/
sqs_queue_report_encryption.sp
63 lines (50 loc) · 1.26 KB
/
sqs_queue_report_encryption.sp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
dashboard "sqs_queue_encryption_report" {
title = "AWS SQS Queue Encryption Report"
documentation = file("./dashboards/sqs/docs/sqs_queue_report_encryption.md")
tags = merge(local.sqs_common_tags, {
type = "Report"
category = "Encryption"
})
container {
card {
query = query.sqs_queue_count
width = 3
}
card {
query = query.sqs_queue_unencrypted_count
width = 3
}
}
table {
column "Account ID" {
display = "none"
}
column "ARN" {
display = "none"
}
column "Queue" {
href = "${dashboard.sqs_queue_detail.url_path}?input.queue_arn={{.ARN | @uri}}"
}
query = query.sqs_queue_encryption_table
}
}
query "sqs_queue_encryption_table" {
sql = <<-EOQ
select
q.title as "Queue",
case when kms_master_key_id is not null or sqs_managed_sse_enabled then 'Enabled' else null end as "Encryption",
q.kms_master_key_id as "KMS Key ID",
q.sqs_managed_sse_enabled as "SQS Managed SSE",
a.title as "Account",
q.account_id as "Account ID",
q.region as "Region",
q.queue_arn as "ARN"
from
aws_sqs_queue as q,
aws_account as a
where
q.account_id = a.account_id
order by
q.title;
EOQ
}