turbot/steampipe-mod-aws-compliance

Control: S3 directory buckets should have lifecycle configurations

Description

This control checks whether lifecycle rules are configured for an S3 directory bucket. The control fails if lifecycle rules aren't configured for the directory bucket, or a lifecycle rule for the bucket specifies expiration settings that don't match the parameter value that you optionally specify.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.s3_directory_bucket_lifecycle_policy_configured

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.s3_directory_bucket_lifecycle_policy_configured --share

SQL

This control uses a named query:

select
arn as resource,
case
when lifecycle_rules is not null then 'ok'
else 'alarm'
end status,
case
when lifecycle_rules is not null then name || ' lifecycle policy configured.'
else name || ' lifecycle policy not configured.'
end reason
, region, account_id
from
aws_s3_directory_bucket;

Tags