fix(aws): Unused EIP policy - check associations not instance_ids (#5378)

gavinclarkeuk · web-flow · commit 79907dba2d97 · 2022-12-05T13:51:42.000Z
#### Summary

The unused EIP policy check is generating a lot of false positives because it only checks for association to an EC2 instance. this misses various other valid associations (e.g. NAT Gateways, AWS Transfer servers).

&lt;!--
diff --git a/plugins/source/aws/policies/queries/ec2/eips_unused.sql b/plugins/source/aws/policies/queries/ec2/eips_unused.sql
@@ -7,4 +7,4 @@ select :'execution_time' as execution_time,
        allocation_id     as resource_id,
        'fail'            as status
 from aws_ec2_eips
-where instance_id is null
+where association_id is null
