Describe the bug
This query will not properly report if a configuration recorder is enabled in a region, as it will always report alarm even if a configuration recorder is setup correctly in that region, if the region is not included in the aws.spc connection file.

Steampipe version (steampipe -v)
v0.5.0

Plugin version (steampipe plugin list)
aws v0.18.0

To reproduce

• Create a configuration recorder in us-west-1 and configure it so:

  recording_group -> 'IncludeGlobalResourceTypes' = 'true'
  and recording_group -> 'AllSupported' = 'true'
  and status ->> 'Recording' = 'true'
  and status ->> 'LastStatus' = 'SUCCESS'
  

• Do not include us-west-1 in the regions argument in aws.spc
• Run the query

Expected behavior
The query should return ok instead of alarm

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the DMS benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with DMS controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-ssm-1

Describe the solution you'd like
Add the Config benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run a benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with ACM controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run theS3 benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement S3 benchmark..

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the SNS benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with SNS controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
PCI v3.2.1 cloudtrail.3 & cloudtrail.4 benchmark and controls should have supporting documents.

Describe the solution you'd like
Add documents for PCI v3.2.1 cloudtrail.3 & cloudtrail.4 benchmark and controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Aws foundational security best practices benchmarks and controls should have supporting documents for IAM section.

Describe the solution you'd like
Add documents for aws foundational security best practices IAM benchmark and controls section.

Describe alternatives you've considered
N/A

Additional context
N/A

Is your feature request related to a problem? Please describe.
I'd like to be able to run the DynamoDB benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement DynamoDB benchmark.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the GuardDuty control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-guardduty-1

Describe the solution you'd like
Add the GuardDuty benchmark and related controls.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Update README image links

Is your feature request related to a problem? Please describe.
Aws foundational security best practices benchmarks and controls should have supporting documents for ElasticSearch.

Describe the solution you'd like
Add documents for aws foundational security best practices es.1,es.2 & es.3 benchmark and controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the SecretsManager benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement SecretsManager benchmark.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the Lambda benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement Lambda benchmark.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-config-1

Describe the solution you'd like
Add the Config benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the EC2 benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement EC2 benchmark.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
we're currently missing the S3.3 control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-s3-3

Describe the solution you'd like
Add the S3.3 control

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the CW control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-cw-1

Describe the solution you'd like
Add the CW benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
Add arn for REST API stages

Describe the solution you'd like

Describe alternatives you've considered

Additional context
N/A

Is your feature request related to a problem? Please describe.
Aws foundational security best practices benchmarks and controls should have supporting documents for S3 section.

Describe the solution you'd like
Add documents for aws foundational security best practices S3 benchmark and controls section.

Describe alternatives you've considered
N/A

Additional context
N/A

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug

select * from aws_appautoscaling_target;
Error: 'List' call requires an '=' qual for column: service_namespace

Steampipe version (steampipe -v)
Example: v0.5.0

Plugin version (steampipe plugin list)
AWS: v0.18.0

To reproduce

Expected behavior
No errors

Additional context
N/A

Is your feature request related to a problem? Please describe.
We're currently missing the ELBV2 control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-elbv2-1

Describe the solution you'd like
Add the ELBV2 benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Update autoscaling_group_with_lb_use_healthcheck to check only autoscaling groups that are associated with load balancer. (PCI.AutoScaling.1)

Steampipe version (steampipe -v)
0.5.0

Plugin version (steampipe plugin list)
v0.18.0

To reproduce

Expected behavior
It should check the autoscaling groups that are associated with load balancers, not all the autoscaling groups.

