🚀Launch Week 04, May 13th - 17th, 2024!🚀
Powerpipe Hub 
Hub
Mods
turbot/terraform_aws_compliance
Overview
69Dashboards
357Controls
357Queries
2Variables
GitHub

Query: s3_bucket_default_encryption_enabled

Usage

powerpipe query terraform_aws_compliance.query.s3_bucket_default_encryption_enabled

Steampipe Tables

terraform_resource
Terraform plugin

SQL

select
  address as resource,
  case
    when coalesce(
      trim(
        attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'
      ),
      ''
    ) = '' then 'alarm'
    when coalesce(
      trim(
        attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'
      ),
      ''
    ) not in ('aws:kms', 'AES256') then 'alarm'
    else 'ok'
  end as status,
  split_part(address, '.', 2) || case
    when coalesce(
      trim(
        attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'
      ),
      ''
    ) = '' then ' ''sse_algorithm'' is not defined'
    when trim(
      attributes_std -> 'server_side_encryption_configuration' -> 'rule' -> 'apply_server_side_encryption_by_default' ->> 'sse_algorithm'
    ) in ('aws:kms', 'AES256') then ' default encryption enabled'
    else ' default encryption disabled'
  end || '.' as reason,
  path || ':' || start_line
from
  terraform_resource
where
  type = 'aws_s3_bucket';

Controls

The query is being used by the following controls: