bug: security_groups_with_open_critical_ports.sql for multiple ingress rules #13767
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
EC2.19 control.
Current sql does not have grouping by account_id and arn, so same data records got be inserted for aws_policy_result table when a SG has multiple ingress rules.
Expected Behavior
Patch it works:
diff --git a/plugins/source/aws/policies/queries/ec2/security_groups_with_open_critical_ports.sql b/plugins/source/aws/policies/queries/ec2/security_groups_with_open_critical_ports.sql
index 3d1b977a1..3e6d10267 100644
--- a/plugins/source/aws/policies/queries/ec2/security_groups_with_open_critical_ports.sql
+++ b/plugins/source/aws/policies/queries/ec2/security_groups_with_open_critical_ports.sql
@@ -36,5 +36,6 @@ select
or 9300 between from_port and to_port)
then 'fail'
else 'pass'
- end
+ end as status
from view_aws_security_group_ingress_rules
+group bY account_id, resource_id, status
CloudQuery (redacted) config
N/A
Steps To Reproduce
No response
CloudQuery (redacted) logs
N/A
CloudQuery version
main
Additional Context
No response
Pull request (optional)
- I can submit a pull request
Metadata
Metadata
Assignees
Labels
No labels