v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Query: dms_replication_task_target_database_logging_enabled

Usage

powerpipe query aws_compliance.query.dms_replication_task_target_database_logging_enabled

Steampipe Tables

aws_dms_replication_task
Amazon Web Services plugin

SQL

with replication_task_target_apply as (
  select
    arn
  from
    aws_dms_replication_task,
    jsonb_array_elements(replication_task_settings -> 'Logging' -> 'LogComponents') as o
  where
    o ->> 'Id' = 'TARGET_APPLY'
    and o ->> 'Severity' in ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')
), replication_task_target_load as (
  select
    arn
  from
    aws_dms_replication_task,
    jsonb_array_elements(replication_task_settings -> 'Logging' -> 'LogComponents') as o
  where
    o ->> 'Id' = 'TARGET_LOAD'
    and o ->> 'Severity' in ('LOGGER_SEVERITY_DEFAULT', 'LOGGER_SEVERITY_DEBUG', 'LOGGER_SEVERITY_DETAILED_DEBUG')
)
select
  t.arn as resource,
  (replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool,
  case
    when (replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool
      and a.arn is not null
      and l.arn is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when (replication_task_settings -> 'Logging' ->> 'EnableLogging')::bool
      and a.arn is not null
      and l.arn is not null then title || ' target database logging enabled.'
    else title || 'target database logging disabled.'
  end as reason
  
  , region, account_id
from
  aws_dms_replication_task as t
  left join replication_task_target_apply as a on a.arn = t.arn
  left join replication_task_target_load as l on l.arn = t.arn;

Controls

The query is being used by the following controls: