Remediate AWS CIS v3.0 and v4.0 with Flowpipe's interactive wizard →
Flowpipe Hub 
Hub
sample
turbot/flowpipe-samples/aws-s3-bucket-versioning-enforcement
Overview
2
Pipelines
1
Triggers
5
VariablesGitHub

AWS S3 Bucket Versioning Enforcement

Watches for S3 buckets without versioning enabled and notifies through email asking for approval to enable versioning or delete the bucket.

Installation

Download and install Flowpipe (https://flowpipe.io/downloads). Or use Brew:

brew tap turbot/tap
brew install flowpipe

Clone:

git clone https://github.com/turbot/flowpipe-samples.git
cd public_cloud/aws_s3_bucket_versioning_enforcement

Install mod dependencies:

flowpipe mod install

Connections

It is recommended to create a connection_import resource to import your AWS connections:

vi ~/.flowpipe/config/aws.fpc
connection_import "aws" {
  source      = "~/.steampipe/config/aws.spc"
  connections = ["*"]
}

For more information on importing connections, please see Connection Import.

Configuration

Create a notifier resource, which will be used to route inputs and other messages.

For instance:

vi ~/.flowpipe/config/integrations.fpc
integration "email" "my_email" {
  from          = "user@company.com"
  to            = ["user@company.com"]
  smtp_tls      = "required"
  smtps_port    = 587
  smtp_host     = "smtp.mydomain.com"
  smtp_username = "my_user@mydomain.com"
  smtp_password = env("FLOWPIPE_EMAIL_APP_PW")
}


notifier "my_email" {
  notify {
    integration = integration.email.my_email
  }
}

For more examples of integrations and notifiers, please see:

Then set the variable values:

cp flowpipe.fpvars.example flowpipe.fpvars
vi flowpipe.fpvars
# AWS Region
aws_region = "us-east-1"


# Set the AWS connections profile to use
# aws_conn = "default"


# Steampipe database connection string
# Defaults to local Steampipe database
# You can also set a search path as part of this connection string
# database = "postgresql://steampipe@localhost:9193/steampipe?options=-c%20search_path%3Dput,search,path,here"


# Set the notifier to use for inputs and messages
# Defaults to the "default" notifier
notifier = "my_email"


# Set the schedule for the mod to run
# schedule = "daily"

Usage

Start the Steampipe service:

steampipe service start

Note: Please remember to set search_path or search_path_prefix in your Steampipe workspace options to ensure the right connections are queried.

Run the mod with the Flowpipe server:

flowpipe server --verbose