turbot/gcp_compliance

Query: logging_bucket_retention_policy_enabled

Usage

powerpipe query gcp_compliance.query.logging_bucket_retention_policy_enabled

SQL

with logging_sinks as (
select
self_link,
title,
_ctx,
project,
destination
from
gcp_logging_sink
)
select
s.self_link resource,
case
when b.retention_policy is not null and b.retention_policy ->> 'isLocked' = 'true' then 'ok'
else 'alarm'
end as status,
case
when b.retention_policy is not null and b.retention_policy ->> 'isLocked' = 'true'
then s.title || '''s logging bucket ' || b.name || ' has retention policies configured.'
else s.title || '''s logging bucket ' || b.name || ' has retention policies not configured.'
end as reason
, s.project as project
from
gcp_storage_bucket b
join logging_sinks s on (
split_part(s.destination, '/', 1) = 'storage.googleapis.com'
and split_part(s.destination, '/', 2) = b.name
);

Controls

The query is being used by the following controls: