From bacdf6ed2256de53a9e2d3aac5779a14c7381b07 Mon Sep 17 00:00:00 2001
From: Affan Malik <amalik@prontoforms.com>
Date: Wed, 12 Dec 2018 15:09:31 -0500
Subject: [PATCH] Check for flowlogs only in active VPCs, avoid false flag if a
 region has no VPCs

---
 checks/check29 | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/checks/check29 b/checks/check29
index 3a0b24bc..c92542b0 100644
--- a/checks/check29
+++ b/checks/check29
@@ -15,15 +15,18 @@ CHECK_TYPE_check29="LEVEL2"
 CHECK_ALTERNATE_check209="check29"
 
 check29(){
-  # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"
+  # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)"  
   for regx in $REGIONS; do
-    CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].FlowLogId' --output text)
-    if [[ $CHECK_FL ]];then
-      for FL in $CHECK_FL;do
-        textPass "VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"
-      done
-    else
-      textFail "No VPCFlowLog has been found in Region $regx" "$regx"
-    fi
+    AVAILABLE_VPC=$($AWSCLI ec2 describe-vpcs $PROFILE_OPT --region $regx --query 'Vpcs[?State==`available`].VpcId' --output text)
+    for vpcx in $AVAILABLE_VPC; do
+      CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`||ResourceId==`${vpcx}`].FlowLogId' --output text)
+      if [[ $CHECK_FL ]];then
+        for FL in $CHECK_FL;do
+          textPass "VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"
+        done
+      else
+        textFail "No VPCFlowLog has been found in Region $regx" "$regx"
+      fi      
+    done
   done
 }