Lambda functions should operate in more than one availability zone fa…

…lse positives. Fixes #609 (#610) * Lambda functions should operate in more than one availability zone false positives. Fixes #609
turbot · Apr 18, 2023 · 964aa59 · 964aa59
1 parent e090c83
commit 964aa59
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/conformance_pack/lambda.sp b/conformance_pack/lambda.sp
@@ -129,17 +129,15 @@ query "lambda_function_dead_letter_queue_configured" {
 query "lambda_function_in_vpc" {
   sql = <<-EOQ
     select
-
       arn as resource,
       case
-        when vpc_id is null then 'alarm'
+        when vpc_id is null or vpc_id = '' then 'alarm'
         else 'ok'
       end status,
       case
-        when vpc_id is null then title || ' is not in VPC.'
+        when vpc_id is null or vpc_id = '' then title || ' is not in VPC.'
         else title || ' is in VPC ' || vpc_id || '.'
       end reason
-
       ${local.tag_dimensions_sql}
       ${local.common_dimensions_sql}
     from
@@ -254,13 +252,13 @@ query "lambda_function_cloudtrail_logging_enabled" {
       case
         when (l.arn = c.lambda_arn)
           or (r.lambda_arn = 'arn:aws:lambda' and r.cloudtrail_region = l.region )
-          or a.cloudtrail_region =  l.region then 'ok'
+          or a.cloudtrail_region = l.region then 'ok'
         else 'alarm'
       end as status,
       case
         when (l.arn = c.lambda_arn)
           or (r.lambda_arn = 'arn:aws:s3' and r.cloudtrail_region = l.region )
-          or a.cloudtrail_region =  l.region then l.name || ' logging enabled.'
+          or a.cloudtrail_region = l.region then l.name || ' logging enabled.'
         else l.name || ' logging not enabled.'
       end as reason
       ${local.tag_dimensions_sql}
@@ -320,7 +318,7 @@ query "lambda_function_multiple_az_configured" {
     select
       arn as resource,
       case
-        when vpc_id is null then 'skip'
+        when vpc_id is null or vpc_id = '' then 'skip'
         else case
           when
           (
@@ -336,7 +334,7 @@ query "lambda_function_multiple_az_configured" {
         end
       end as status,
       case
-        when vpc_id is null then title || ' is not in VPC.'
+        when vpc_id is null or vpc_id = '' then title || ' is not in VPC.'
         else title || ' has ' || jsonb_array_length(vpc_subnet_ids) || ' availability zone(s).'
       end as reason
       ${local.tag_dimensions_sql}