standard
turbot/aws_compliance

Trigger: Detect & correct VPCs without flow logs

Detect VPCs without flow logs and then skip or create flow logs.

Query

with vpcs as (
select
vpc_id,
region,
account_id,
sp_connection_name as conn
from
aws_vpc
order by
vpc_id
),
vpcs_with_flow_logs as (
select
resource_id,
account_id,
region
from
aws_vpc_flow_log
order by
resource_id
)
select
concat(v.vpc_id, ' [', v.account_id, '/', v.region, ']') as title,
v.vpc_id as vpc_id,
v.region as region,
v.conn as conn
from
vpcs v
left join vpcs_with_flow_logs f on v.vpc_id = f.resource_id
where
f.resource_id is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/VPC