Additional context

Is your feature request related to a problem? Please describe.
I'd like to be able to run the EFS benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with EFS controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the Redshift control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-redshift-1

Describe the solution you'd like
Add the Redshift benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the RDS control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-rds-1

Describe the solution you'd like
Add the RDS benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the Elasticsearch (ES) benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement ES benchmark.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-sagemaker-1

Describe the solution you'd like
Add the Config benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the Config benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with Config controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-es-1

Describe the solution you'd like
Add the ES benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the CloudTrail benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with CloudTrail controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

• Remove ## Rationale section
• Fix incorrect newline spacing
• Add documentation arguments for controls missing it

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the IAM benchmark for the AWS Foundational Security Best Practices framework

Describe the solution you'd like
Implement IAM benchmark.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
I'd like to be able to run the ELB benchmark for the AWS Foundational Security Best Practices framework.

Describe the solution you'd like
Implement the benchmark, starting with ELB controls.

Describe alternatives you've considered
N/A

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the S3 control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-s3-1

Describe the solution you'd like
Add the S3 benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the EC2.3 control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-ec2-3

Describe the solution you'd like
Add the EC2.3 control

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
We're currently missing the CodeBuild control from https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-controls.html#pcidss-codebuild-2

Describe the solution you'd like
Add the CodeBuild benchmark and related controls

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
The CIS 3.5 control requires that only one region has includeGlobalResourceTypes enabled. However, this check appears to fail unless includeGlobalResourceTypes is true in every region.

Steampipe version (steampipe -v)
0.5.0

Plugin version (steampipe plugin list)
hub.steampipe.io/plugins/turbot/aws@latest | 0.18.0 | aws

To reproduce

1. Enable AWS Config in every region of the account and ensure that recording is enabled and status is successful.
2. In exactly one region, ensure includeGlobalResourceTypes is true.
3. Run steampipe check benchmark.cis_v130
4. Note that the output shows ALARM state for every region except the region where includeGlobalResourceTypes is true.

ALARM: eu-north-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ................................................ eu-north-1 000476352289
ALARM: us-east-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. us-east-1 000476352289
ALARM: me-south-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ................................................ me-south-1 000476352289
ALARM: ap-northeast-2 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ........................................ ap-northeast-2 000476352289
ALARM: ca-central-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ............................................ ca-central-1 000476352289
ALARM: us-west-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. us-west-1 000476352289
OK   : us-west-2 IncludeGlobalResourceTypes enabled, AllSupported enabled, Recording enabled and LastStatus is SUCCESS. ......................................................... us-west-2 000476352289
ALARM: ap-northeast-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ........................................ ap-northeast-1 000476352289
ALARM: ap-east-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. ap-east-1 000476352289
ALARM: ap-southeast-2 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ........................................ ap-southeast-2 000476352289
ALARM: us-east-2 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. us-east-2 000476352289
ALARM: eu-west-2 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. eu-west-2 000476352289
ALARM: ap-southeast-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ........................................ ap-southeast-1 000476352289
ALARM: sa-east-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. sa-east-1 000476352289
ALARM: eu-south-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ................................................ eu-south-1 000476352289
ALARM: eu-central-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ............................................ eu-central-1 000476352289
ALARM: ap-northeast-3 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ........................................ ap-northeast-3 000476352289
ALARM: eu-west-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. eu-west-1 000476352289
ALARM: ap-south-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ................................................ ap-south-1 000476352289
ALARM: af-south-1 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. ................................................ af-south-1 000476352289
ALARM: eu-west-3 IncludeGlobalResourceTypes disabled, AllSupported disabled, Recording disabled and LastStatus is not SUCCESS. .................................................. eu-west-3 000476352289

Expected behavior
As long as one region has IncludeGlobalResourceTypes enabled, all regions should report OK.

Is your feature request related to a problem? Please describe.
N/A

Describe the solution you'd like
N/A

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
For queries that check if certain account password policy settings are configured, if no policy is set, they should move to alarm instead of ok as the password policy isn't them.

Steampipe version (steampipe -v)
v0.5.0

Plugin version (steampipe plugin list)
aws v0.17.0

To reproduce

• Delete the account password policy if it exists
• Run the iam_account_password_policy_reuse_24 query

Expected behavior
The query should return ok

Additional context
Add any other context about the problem here.