action_trail_enabledaction_trail_oss_bucket_not_publiccs_kubernetes_cluster_cloud_monitor_enabledcs_kubernetes_cluster_ipvlan_enabledcs_kubernetes_cluster_log_service_enabledcs_kubernetes_cluster_network_policy_enabledcs_kubernetes_cluster_private_cluster_enabledecs_disk_encryption_enabledecs_instance_latest_os_patches_appliedecs_instance_with_no_legacy_networkecs_security_center_agent_installedecs_security_group_remote_administrationecs_security_group_restrict_ingress_rdp_allecs_security_group_restrict_ingress_ssh_allecs_unattached_disk_encryption_enabledlog_store_retention_period_365_daysmanual_controloss_bucket_encrypted_with_byokoss_bucket_encrypted_with_service_keyoss_bucket_enforces_ssloss_bucket_logging_enabledoss_bucket_public_access_blockedram_account_password_policy_min_length_14ram_account_password_policy_one_lowercase_letterram_account_password_policy_one_numberram_account_password_policy_one_symbolram_account_password_policy_one_uppercase_letterram_account_password_policy_reuse_5ram_password_policy_expire_365_or_greaterram_password_policy_expire_90ram_password_policy_max_login_attempts_5ram_policy_no_full_wildcard_privilegesram_root_account_mfa_enabledram_root_account_no_access_keysram_root_account_unusedram_user_access_key_rotated_90ram_user_console_access_mfa_enabledram_user_no_policiesram_user_unused_90rds_instance_postgresql_log_connections_parameter_onrds_instance_postgresql_log_disconnections_parameter_onrds_instance_postgresql_log_duration_parameter_onrds_instance_restrict_access_to_internetrds_instance_sql_audit_enabledrds_instance_sql_audit_retention_period_180_daysrds_instance_ssl_enabledrds_instance_tde_enabledrds_instance_tde_encrypted_with_byoksecurity_center_advanced_or_enterprise_editionsecurity_center_all_assets_installed_with_agentsls_alert_cloud_firewall_changessls_alert_console_authentication_failuressls_alert_console_signin_without_mfasls_alert_kms_key_disable_deletionsls_alert_oss_bucket_policy_changessls_alert_oss_permission_changessls_alert_ram_role_changessls_alert_rds_configuration_changessls_alert_root_account_usagesls_alert_security_group_changessls_alert_unauthorized_api_callssls_alert_vpc_changessls_alert_vpc_route_changesvpc_and_vswitch_flow_log_integrated_with_log_servicevpc_flow_logs_enabled
Query: vpc_and_vswitch_flow_log_integrated_with_log_service
Usage
powerpipe query alicloud_compliance.query.vpc_and_vswitch_flow_log_integrated_with_log_serviceSteampipe Tables
SQL
with compliant_flow_logs as ( select resource_id, resource_type, project_name, log_store_name, region, account_id, name as flow_log_name from alicloud_vpc_flow_log where resource_type in ('VPC', 'VSwitch') and status = 'Active' and project_name is not null and project_name != '' and log_store_name is not null and log_store_name != '')select arn as resource, case when fl.resource_id is not null then 'ok' else 'alarm' end as status, case when fl.resource_id is not null then v.title || ' has active flow log "' || fl.flow_log_name || '" integrated with log service (project: ' || fl.project_name || ', logstore: ' || fl.log_store_name || ').' else v.title || ' does not have an active flow log integrated with log service' end as reason , v.account_id as account_id, v.region as regionfrom alicloud_vpc v left join compliant_flow_logs fl on v.vpc_id = fl.resource_id and v.region = fl.region and v.account_id = fl.account_id and fl.resource_type = 'VPC'union allselect 'acs:vpc:' || vs.region || ':' || vs.account_id || ':vswitch/' || vs.vswitch_id as resource, case when fl.resource_id is not null then 'ok' else 'alarm' end as status, case when fl.resource_id is not null then vs.title || ' has active flow log "' || fl.flow_log_name || '" integrated with log service (project: ' || fl.project_name || ', logstore: ' || fl.log_store_name || ').' else vs.title || ' does not have an active flow log integrated with log service.' end as reason , vs.account_id as account_id, vs.region as regionfrom alicloud_vpc_vswitch vs left join compliant_flow_logs fl on vs.vswitch_id = fl.resource_id and vs.region = fl.region and vs.account_id = fl.account_id and fl.resource_type = 'VSwitch';
Controls
The query is being used by the following controls: