yevgenypats/pci_dss_blog.hcl

## pci_dss_blog.hcl
// policy.hcl

policy "pci-dss-v3.2.1" {
    description = "PCI DSS V3.2.1"
    configuration {
        provider "aws" {
            version = ">= v0.5.0"
        }
    }
  .......
    policy "autoscaling" {
        description = "checks for autoscaling"
        query "autoscaling_groups_elb_check" {
            description = "Auto Scaling groups associated with a load balancer should use health checks"
            query = file("queries/autoscaling/autoscaling_groups_elb_check.sql")
        }
    }
}

// queries/autoscaling/autoscaling_groups_elb_check.sql
SELECT "account_id", "region", "arn", "name"
FROM aws_autoscaling_groups
WHERE array_length("load_balancer_names", 1) > 0
AND "health_check_type" IS DISTINCT FROM 'ELB'
	// policy.hcl

	policy "pci-dss-v3.2.1" {
	description = "PCI DSS V3.2.1"
	configuration {
	provider "aws" {
	version = ">= v0.5.0"
	}
	}
	.......
	policy "autoscaling" {
	description = "checks for autoscaling"
	query "autoscaling_groups_elb_check" {
	description = "Auto Scaling groups associated with a load balancer should use health checks"
	query = file("queries/autoscaling/autoscaling_groups_elb_check.sql")
	}
	}
	}

	// queries/autoscaling/autoscaling_groups_elb_check.sql
	SELECT "account_id", "region", "arn", "name"
	FROM aws_autoscaling_groups
	WHERE array_length("load_balancer_names", 1) > 0
	AND "health_check_type" IS DISTINCT FROM 'ELB'