standard
turbot/aws_compliance

Trigger: Detect & correct regions with IAM Access Analyzer disabled

Detects regions with IAM Access Analyzer disabled and then enable them.

Query

select
concat(r.region, ' [', r.account_id, ']') as title,
r.region,
r.sp_connection_name as conn
from
aws_region as r
left join aws_accessanalyzer_analyzer as aa on r.account_id = aa.account_id
and r.region = aa.region
where
r.opt_in_status <> 'not-opted-in'
and aa.arn is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/IAM