You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: compliance/controls/aws/aws_cis_v120_1_20.yaml
+16-10Lines changed: 16 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,7 @@
1
-
Description: AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.
2
1
ID: aws_cis_v120_1_20
2
+
3
+
Title: 1.20 Ensure a support role has been created to manage incidents with AWS Support
4
+
Description: AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.
3
5
IntegrationType:
4
6
- aws_cloud_account
5
7
Query:
@@ -13,9 +15,11 @@ Query:
13
15
WITH support_role_count AS (
14
16
SELECT
15
17
'arn:' || a.partition || ':::' || a.account_id AS resource,
16
-
COUNT(policy_arn),
18
+
COUNT(policy_arn) AS count,
17
19
a.account_id,
18
-
a._ctx
20
+
a._ctx,
21
+
a.platform_account_id,
22
+
a.platform_resource_id
19
23
FROM
20
24
aws_account AS a
21
25
LEFT JOIN aws_iam_role AS r
@@ -28,23 +32,25 @@ Query:
28
32
GROUP BY
29
33
a.account_id,
30
34
a.partition,
31
-
a._ctx
35
+
a._ctx,
36
+
a.platform_account_id,
37
+
a.platform_resource_id
32
38
)
33
39
SELECT
34
40
resource,
35
-
a.platform_account_id AS platform_account_id,
36
-
a.platform_resource_id AS platform_resource_id,
41
+
platform_account_id,
42
+
platform_resource_id,
37
43
CASE
38
-
WHEN COUNT > 0 THEN 'ok'
44
+
WHEN count > 0 THEN 'ok'
39
45
ELSE 'alarm'
40
46
END AS status,
41
47
CASE
42
-
WHEN COUNT = 1 THEN 'AWSSupportAccess policy attached to 1 role.'
43
-
WHEN COUNT > 1 THEN 'AWSSupportAccess policy attached to ' || COUNT || ' roles.'
48
+
WHEN count = 1 THEN 'AWSSupportAccess policy attached to 1 role.'
49
+
WHEN count > 1 THEN 'AWSSupportAccess policy attached to ' || count || ' roles.'
44
50
ELSE 'AWSSupportAccess policy not attached to any role.'
45
51
END AS reason
46
52
FROM
47
53
support_role_count;
48
54
Severity: low
49
55
Tags: {}
50
-
Title: 1.20 Ensure a support role has been created to manage incidents with AWS Support
0 commit comments