From cafd2034061998173fbd79b24f9c0916c75d1578 Mon Sep 17 00:00:00 2001 From: Jason Turner Date: Wed, 14 Nov 2018 14:19:44 -0800 Subject: [PATCH] Updated check29 to validate against FlowLogId which is valid for both CloudWatch and s3 destinations --- checks/check29 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/check29 b/checks/check29 index 294430f0..3a0b24bc 100644 --- a/checks/check29 +++ b/checks/check29 @@ -17,7 +17,7 @@ CHECK_ALTERNATE_check209="check29" check29(){ # "Ensure VPC Flow Logging is Enabled in all VPCs (Scored)" for regx in $REGIONS; do - CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].LogGroupName' --output text) + CHECK_FL=$($AWSCLI ec2 describe-flow-logs $PROFILE_OPT --region $regx --query 'FlowLogs[?FlowLogStatus==`ACTIVE`].FlowLogId' --output text) if [[ $CHECK_FL ]];then for FL in $CHECK_FL;do textPass "VPCFlowLog is enabled for LogGroupName: $FL in Region $regx" "$regx"