turbot/aws_compliance

Query: s3_bucket_versioning_and_lifecycle_policy_enabled

Usage

powerpipe query aws_compliance.query.s3_bucket_versioning_and_lifecycle_policy_enabled

Steampipe Tables

SQL

with lifecycle_rules_enabled as (
select
arn
from
aws_s3_bucket,
jsonb_array_elements(lifecycle_rules) as r
where
r ->> 'Status' = 'Enabled'
)
select
b.arn as resource,
case
when not versioning_enabled then 'alarm'
when versioning_enabled and r.arn is not null then 'ok'
else 'alarm'
end as status,
case
when not versioning_enabled then name || ' versioning diabled.'
when versioning_enabled and r.arn is not null then name || ' lifecycle policy configured.'
else name || ' lifecycle policy not configured.'
end as reason
, b.region, b.account_id
from
aws_s3_bucket as b
left join lifecycle_rules_enabled as r on r.arn = b.arn;

Controls

The query is being used by the following controls: