'alarm' when regional_trails.total > 1 then 'alarm' else 'ok' end as status, case when global_trails.total > 0 then name || ' is redundant to a global trail.' when org_trails.total > 0 then name || ' is redundant to a organizational trail.' when regional_trails.total > 1 then name || ' is one of ' || regional_trails.total || ' trails in ' || t.region || '.' else name || ' is the only global trail.' end as reason, t.region, account_idfrom aws_cloudtrail_trail t, global_trails, org_trails, regional_trailswhere regional_trails.region = t.region and not is_multi_region_trail and not is_organization_trail