Query: IAM Access analyzer should be enabled without findings

Description

This control checks whether the IAM Access analyzer is enabled without findings. If you grant permissions to an S3 bucket in one of your organization member accounts to a principal in another organization member account, IAM Access Analyzer does not generate a finding. But if you grant permission to a principal in an account that is not a member of the organization, IAM Access Analyzer generates a finding.

Query

Tables used in this query:

• aws_accessanalyzer_analyzer
• aws_accessanalyzer_finding
• aws_region

Controls using this query:

• IAM Access analyzer should be enabled without findings

SQL