turbot/aws_compliance

Query: dms_replication_task_source_database_logging_enabled

Usage

powerpipe query aws_compliance.query.dms_replication_task_source_database_logging_enabled

Steampipe Tables

SQL

with replication_task_logging as (
select
arn,
bool_or(o ->> 'Id' = 'SOURCE_CAPTURE' and o ->> 'Severity' in ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')) as capture_logging_enabled,
bool_or(o ->> 'Id' = 'SOURCE_UNLOAD' and o ->> 'Severity' in ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')) as unload_logging_enabled
from
aws_dms_replication_task,
jsonb_array_elements(replication_task_settings -> 'Logging' -> 'LogComponents') as o
group by
arn
)
select
t.arn as resource,
(replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool as logging_enabled,
case
when (replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool and l.capture_logging_enabled and l.unload_logging_enabled then 'ok'
else 'alarm'
end as status,
case
when (replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool and l.capture_logging_enabled and l.unload_logging_enabled then title || ' source database logging enabled.'
else title || ' source database logging disabled.'
end as reason
, region, account_id
from
aws_dms_replication_task as t
left join replication_task_logging as l on l.arn = t.arn;

Controls

The query is being used by the following controls: