Query: GuardDuty S3 protection should be enabled

Description

This control checks whether GuardDuty S3 protection is enabled. For a standalone account, the control fails if GuardDuty S3 protection is disabled in the account. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts don't have S3 protection enabled.

Query

Tables used in this query:

• aws_guardduty_detector

Controls using this query:

• 10 GuardDuty S3 Protection should be enabled
• GuardDuty S3 protection should be enabled

SQL