turbot/gcp_compliance

Query: compute_network_dns_logging_enabled

Usage

powerpipe query gcp_compliance.query.compute_network_dns_logging_enabled

SQL

with associated_networks as (
select
split_part(network ->> 'networkUrl', 'networks/', 2) network_name,
enable_logging
from
gcp_dns_policy,
jsonb_array_elements(networks) network
)
select
net.self_link resource,
case
when p.network_name is null then 'alarm'
when not p.enable_logging then 'alarm'
else 'ok'
end as status,
case
when p.network_name is null then net.title || ' not associated with DNS policy.'
when not p.enable_logging then net.title || ' associated with DNS policy with logging disabled.'
else net.title || ' associated with DNS policy with logging enabled.'
end as reason
, project as project
from
gcp_compute_network net
left join associated_networks p on net.name = p.network_name;

Controls

The query is being used by the following controls: