Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Control: 3.1 Ensure CloudTrail is enabled in all regions Closes #408 #479

Merged
merged 10 commits into from
Aug 12, 2022
Merged

Fix Control: 3.1 Ensure CloudTrail is enabled in all regions Closes #408 #479

merged 10 commits into from
Aug 12, 2022

Conversation

karanpopat
Copy link
Contributor

@karanpopat karanpopat commented Jul 28, 2022
edited by rajlearner17
Loading

@rajlearner17 rajlearner17 linked an issue Jul 28, 2022 that may be closed by this pull request
CIS v1.4.0 - Control: 3.1 Ensure CloudTrail is enabled in all regions #408
Closed
@rajlearner17
Copy link
Contributor

@karanpopat we will discuss, I guess this can be the change to report per account

with event_selectors_trail_details as (
  select
    distinct account_id
  from
    aws_cloudtrail_trail,
    jsonb_array_elements(event_selectors) as e
  where
    (is_logging and e ->> 'ReadWriteType' = 'All' and is_multi_region_trail)
),
advanced_event_selectors_trail_details as (
  select
    distinct account_id
  from
    aws_cloudtrail_trail,
    jsonb_array_elements_text(advanced_event_selectors) as a
  where
    (is_multi_region_trail and is_logging and advanced_event_selectors is not null and (not a like '%readOnly%'))
)
select
  -- Required Columns
  a.title as resource,
  case
    when d.account_id is null and ad.account_id is null then 'alarm'
    else 'ok'
  end as status,
    case
    when d.account_id is null and ad.account_id is null then 'cloudtrail disabled.'
    else 'cloudtrail enabled.'
  end as reason,
  -- Additional Dimensions
  a.account_id
from
  aws_account as a
  left join event_selectors_trail_details as d on d.account_id = a.account_id
  left join advanced_event_selectors_trail_details as ad on ad.account_id = a.account_id;

@rajlearner17 rajlearner17 changed the base branch from main to release/v0.44 July 29, 2022 14:45
cbruno10
cbruno10 requested changes Aug 5, 2022
View reviewed changes
Copy link
Contributor

@cbruno10 cbruno10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rajlearner17 I think other instances we separate multiregion to be 2 words, e.g., query/cloudtrail/cloudtrail_multi_region_read_write_enabled.sql, but can you please check if we do that in other query filenames? If so, can you please update the query name to match?

@misraved misraved mentioned this pull request Aug 10, 2022
Closed
1 task
@misraved misraved merged commit a30045c into release/v0.44 Aug 12, 2022
@misraved misraved deleted the issue_408_cloudtrail_fix branch August 12, 2022 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbruno10 cbruno10 cbruno10 approved these changes

@rajlearner17 rajlearner17 Awaiting requested review from rajlearner17

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CIS v1.4.0 - Control: 3.1 Ensure CloudTrail is enabled in all regions
4 participants
@karanpopat @rajlearner17 @cbruno10 @misraved