Powerpipe
Powerpipe is now the preferred way to run this mod! Migrating from Steampipe →
All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.
Enhancements
- Focus documentation on Powerpipe commands.
- Show how to combine Powerpipe mods with Steampipe plugins.
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#45)
Bug fixes
- Fixed the README to include correct links to the benchmarks. (#47) (Thanks @vil02 for the contribution!)
Enhancements
- Added the following controls to
Public Access
benchmark: (#37)api_gateway_rest_api_policy_prohibit_public_access
backup_vault_policy_prohibit_public_access
cloudwatch_log_resource_policy_prohibit_public_access
codeartifact_domain_policy_prohibit_public_access
codeartifact_repository_policy_prohibit_public_access
efs_file_system_policy_prohibit_public_access
elasticsearch_domain_policy_prohibit_public_access
eventbridge_bus_policy_prohibit_public_access
media_store_container_policy_prohibit_public_access
secretsmanager_secret_policy_prohibit_public_access
Bug fixes
- Fixed the inline query of the
ec2_ami_shared_with_trusted_accounts
control to correctly check if EC2 AMIs are only shared with trusted accounts. (#34)
Bug fixes
- Fixed the inline query of the
kms_key_policy_prohibit_public_access
control to correctly check if KMS key policies allow public access. (#30) - Fixed dashboard localhost URLs in README and index doc. (#29)
What's new?
- Added
tags
as dimensions to group and filter findings. (see var.tag_dimensions) (#25) - Added
connection_name
in the common dimensions to group and filter findings. (see var.common_dimensions) (#25)
What's new?
- New controls added: (#10)
- API Gateway APIs should prohibit public access (
steampipe check control.api_gateway_rest_api_prohibit_public_access
) - Lambda functions should be in a VPC (
steampipe check control.lambda_function_in_vpc
)
- API Gateway APIs should prohibit public access (
Bug fixes
- Fixed the
elb_application_lb_waf_enabled
query to correctly check if application load balancers have WAF enabled or not. (#12)
Dependencies
- AWS plugin
v0.70.0
or higher is now required. (#14)
What's new?
- Added: Network Access benchmark (
steampipe check benchmark.network_access
) - Added: Public Access benchmark (
steampipe check benchmark.public_access
) - Added: Shared Access benchmark (
steampipe check benchmark.shared_access
)