prowler/checks/check_extra721

#!/usr/bin/env bash

# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
CHECK_ID_extra721="7.21"
CHECK_TITLE_extra721="[extra721] Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra721="NOT_SCORED"
CHECK_ALTERNATE_check721="extra721"

extra721(){
  # "Check if Redshift cluster has audit logging enabled (Not Scored) (Not part of CIS benchmark)"
  for regx in $REGIONS; do
    LIST_OF_REDSHIFT_CLUSTERS=$($AWSCLI redshift describe-clusters $PROFILE_OPT --region $regx --query 'Clusters[*].ClusterIdentifier' --output text)
    if [[ $LIST_OF_REDSHIFT_CLUSTERS ]]; then
      for redshiftcluster in $LIST_OF_REDSHIFT_CLUSTERS;do
        REDSHIFT_LOG_ENABLED=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query LoggingEnabled --output text | grep True)
        if [[ $REDSHIFT_LOG_ENABLED ]];then
          REDSHIFT_LOG_ENABLED_BUCKET=$($AWSCLI redshift describe-logging-status $PROFILE_OPT --region $regx --cluster-identifier $redshiftcluster --query BucketName --output text)
          textPass "$regx: Redshift cluster $redshiftcluster has audit logging enabled to bucket $REDSHIFT_LOG_ENABLED_BUCKET" "$regx"
        else
          textFail "$regx: Redshift cluster $redshiftcluster logging disabled!" "$regx"
        fi
      done
    else
      textInfo "$regx: No Redshift cluster configured" "$regx"
    fi
  done
}