bug: ec2/unused_acls.sql got be 'pass' if 'associations' is null #13765
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
EC2.16 control says:
If the only relationship is the VPC of the network ACL, then the control fails.
'Unused network acl' would mean it does not have any subnet associations.
Expected Behavior
Patch it works:
diff --git a/plugins/source/aws/policies/queries/ec2/unused_acls.sql b/plugins/source/aws/policies/queries/ec2/unused_acls.sql
index ee91bb6fd..3306475c3 100644
--- a/plugins/source/aws/policies/queries/ec2/unused_acls.sql
+++ b/plugins/source/aws/policies/queries/ec2/unused_acls.sql
@@ -4,8 +4,8 @@ select distinct
network_acl_id as resource_id,
case when
a->>'NetworkAclAssociationId' is null
- then 'pass'
- else 'fail'
+ then 'fail'
+ else 'pass'
end as status
from aws_ec2_network_acls left join jsonb_array_elements(aws_ec2_network_acls.associations) as a on true
)
CloudQuery (redacted) config
N/A
Steps To Reproduce
No response
CloudQuery (redacted) logs
N/A
CloudQuery version
main
Additional Context
No response
Pull request (optional)
- I can submit a pull request
Metadata
Metadata
Assignees
Labels
No labels