AWS Security Foundational Policy for Snowflake

[yevgenypats]

This issue covers the completion of https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html for Snowflake. Right now we only have 50-60% coverage. We want to achieve at least 80% coverage and for sure to code all the low hanging fruit / easy queries.

All checks are described here: https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html

Reference can bet taken from https://hub.steampipe.io/mods/turbot/aws_compliance/controls/benchmark.foundational_security and https://github.com/turbot/steampipe-mod-aws-compliance/tree/v0.76/foundational_security. Our tables are different and we use python so make sure not to just copy checks as is but rather just see how queries can implemented. Also, sometimes their queries are incorrect but still can serve as good reference/hints.

[jsonpr]

Here's a start with the policies and current coverage: https://www.notion.so/cloudquery/AWS-Foundational-Best-Practices-842f3402417744b9aeac7e8c5feace5d.

High level summary:

Current CQ State:

• 30 Services Covered
• 123 Controls

Current AWS State:

• 38 Services Covered
• 212 Controls

[jsonpr]

Announcement post: https://www.cloudquery.io/blog/announcing-aws-fsbp-policies-snowflake