Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The result of the ebs_snapshot_permissions_check.sql is inverted. When snapshots are public or shared to other accounts, the policy result is pass. When they are not shared, the policy result is fail.

Expected Behavior

Policy query results should be fail when an EC2 EBS snapshot is shared publicly or to a separate account. Otherwise result should be pass.

CloudQuery (redacted) config

---
kind: source
spec:
  name: team-daily
  path: cloudquery/aws
  version: "v16.0.1"

  tables:
  - aws_acm_certificates
  # ...
  - aws_waf_web_acls

  destinations: ["postgresql"]
  spec: 
    regions: 
      - "*"
    accounts:
      - id: my-account
        role_arn: "arn:aws:iam::123456789012:role/somerole"
---
kind: destination
spec:
  name: postgresql
  path: cloudquery/postgresql
  version: "v3.0.2"
  spec:
    connection_string: "postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_DATABASE}?sslmode=${DB_SSLMODE}"
  migrate_mode: forced

Steps To Reproduce

1. Create an EBS snapshot and share publicly and/or shared with any external account.
2. Run cloudquery sync against the target AWS account.
3. Execute any policy query that utilizes the ebs_snapshot_permissions_check.sql query.

CloudQuery (redacted) logs

Irrelevant.

CloudQuery version

cloudquery version 2.5.2

Additional Context

No response

Pull request (optional)

• I can submit a pull request

#cu-cit-cloud-team#2