Query: EC2 VPN connections should have logging enabled

Description

This control checks whether an AWS Site-to-Site VPN connection has Amazon CloudWatch Logs enabled for both tunnels. The control fails if a Site-to-Site VPN connection doesn't have CloudWatch Logs enabled for both tunnels.

Query

Tables used in this query:

• aws_vpc_vpn_connection

Controls using this query:

• 171 EC2 VPN connections should have logging enabled
• EC2 VPN connections should have logging enabled

SQL