Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →

Plugins Docs Home

turbot/steampipe-mod-alicloud-compliance

action_trail_enabled action_trail_oss_bucket_not_public cs_kubernetes_cluster_cloud_monitor_enabled cs_kubernetes_cluster_ipvlan_enabled cs_kubernetes_cluster_log_service_enabled cs_kubernetes_cluster_network_policy_enabled cs_kubernetes_cluster_private_cluster_enabled ecs_disk_encryption_enabled ecs_instance_latest_os_patches_applied ecs_instance_with_no_legacy_network ecs_security_center_agent_installed ecs_security_group_remote_administration ecs_security_group_restrict_ingress_rdp_all ecs_security_group_restrict_ingress_ssh_all ecs_unattached_disk_encryption_enabled log_store_retention_period_365_days manual_control oss_bucket_encrypted_with_byok oss_bucket_encrypted_with_service_key oss_bucket_enforces_ssl oss_bucket_logging_enabled oss_bucket_public_access_blocked ram_account_password_policy_min_length_14 ram_account_password_policy_one_lowercase_letter ram_account_password_policy_one_number ram_account_password_policy_one_symbol ram_account_password_policy_one_uppercase_letter ram_account_password_policy_reuse_5 ram_password_policy_expire_365_or_greater ram_password_policy_expire_90 ram_password_policy_max_login_attempts_5 ram_policy_no_full_wildcard_privileges ram_root_account_mfa_enabled ram_root_account_no_access_keys ram_root_account_unused ram_user_access_key_rotated_90 ram_user_console_access_mfa_enabled ram_user_no_policies ram_user_unused_90 rds_instance_postgresql_log_connections_parameter_on rds_instance_postgresql_log_disconnections_parameter_on rds_instance_postgresql_log_duration_parameter_on rds_instance_restrict_access_to_internet rds_instance_sql_audit_enabled rds_instance_sql_audit_retention_period_180_days rds_instance_ssl_enabled rds_instance_tde_enabled rds_instance_tde_encrypted_with_byok security_center_advanced_or_enterprise_edition security_center_all_assets_installed_with_agent sls_alert_cloud_firewall_changes sls_alert_console_authentication_failures sls_alert_console_signin_without_mfa sls_alert_kms_key_disable_deletion sls_alert_oss_bucket_policy_changes sls_alert_oss_permission_changes sls_alert_ram_role_changes sls_alert_rds_configuration_changes sls_alert_root_account_usage sls_alert_security_group_changes sls_alert_unauthorized_api_calls sls_alert_vpc_changes sls_alert_vpc_route_changes vpc_and_vswitch_flow_log_integrated_with_log_service vpc_flow_logs_enabled

Query: cs_kubernetes_cluster_log_service_enabled

Usage

powerpipe query alicloud_compliance.query.cs_kubernetes_cluster_log_service_enabled

Steampipe Tables

alicloud_cs_kubernetes_cluster

Alibaba Cloud plugin

SQL

with log_service_enabled as (
  select
    cluster_id
  from
    alicloud_cs_kubernetes_cluster
  where
    meta_data -> 'AuditProjectName' is not null
    or meta_data -> 'ControlPlaneLogConfig' -> 'log_project' is not null
    or exists (
      select 1
      from jsonb_array_elements(meta_data -> 'Addons') as a
      where a ->> 'name' = 'loongcollector'
        and (a -> 'config' ->> 'sls_project_name' is not null
             or a ->> 'config' ilike '%sls_project_name%')
    )
)
select
  c.arn as resource,
  case
    when c.state != 'running' then 'skip'
    when ls.cluster_id is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when c.state != 'running' then c.title || ' is in ' || c.state || ' state.'
    when ls.cluster_id is not null then c.title || ' has log service enabled.'
    else c.title || ' does not have log service enabled.'
  end as reason
  
  , c.account_id as account_id, c.region as region
from
  alicloud_cs_kubernetes_cluster c
  left join log_service_enabled ls on c.cluster_id = ls.cluster_id;

Controls

The query is being used by the following controls:

2.4 Ensure Log Service is enabled for Container Service for Kubernetes